On Tue, 8 Jan 2002 22:08:30 -0500 (EST), Steve <[EMAIL PROTECTED]> wrote:
> On Tue, 8 Jan 2002, Glenn McCorkle wrote: >> > One glaring shortcoming is the section on security. >> > True, if you follow their suggestion to disable all >> > services, you're pretty secure... but if you do that, >> > you're throwing away a good deal of what makes Linux >> > such a great OS. >> OK... >> I have heard this statement from others as-well. >> Could you possibly name some of the services you are reffering to? > As you get into Linux more, you'll discover the desire > to run servers... possibly a web server, or maybe an ftp > server, or how about a simple news server. Maybe allow > friends to log onto your machine using ssh, or hie back > to bygone days by running a gopher server. ;-) >> And then explain what it is that the "average user" would be >> thowing away by not using those sevices ? > The most common server with a known exploit is lpd: > http://www.cert.org/advisories/CA-2001-30.html > IOW, if you have a printer, you'll be running a print > server. If you don't know how to put it behind a > firewall, or even that you may need to, you're exposing > yourself to the very real probability that someone will > gain control of your machine. Yes, I have a printer. Yes, The print server is started every time I boot into Linux. How is someone else going to access my machine through *only* my print server? No. I do not have any of the other "servers" running. (no ftp, no http, no news) Since this machine is not connected to the internet or to an intranet via a "server" of any kind. It only connects when I choose to do so. And then ONLY with pppd and a web browser/eMail client. (I do not use either fetchmail or sendmail) Unless someone else sits in THIS chair and uses THIS keyboard. THIS machine is 100% safe from attack. Q: What have I "thown away" by not allowing others to access my machine via an HTTP or FTP server? A: Nothing. -- Glenn http://arachne.cz/ http://freedos-32.sourceforge.net/ http://www.delorie.com/listserv/mime/ http://www.angelfire.com/id/glenndoom/download.htm
