Russell L. Harris: > * tv.deb...@googlemail.com <tv.deb...@googlemail.com> [110103 09:24]: > >> But if you do only web browsing and email and don't run any >> web-facing services you should be fine anyway. > > I do not understand; what is a "web-facing service"?
It is a program accepting random connections from arbitrary source addresses ("the internet"), like a web/FTP/mail server. In order to check which programs listens on which port, post the output from 'netstat -tulpn' (run as root). You should be aware that most people in here translate "firewall" as "packet filter". Configuring a packet filter requires knowledge of TCP/IP networking, so if you don't understand the term above, but still feel the need to "secure" your system, you will need to learn about that. >> The major threats are web browser security holes (update often) >> especially through flash and java plug-ins, and pdf. > > Flash and java are in most web pages. Does a firewall not protect > against these threats? If firewall == "packet filter": No. Otherwise: Maybe, but probably not. > or are browser updates necessary even with a firewall? Absolutely! >> Firewall alone won't protect you from man in the middle and such >> niceties on open untrusted networks. > > Understood. This need is for socializing around the table at > StarBucks, Internet cafes, etc. Check for open ports (see the netstat-command above), always install the latest upgrades and make sure to use encrypted connections whenever possible. J. -- If I could travel in time I would show my minidisc to the Romans and become Caesar until the batteries ran out. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: Digital signature