"No, don't rely on it AT ALL and that includes relying on a firewall."I agree you shouldn't rely on a firewall, but using one isn't a bad thing. If you have a service listed in /etc/hosts.allow to only allow computer X access to port Y, AND have it listed in your firewall configurations, then that is much better than only one or the other.The reason for this is if your firewall has a bug in it that allows an attacker to bypass that check, or if the kernel has a similar bug, then it would be less likely for you to be actually exploited, since BOTH have to occur in order for an attacker to even access said service.
Quote: In the Windows world, few Win users know how to or care to lock down their systems. That's pretty much why Windows has a bad rep.Ummm.... No. Windows is shot so full of holes as to make it look and smell like Swiss cheese. You can "secure" all the accounts, etc. that you want. Windows is still quite vulnerable.
I never said I don't know how to use iptables, or recommended the reader to neglect it, on the contrary, I linked to a detailed howto. And I don't think iptables can be called user-friendly, so I linked to frontends that are easier to deal with.
I liked this article, but wished that it went into detail regarding locking down single user mode as well as X11/XORG and permissions. For those who really want a relatively secure system, Trustix is alright. FreeBSD (after locking it down- ie. kernel secure levels, services, etc...) is my favorite.
aeiriMar 7, 2006
"No, don't rely on it AT ALL and that includes relying on a firewall."I agree you shouldn't rely on a firewall, but using one isn't a bad thing. If you have a service listed in /etc/hosts.allow to only allow computer X access to port Y, AND have it listed in your firewall configurations, then that is much better than only one or the other.The reason for this is if your firewall has a bug in it that allows an attacker to bypass that check, or if the kernel has a similar bug, then it would be less likely for you to be actually exploited, since BOTH have to occur in order for an attacker to even access said service.
perljunkieMar 7, 2006
Quote: In the Windows world, few Win users know how to or care to lock down their systems. That's pretty much why Windows has a bad rep.Ummm.... No. Windows is shot so full of holes as to make it look and smell like Swiss cheese. You can "secure" all the accounts, etc. that you want. Windows is still quite vulnerable.
aymanMar 8, 2006
I never said I don't know how to use iptables, or recommended the reader to neglect it, on the contrary, I linked to a detailed howto. And I don't think iptables can be called user-friendly, so I linked to frontends that are easier to deal with.
karudzoMar 8, 2006
I liked this article, but wished that it went into detail regarding locking down single user mode as well as X11/XORG and permissions. For those who really want a relatively secure system, Trustix is alright. FreeBSD (after locking it down- ie. kernel secure levels, services, etc...) is my favorite.
aymanMar 8, 2006
OK, I wasn't familiar with that IP notation, fixed now.