Re: Safety while network install.

2011-11-24 Thread luizlmarins
On Nov 20, 3:20 pm, Sthu Deus sthu.d...@gmail.com wrote: Good time of the day. I'm concerned on safety of install over network (the netinst) - what techniques are used to protect the installed system during the very process of installation? a single machine connected to the internet: moving

Re: Safety while network install.

2011-11-23 Thread Brian
On Wed 23 Nov 2011 at 13:50:53 +0700, Sthu Deus wrote: My pondering/suggestions here: 1. You agree that it is a good thing to be firewalled for the being installed system - so in case there is no firewall already for it, then it would be still good to have one in the install environment.

Re: Safety while network install.

2011-11-23 Thread Curt
On 2011-11-22, Sthu Deus sthu.d...@gmail.com wrote: My opinion is this: to disable any queries to Your host by iptables and/or xinit from outside world and then purge the packages You do not need. This is a stand alone machine that's not supposed to be offering any services whatsoever to the

Re: Safety while network install.

2011-11-23 Thread Brian
On Wed 23 Nov 2011 at 11:57:57 +, Curt wrote: einstein:/home/curty# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME cupsd1778 root5u IPv6 43230 0t0 TCP localhost:ipp (LISTEN) cupsd1778 root7u IPv4 43231 0t0 TCP localhost:ipp (LISTEN)

Re: Safety while network install.

2011-11-23 Thread Curt
On 2011-11-23, Brian a...@cityscape.co.uk wrote: You don't want to run a firewall because it will be of no benefit to you. The CUPS daemon will only accept print jobs from the machine the printer is connected to. dhclient is what its name says - a client. It Thank you. Is that the default

Re: Safety while network install.

2011-11-23 Thread Curt
On 2011-11-22, Osamu Aoki os...@debian.org wrote: Anyway, read good source. http://www.debian.org/doc/user-manuals#securing http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html Thank you for the links. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with

Re: Safety while network install.

2011-11-23 Thread Kelly Clowers
On Wed, Nov 23, 2011 at 06:30, Curt cu...@free.fr wrote: I trust the server, I guess; it's my ISP, so I really have to trust them way above and beyond whatever dhclient can or cannot do.  I could set up a static address for the interface (if I knew how--I do have a static address).  Where

Re: Safety while network install.

2011-11-23 Thread Curt
On 2011-11-23, Kelly Clowers kelly.clow...@gmail.com wrote: I trust the server, I guess; it's my ISP, so I really have to trust them way above and beyond whatever dhclient can or cannot do.  I could set up a static address for the interface (if I knew how--I do have a static address).  Where

Re: Safety while network install.

2011-11-23 Thread Brian
On Wed 23 Nov 2011 at 14:30:31 +, Curt wrote: Thank you. Is that the default when you install cups, just out of curiosity? It seems like there was a time when you had to do something to insure that the daemon wouldn't allow network printing. It's the default. What about this:

Re: Safety while network install.

2011-11-23 Thread Brian
On Wed 23 Nov 2011 at 15:14:40 +, Curt wrote: On 2011-11-23, Kelly Clowers kelly.clow...@gmail.com wrote: For static you do something like this: iface eth0 inet static address 192.168.1.5 netmask 255.255.255.0 gateway 192.168.1.254 And then dhclient is no longer

Re: Safety while network install.

2011-11-23 Thread Lisi
On Wednesday 23 November 2011 15:14:40 Curt wrote: For static you do something like this:   iface eth0 inet static   address 192.168.1.5   netmask 255.255.255.0   gateway 192.168.1.254 And then dhclient is no longer called, the daemon won't run anymore, or do I have to do something

Re: Safety while network install.

2011-11-23 Thread Bob Proulx
Brian wrote: Sthu Deus wrote: My pondering/suggestions here: 1. You agree that it is a good thing to be firewalled for the being installed system - so in case there is no firewall already for it, then it would be still good to have one in the install environment. Not the way you state

Re: Safety while network install.

2011-11-22 Thread Sthu Deus
Thank You for Your time and answer, Bob. Beside other things You wrote: Plus most people install on a private network behind a firewall from the Internet. This protects them from network attacks from the Internet. As long as your local private network is not compromised Can You explain, What a

Re: Safety while network install.

