Linked by Igor Ljubuncic on Mon 21st Jun 2010 09:35 UTC
Privacy, Security, Encryption I've bored the readers of my personal website to death with two rather prosaic articles debating the Linux security model, in direct relation to Windows and associated claims of wondrous infections and lacks thereof. However, I haven't yet discussed even a single program that you can use on your Linux machine to gauge your security. For my inaugural article for OSNews, I'll leave the conceptual stuff behind, and focus on specific vectors of security, within the world of reason and moderation that I've created and show you how you can bolster a healthy strategy with some tactical polish, namely software.
Thread beginning with comment 430931
To view parent comment, click here.
To read all comments associated with this story, please click here.
Soulbender
Member since:
2005-08-18

Even if SSH wasn't so wonderfully useful

Yep, SSH is awesome.

I'd still recommend firewall rules if only to detect port scanning and other network oddities.


Why bother? If you're connected to the internet you're going to get port scanned and probed. It's a fact, you don't need a packet filter to tell you that.
Heck, you're probably getting scanned and probed so often that that logs will be too big to be useful.

If it has a network connection, it should have a firewall in place.

Firewalls are over-rated, both on workstations and standalone gateways.

Off-topic but this is especially common in corporate environments where many managers seem to think that firewalls (especially Cisco ones) are magic amulets that will protect you from all evil.

Reply Parent Score: 2

jabbotts Member since:
2007-09-06

True, on there own packet filtering isn't going to cure all. You will also see a lot of noise if connected directly to the internet. If the user is behind a router, that notice of network noise may be a sign of issues within the local area though. A friend is visiting and suddenly I'm getting port scans and other network oddities; I ask them if they are playing with my network or have an infection that needs to be addressed. My user's network is behind a router but they call asking about popups or see oddities in the logs; I start looking at the other machines inside the network.

I'm not the average user though as all my machines at home that can, have IDS on and watching each other. Someone may pop one of my machines but you can bet there are going to be "witnesses" that see the mugging and report back to root.

I figure it's already there in the kernel and the setup isn't hard enough to justify not doing at least a three way handshake and a couple of drop all rules.

Reply Parent Score: 2

license_2_blather Member since:
2006-02-05

Firewalls are over-rated, both on workstations and standalone gateways.

Off-topic but this is especially common in corporate environments where many managers seem to think that firewalls (especially Cisco ones) are magic amulets that will protect you from all evil.


Overrated, maybe. Over-relied-upon, definitely. But they have value. At least a few Windows remote exploits were preventable or otherwise mitigated by using a firewall (maybe Linux ones, too). And they help in a defense-in-depth strategy. They might also help some less-skilled Windows users detect network-accessing malware (though the false alarms often generated diminish the advantage there).

Reply Parent Score: 1