 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Thu, Oct 24, 2002 at 11:48:47AM -0400, David Kramer wrote:
> What I'm trying to point out here is that it's easy to say "well, I
> don't have any important data on my machine hooked up to a
> cablemodem or DSL line, so I don't need a firewall", but that
> doesn't mean your machine can't be used by hackers to hurt others.
You are confusing "firewall" with "secure machine". The two are not
the same. I agree it is important to run a secure machine to avoid
becoming a zombie that could be used to attack others.
On my basement server I have done my best to unblock all incoming
ports (though Galaxy DSL apparently can't manage this). The router
they supply does do network address translation, providing some
protection for internal machines other than the server (which is
supposed to get incoming packets).
But last night, after I had gone upstairs for the night, I went back
downstairs to turn off the kitchen computer; I had recently installed
Red Hat 7.2 (experimenting with raid, wanted to see how 7.2 behaves)
but had not installed the security updates. Sure, it was behind a bit
of a firewall, but firewalls are not perfect. No reason to leave it
up for hours and hours of possible probing.
What is a regular user ("civilian") supposed to do? First, and
obviously, be aware of the problem. If this requires some threats of
liability for those who put computers on the internet that later are
used to inflict damage on others, then maybe that is what it takes.
Users do have some choices here. They can keep their operating system
up to date. They can choose an operating system that is more secure!
(Yes, there is a world outside of that created by Microsoft--but I
guess we know that.) Red Hat, the distribution I know best, is quite
secure these days in its various defaut installations, providing one
keeps it up to date.
How up to date is your firewall? How complete is its protection when
it is working correctly? ... You had better have your computer up to
date too, and if you do, the need for a firewall is much less. A
firewall that offers a false sense of security is possibly worse than
no firewall.
-kb, the Kent who this morning has already checked for any updates his
basement server might need--and there weren't any.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
