Andrew Sackville-West wrote in Article <[EMAIL PROTECTED]> posted to gmane.linux.debian.user:
> On Wed, Jun 13, 2007 at 11:08:39PM -0700, Mike McClain wrote: >> I saw this on usenet and wonder about the validity of this statement. >> >> 'Seriously any system is as secure as the services you export, if you >> have nothing listening that can do you harm you are secure...' >> >> Disregarding email exploits and exploits through your browser is this >> true? Assume the hardware is inviolate. >> Thoughts? > > a port with a listening service is like a locked door with a doorman > inside waiting to open it for whoever knocks. If they know the > codeword he'll open it for them. That's how port-knocking[1] works. > So the service (as the doorman) determines how serious the security risk > is at the port (door). Well, in theory, yes. The problem with this formula is that some services are promiscuous and don't care who they serve to (http, finger, gopher, etc). > If there is no service listening at the port, then there is no way to open > that port. Outbound connections require ports, too! > Of course, since you are running Debian, there are no windows for > things to climb through and open the door from the inside. ;) Don't say things like that. What you just said there is like a Windows user saying, "Why should I stay patched and run antivirus software? It's not like I use this computer for anything serious..." -- Paul Johnson Email and IM (XMPP & Google Talk): [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
