Paul Johnson wrote: > On Sat, Dec 07, 2002 at 09:20:08PM +0100, Frank Gevaerts wrote: > > What I would do (I don't since I have a dedicated firewall machine) is : > > - close all unneeded services > > Better yet, not just close, purge them.
Yes, absolutely. If you have no need for any piece of software, why not just get rid of it entirely? > > - install a firewall that just drops any incoming connection from your > > cable-connected ethernet interface. > > The security gained with this step is epsilon under Linux if you don't > have services that aren't needed installed. There may be services that are needed locally, but which should not accept connections from outside the LAN. These services should be configured to listen only on the internal interface. A firewall is still of some value, however, to protect against mistakes in service configuration (or the possibility of an upgrade causing a service's behavior to change unexpectedly). These are incremental steps of security; if the firewall protects you against errors in service configuration (or bugs in services that cause them to listen to all interfaces even when they've been told not to), and service configuration protects against errors in the firewall, then you can feel more confident of your security than you ought to with either technique alone. Craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
