desktop linux security (was Re: Is my computer safe enough if I use just iptables?
Harry Hoffman
hhoffman at ip-solutions.net
Fri Oct 15 18:18:32 UTC 2004
Ok,
Hence the levels of paranoia (Do what you feel comfortable with).
If you don't know how to do something you should probably read about it.
I'm now quite sure what you disagree with? The personal proxy? The
firewall settings?, what?
Your ideas are vagaries at best? Only install what you need? If the
person is a complete newbie how will they know what they need?
If you select to use iptables during the install then it's turned on by
default.
What about tripwire...? Because that'll be real intuitive for a newbie.
The point is that in order to be safe you must know what you are doing.
If you haven't a clue that you must start small and work your way up to
the truly paranoid ;-)
--Harry
Marius Andreiana wrote:
> On Fri, 2004-10-15 at 09:29 -0400, Harry Hoffman wrote:
>
>>Simply put *NO* you are not safe enough. At the very least I would run a
>>personal proxy (such as privoxy).
>>
>>A bit more paranoid... Turn off java and javascript. Prompt for all
>>cookies and then only allow them to be session cookies.
>>
>>Even more paranoid... Setup your iptables to DROP by default INPUT and
>>OUTPUT. Log the OUTPUT attempts and decide what should be passed (That
>>way any "funny business" is less likely to happen).
>
> I disagree with these. What home user would do this and then still have
> time to browse properly and use the computer?
>
> Real-life steps:
> 1. install only needed software. Don't perform an "everything" install
> if you don't need everything.
> 2. enable firewall in anaconda at install time. Don't enable any ports
> if you don't need them
> 3. System Settings -> Server Settings -> Services. Enable iptables, look
> at others if they are needed.
> 4. Install tripwire from fedora extras
> 5. skim through root's mails (tripwire, logwatch)
>
> Suggestions welcome.
>
More information about the fedora-list
mailing list