On 05/01/2008, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > > > > > 2: Space for the P3 is limited and I would like to remove its printer > and > > > print bank statements across the LAN on the main PC (running Linux, or > maybe > > > FreeBSD in future) using CUPS. Does this introduce security risks? > > Why would you need CUPS on the P3? Shouldn't the bsd lpd be able to > send the bank statement over to the other box to then get formatted and > printed? lpd is in base already.
I wasn't aware that LPD could do the remote printing - I've always used CUPS on Linux - thanks for the info. This seems the favourable option since I then don't need to introduce CUPS into the OBSD box. > Does running Firefox on the banking computer, even if it is running on > OpenBSD, cause any concerns? Is there a more secure browser that will > still work with the bank's system? I'm assuming that the base Lynx > won't work (if it will, just use that). No, I can't see Lynx doing this job - yes Firefox is a concern as it is becoming so popular and seems to have a lot of security updates which may be indicative of its lack of quality (certainly not up to OBSD standards). However some banks seem to create complex web pages so the browser needs to be reasonably good at rendering pages. If there is a graphical browser which is more secure and might do the job, I'd be pleased to know about it. Will you sit down at a separate screen/keyboard on the OpenBSD banking > computer or will you access it via ssh? I had planned to use a separate screen/keyboard. Keeping things physically separate is part of the security as there is less dependence on avoiding errors in setup. I might look to acquire an old laptop in due course to reduce space requirements. Would forwarding X via ssh from > the banking machine to your main machine make banking any less secure? I suppose if the main machine were infected it could read your > keystrokes as you type in passwords. Indeed Perhaps you could use the banking > machine as your main access point, running apps on the main box via ssh. > Would that introduce any insecurity in the banking machine? > > I don't know the answer to your last question - was it rhetorical? Actually I hadn't thought of this. Are you saying that nothing could get down the ssh "tunnel" from the main box into the banking box? I guess I will have to look into how ssh works - something I've not had any need to use. The banking box has poorer graphics capability so this wouldn't do a good job of running main box apps. But something to keep in mind. Thanks for all your comments - appreciated.