2011-11-22 Thread Sthu Deus
Curt wrote: Would you be so kind as to explain to me what ports/services are open and listening on a default install of Debian Squeeze (if any) and if there are any security implications for the novice user or hardening to be performed on a default install (in relation to listening daemons)? I

Re: Safety while network install.

2011-11-22 Thread Osamu Aoki
On Mon, Nov 21, 2011 at 04:34:26PM +, Curt wrote: On 2011-11-21, Osamu Aoki os...@debian.org wrote: But seriously, Debian is configured as a quite secure system at any time unless you make stupid configuration yourself. So it is quite safe. Would you be so kind as to explain to me

Re: Safety while network install.

2011-11-22 Thread Bob Proulx
Sthu Deus wrote: Thank You for Your time and answer, Bob. Beside other things You wrote: Plus most people install on a private network behind a firewall from the Internet. This protects them from network attacks from the Internet. As long as your local private network is not compromised

Re: Safety while network install.

2011-11-22 Thread Sthu Deus
Big thanks, Bob, for Your extended answer: The only external remotely accessible service available in the installer kernel are ICMP services such as ping. AFAIK. You can ping the system. Ping is a very useful diagnostic tool and is not disabled. The network code responding to ping is in the

Re: Safety while network install.

2011-11-21 Thread Bob Proulx
Sthu Deus wrote: Things I consider are these (during the installation): . I have working connection Yes. But the simple presence of a network is not a security vulnerability. . I have at least working kernel and later diver services that are configured and started during the install Those

Re: Safety while network install.

2011-11-21 Thread Osamu Aoki
Hi, On Mon, Nov 21, 2011 at 12:13:41AM +0700, Sthu Deus wrote: Good time of the day. I'm concerned on safety of install over network (the netinst) - what techniques are used to protect the installed system during the very process of installation? instalation data is transmitted via http.

Re: Safety while network install.

2011-11-21 Thread Curt
On 2011-11-21, Osamu Aoki os...@debian.org wrote: But seriously, Debian is configured as a quite secure system at any time unless you make stupid configuration yourself. So it is quite safe. Would you be so kind as to explain to me what ports/services are open and listening on a default

Re: Safety while network install.

2011-11-21 Thread Camaleón
On Mon, 21 Nov 2011 09:14:54 +0200, Andrei Popescu wrote: On Du, 20 nov 11, 18:10:34, Camaleón wrote: I've never faced a security problem when installing over the network How can you tell? ;) gOOd catCh. (Mmm... what happens with my keyboard? Seems like someone is typing on behalf me

Safety while network install.

2011-11-20 Thread Sthu Deus
Good time of the day. I'm concerned on safety of install over network (the netinst) - what techniques are used to protect the installed system during the very process of installation? Or it includes some risk for the install and therefore media (kind of disk) is a preferred installation method?

Re: Safety while network install.

2011-11-20 Thread Camaleón
On Mon, 21 Nov 2011 00:13:41 +0700, Sthu Deus wrote: I'm concerned on safety of install over network (the netinst) - what techniques are used to protect the installed system during the very process of installation? System is still not installed so what are you afraid of? :-? Or it includes

Re: Safety while network install.

2011-11-20 Thread Lorenzo Bandieri
2011/11/20 Sthu Deus sthu.d...@gmail.com: Good time of the day. I'm concerned on safety of install over network (the netinst) - what techniques are used to protect the installed system during the very process of installation? Or it includes some risk for the install and therefore media

Re: Safety while network install.

2011-11-20 Thread Sthu Deus
Thank You for Your time and answer, Camaleón: I'm concerned on safety of install over network (the netinst) - what techniques are used to protect the installed system during the very process of installation? System is still not installed so what are you afraid of? :-? Or it includes some

Re: Safety while network install.

2011-11-20 Thread Andrei Popescu
On Du, 20 nov 11, 18:10:34, Camaleón wrote: I've never faced a security problem when installing over the network How can you tell? ;) (Internet) and take no additional countermeasures but ensuring the net ISO checksum for the image I have downloaded is okay. A compromised mirror can