On Nov 20, 3:20 pm, Sthu Deus wrote:
> Good time of the day.
>
> I'm concerned on safety of install over network (the netinst) - what
> techniques are used to protect the installed system during the very
> process of installation?
>
a single machine connected to the internet:
moving to
cd /usr/lo
Brian wrote:
> Sthu Deus wrote:
> > My pondering/suggestions here:
> >
> > 1. You agree that it is a good thing to be firewalled for the being
> > installed system - so in case there is no firewall already for it, then
> > it would be still good to have one in the install environment.
Not the way
On Wednesday 23 November 2011 15:14:40 Curt wrote:
> > For static you do something like this:
> >
> > iface eth0 inet static
> > address 192.168.1.5
> > netmask 255.255.255.0
> > gateway 192.168.1.254
>
> And then dhclient is no longer "called," the daemon won't run anymore,
> or do I have
On Wed 23 Nov 2011 at 15:14:40 +, Curt wrote:
> On 2011-11-23, Kelly Clowers wrote:
> >>
> > For static you do something like this:
> >
> > iface eth0 inet static
> > address 192.168.1.5
> > netmask 255.255.255.0
> > gateway 192.168.1.254
>
> And then dhclient is no longer "called,"
On Wed 23 Nov 2011 at 14:30:31 +, Curt wrote:
> Thank you. Is that the default when you install cups, just out of
> curiosity? It seems like there was a time when you had to do something
> to insure that the daemon wouldn't allow network printing.
It's the default.
> What about this:
>
> h
On 2011-11-23, Kelly Clowers wrote:
>>
>> I trust the server, I guess; it's my ISP, so I really have to trust
>> them way above and beyond whatever dhclient can or cannot do. I could
>> set up a static address for the interface (if I knew how--I do have a
>> static address). Where does that go?
On Wed, Nov 23, 2011 at 06:30, Curt wrote:
>
> I trust the server, I guess; it's my ISP, so I really have to trust
> them way above and beyond whatever dhclient can or cannot do. I could
> set up a static address for the interface (if I knew how--I do have a
> static address). Where does that go
On 2011-11-22, Osamu Aoki wrote:
>
> Anyway, read good source.
> http://www.debian.org/doc/user-manuals#securing
> http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
Thank you for the links.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of
On 2011-11-23, Brian wrote:
>
> You don't want to run a firewall because it will be of no benefit to
> you. The CUPS daemon will only accept print jobs from the machine the
> printer is connected to. dhclient is what its name says - a client. It
Thank you. Is that the default when you install cu
On Wed 23 Nov 2011 at 11:57:57 +, Curt wrote:
> einstein:/home/curty# lsof -i
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> cupsd1778 root5u IPv6 43230 0t0 TCP localhost:ipp (LISTEN)
> cupsd1778 root7u IPv4 43231 0t0 TCP localhost:ipp (LISTEN)
On 2011-11-22, Sthu Deus wrote:
>
> My opinion is this: to disable any queries to Your host by iptables
> and/or xinit from outside world and then purge the packages You do not
> need.
>
This is a stand alone machine that's not supposed to be offering any
services whatsoever to the outside world.
On Wed 23 Nov 2011 at 13:50:53 +0700, Sthu Deus wrote:
> My pondering/suggestions here:
>
> 1. You agree that it is a good thing to be firewalled for the being
> installed system - so in case there is no firewall already for it, then
> it would be still good to have one in the install environment
Big thanks, Bob, for Your extended answer:
>The only external remotely accessible service available in the
>installer kernel are ICMP services such as ping. AFAIK. You can ping
>the system. Ping is a very useful diagnostic tool and is not
>disabled. The network code responding to ping is in th
Sthu Deus wrote:
> Thank You for Your time and answer, Bob. Beside other things You wrote:
>
> > Plus most people install on a private network behind a firewall from
> > the Internet. This protects them from network attacks from the
> > Internet. As long as your local private network is not comp
On Mon, Nov 21, 2011 at 04:34:26PM +, Curt wrote:
> On 2011-11-21, Osamu Aoki wrote:
> >
> > But seriously, Debian is configured as a quite secure system at any time
> > unless you make stupid configuration yourself. So it is quite safe.
> >
>
> Would you be so kind as to explain to me what
Curt wrote:
>Would you be so kind as to explain to me what ports/services are
>open and listening on a default install of Debian Squeeze (if any) and
>if there are any security implications for the novice user or
>"hardening" to be performed on a default install (in relation to
>listening daemons)
Thank You for Your time and answer, Bob. Beside other things You wrote:
>Plus most people install on a private network behind a firewall from
>the Internet. This protects them from network attacks from the
>Internet. As long as your local private network is not compromised
Can You explain, What
On Mon, 21 Nov 2011 09:14:54 +0200, Andrei Popescu wrote:
> On Du, 20 nov 11, 18:10:34, Camaleón wrote:
>>
>> I've never faced a security problem when installing over the network
>
> How can you tell? ;)
gOOd catCh.
(Mmm... what happens with my keyboard? Seems like someone is typing on
behalf
On 2011-11-21, Osamu Aoki wrote:
>
> But seriously, Debian is configured as a quite secure system at any time
> unless you make stupid configuration yourself. So it is quite safe.
>
Would you be so kind as to explain to me what ports/services are
open and listening on a default install of Debian
Hi,
On Mon, Nov 21, 2011 at 12:13:41AM +0700, Sthu Deus wrote:
> Good time of the day.
>
>
> I'm concerned on safety of install over network (the netinst) - what
> techniques are used to protect the installed system during the very
> process of installation?
instalation data is transmitted via
Sthu Deus wrote:
> Things I consider are these (during the installation):
> . I have working connection
Yes. But the simple presence of a network is not a security
vulnerability.
> . I have at least working kernel and later diver services that are
> configured and started during the install
Tho
On Du, 20 nov 11, 18:10:34, Camaleón wrote:
>
> I've never faced a security problem when installing over the network
How can you tell? ;)
> (Internet) and take no additional countermeasures but ensuring the net
> ISO checksum for the image I have downloaded is okay.
>
> A compromised mirror c
Thank You for Your time and answer, Camaleón:
>> I'm concerned on safety of install over network (the netinst) - what
>> techniques are used to protect the installed system during the very
>> process of installation?
>
>System is still not installed so what are you afraid of? :-?
>
>> Or it includ
2011/11/20 Sthu Deus :
> Good time of the day.
>
>
> I'm concerned on safety of install over network (the netinst) - what
> techniques are used to protect the installed system during the very
> process of installation?
>
> Or it includes some risk for the install and therefore media (kind of
> disk
On Mon, 21 Nov 2011 00:13:41 +0700, Sthu Deus wrote:
> I'm concerned on safety of install over network (the netinst) - what
> techniques are used to protect the installed system during the very
> process of installation?
System is still not installed so what are you afraid of? :-?
> Or it includ
Good time of the day.
I'm concerned on safety of install over network (the netinst) - what
techniques are used to protect the installed system during the very
process of installation?
Or it includes some risk for the install and therefore media (kind of
disk) is a preferred installation method?
26 matches
Mail list logo
