Re: IT Survival on Linux.

• Previous message: Bill Unruh: "Re: Bootable CD?"
• In reply to: Sybren Stuvel: "Re: IT Survival on Linux."
• Next in thread: Michael Heiming: "Re: IT Survival on Linux."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 10 Mar 2004 07:32:21 GMT

On Tue, 09 Mar 2004 19:34:55 +0000, Sybren Stuvel wrote:

> 1) Only run the services you need to run. 2) Firewall all incoming
> connections instead of those you approve. 3) Update your distribution
> regularly. 4) Get a brain.

Don't install anything from z0m3.1337.cr4k3r.zi73.com or any other
untrusted source. But that may be a part of point 4

> Generally, people should be able to live without a firewall. A regular
> box doesn't need to run any services, and thus have no open listening
> ports anyway. Viruses aren't of any issue either.

How is this from a performance viewpoint? The internet is full of junk
traffic that may affect your machine (especially when the MS worm de jour
is wreaking havoc). How much overhead does an iptables "this is from the
outside, drop it" rule have compared to processing the package and looking
for listening ports?

Anyway I don't think a firewall can hurt, its kind of the same thing that
most people don't _need_ an airbag in their car, but once you suddenly do
it's too late to get one and having one would be _really_ nice.

Making a program that listens on a port is easy (anything I have ever done
is by definition easy :D ). Easier than knowing when it's appropriate to
use "local" sockets. So we could assume that there are a lot of programs
out there that listen on some port without needing to, and since it's not
obvious to the user (since that program doesn't use the internet) that
it's listening the user may not take precautions.

Those users with linux machines are frequently past the one single machine
stage. And may want to run some services between the machines (such as
nfs, samba, ssh, nis).

When it comes to firewalling for home users (that doesn't want to mess
with iptables, forwarding and NAT) is to buy one of those combined
router/fw thingies. The firewalls are "primitive" but putting one of these
at the network border gives you NAT and blocking of all incoming
connections without any work.

-- 
NPV
"the large print giveth, and the small print taketh away"
                                Tom Waits - Step right up

• Previous message: Bill Unruh: "Re: Bootable CD?"
• In reply to: Sybren Stuvel: "Re: IT Survival on Linux."
• Next in thread: Michael Heiming: "Re: IT Survival on Linux."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]