On Lu, 03 ian 11, 09:55:45, Russell L. Harris wrote: > > > But if you do only web browsing and email and don't run any > > web-facing services you should be fine anyway. > > I do not understand; what is a "web-facing service"? For example a web server (apache) or some other services accessible from outside (ftp, ssh, file-sharing, ...). A counter-example would be cups (the print server) which by default only accepts connections from the same machine. > > The major threats are web browser security holes (update often) > > especially through flash and java plug-ins, and pdf. > > Flash and java are in most web pages. Does a firewall not protect > against these threats? or are browser updates necessary even with a > firewall?
A firewall is just an additional layer of protection against possible intruders, but it will not protect you against malware that affects programs which access the internet "over" the wall (like browsers and other *client* software) or software listening behind doors (ports) which you have opened on purpose, to make that software (service) accessible from the internet (like the web server above). > > Hosting windows virus in mails attachments can also be a problem if > > you have win machines on the lan, virus scanner clamav can help > > here. > > This is a Window$-free environment. As long as you don't run programs from outside Debian you can be 99,...% sure that your own software doesn't play ugly tricks on you, as many proprietary softwares do. Unfortunately the Adobe flash plugin is not from Debian (even though you can install it with the flashplugin-nonfree helper package from contrib) and has had vulnerabilities in the past :( > > Firewall alone won't protect you from man in the middle and such > > niceties on open untrusted networks. > > Understood. This need is for socializing around the table at > StarBucks, Internet cafes, etc. Maybe you could go into details about what software you are using, in order to get more specific recommendations. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
signature.asc
Description: Digital signature