[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: desktop linux security (was Re: Is my computer safe enough if I use just iptables?



Ok,

Hence the levels of paranoia (Do what you feel comfortable with).
If you don't know how to do something you should probably read about it. I'm now quite sure what you disagree with? The personal proxy? The firewall settings?, what?


Your ideas are vagaries at best? Only install what you need? If the person is a complete newbie how will they know what they need?

If you select to use iptables during the install then it's turned on by default.

What about tripwire...? Because that'll be real intuitive for a newbie.

The point is that in order to be safe you must know what you are doing. If you haven't a clue that you must start small and work your way up to the truly paranoid ;-)

--Harry

Marius Andreiana wrote:
On Fri, 2004-10-15 at 09:29 -0400, Harry Hoffman wrote:

Simply put *NO* you are not safe enough. At the very least I would run a personal proxy (such as privoxy).

A bit more paranoid... Turn off java and javascript. Prompt for all cookies and then only allow them to be session cookies.

Even more paranoid... Setup your iptables to DROP by default INPUT and OUTPUT. Log the OUTPUT attempts and decide what should be passed (That way any "funny business" is less likely to happen).

I disagree with these. What home user would do this and then still have time to browse properly and use the computer?

Real-life steps:
1. install only needed software. Don't perform an "everything" install
if you don't need everything.
2. enable firewall in anaconda at install time. Don't enable any ports
if you don't need them
3. System Settings -> Server Settings -> Services. Enable iptables, look
at others if they are needed.
4. Install tripwire from fedora extras
5. skim through root's mails (tripwire, logwatch)

Suggestions welcome.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]