On Nov 20, 3:20 pm, Sthu Deus sthu.d...@gmail.com wrote:
Good time of the day.
I'm concerned on safety of install over network (the netinst) - what
techniques are used to protect the installed system during the very
process of installation?
a single machine connected to the internet:
moving
On Wed 23 Nov 2011 at 13:50:53 +0700, Sthu Deus wrote:
My pondering/suggestions here:
1. You agree that it is a good thing to be firewalled for the being
installed system - so in case there is no firewall already for it, then
it would be still good to have one in the install environment.
On 2011-11-22, Sthu Deus sthu.d...@gmail.com wrote:
My opinion is this: to disable any queries to Your host by iptables
and/or xinit from outside world and then purge the packages You do not
need.
This is a stand alone machine that's not supposed to be offering any
services whatsoever to the
On Wed 23 Nov 2011 at 11:57:57 +, Curt wrote:
einstein:/home/curty# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd1778 root5u IPv6 43230 0t0 TCP localhost:ipp (LISTEN)
cupsd1778 root7u IPv4 43231 0t0 TCP localhost:ipp (LISTEN)
On 2011-11-23, Brian a...@cityscape.co.uk wrote:
You don't want to run a firewall because it will be of no benefit to
you. The CUPS daemon will only accept print jobs from the machine the
printer is connected to. dhclient is what its name says - a client. It
Thank you. Is that the default
On 2011-11-22, Osamu Aoki os...@debian.org wrote:
Anyway, read good source.
http://www.debian.org/doc/user-manuals#securing
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
Thank you for the links.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with
On Wed, Nov 23, 2011 at 06:30, Curt cu...@free.fr wrote:
I trust the server, I guess; it's my ISP, so I really have to trust
them way above and beyond whatever dhclient can or cannot do. I could
set up a static address for the interface (if I knew how--I do have a
static address). Where
On 2011-11-23, Kelly Clowers kelly.clow...@gmail.com wrote:
I trust the server, I guess; it's my ISP, so I really have to trust
them way above and beyond whatever dhclient can or cannot do. I could
set up a static address for the interface (if I knew how--I do have a
static address). Where
On Wed 23 Nov 2011 at 14:30:31 +, Curt wrote:
Thank you. Is that the default when you install cups, just out of
curiosity? It seems like there was a time when you had to do something
to insure that the daemon wouldn't allow network printing.
It's the default.
What about this:
On Wed 23 Nov 2011 at 15:14:40 +, Curt wrote:
On 2011-11-23, Kelly Clowers kelly.clow...@gmail.com wrote:
For static you do something like this:
iface eth0 inet static
address 192.168.1.5
netmask 255.255.255.0
gateway 192.168.1.254
And then dhclient is no longer
On Wednesday 23 November 2011 15:14:40 Curt wrote:
For static you do something like this:
iface eth0 inet static
address 192.168.1.5
netmask 255.255.255.0
gateway 192.168.1.254
And then dhclient is no longer called, the daemon won't run anymore,
or do I have to do something
Brian wrote:
Sthu Deus wrote:
My pondering/suggestions here:
1. You agree that it is a good thing to be firewalled for the being
installed system - so in case there is no firewall already for it, then
it would be still good to have one in the install environment.
Not the way you state
Thank You for Your time and answer, Bob. Beside other things You wrote:
Plus most people install on a private network behind a firewall from
the Internet. This protects them from network attacks from the
Internet. As long as your local private network is not compromised
Can You explain, What a
Curt wrote:
Would you be so kind as to explain to me what ports/services are
open and listening on a default install of Debian Squeeze (if any) and
if there are any security implications for the novice user or
hardening to be performed on a default install (in relation to
listening daemons)?
I
On Mon, Nov 21, 2011 at 04:34:26PM +, Curt wrote:
On 2011-11-21, Osamu Aoki os...@debian.org wrote:
But seriously, Debian is configured as a quite secure system at any time
unless you make stupid configuration yourself. So it is quite safe.
Would you be so kind as to explain to me
Sthu Deus wrote:
Thank You for Your time and answer, Bob. Beside other things You wrote:
Plus most people install on a private network behind a firewall from
the Internet. This protects them from network attacks from the
Internet. As long as your local private network is not compromised
Big thanks, Bob, for Your extended answer:
The only external remotely accessible service available in the
installer kernel are ICMP services such as ping. AFAIK. You can ping
the system. Ping is a very useful diagnostic tool and is not
disabled. The network code responding to ping is in the
Sthu Deus wrote:
Things I consider are these (during the installation):
. I have working connection
Yes. But the simple presence of a network is not a security
vulnerability.
. I have at least working kernel and later diver services that are
configured and started during the install
Those
Hi,
On Mon, Nov 21, 2011 at 12:13:41AM +0700, Sthu Deus wrote:
Good time of the day.
I'm concerned on safety of install over network (the netinst) - what
techniques are used to protect the installed system during the very
process of installation?
instalation data is transmitted via http.
On 2011-11-21, Osamu Aoki os...@debian.org wrote:
But seriously, Debian is configured as a quite secure system at any time
unless you make stupid configuration yourself. So it is quite safe.
Would you be so kind as to explain to me what ports/services are
open and listening on a default
On Mon, 21 Nov 2011 09:14:54 +0200, Andrei Popescu wrote:
On Du, 20 nov 11, 18:10:34, Camaleón wrote:
I've never faced a security problem when installing over the network
How can you tell? ;)
gOOd catCh.
(Mmm... what happens with my keyboard? Seems like someone is typing on
behalf me
Good time of the day.
I'm concerned on safety of install over network (the netinst) - what
techniques are used to protect the installed system during the very
process of installation?
Or it includes some risk for the install and therefore media (kind of
disk) is a preferred installation method?
On Mon, 21 Nov 2011 00:13:41 +0700, Sthu Deus wrote:
I'm concerned on safety of install over network (the netinst) - what
techniques are used to protect the installed system during the very
process of installation?
System is still not installed so what are you afraid of? :-?
Or it includes
2011/11/20 Sthu Deus sthu.d...@gmail.com:
Good time of the day.
I'm concerned on safety of install over network (the netinst) - what
techniques are used to protect the installed system during the very
process of installation?
Or it includes some risk for the install and therefore media
Thank You for Your time and answer, Camaleón:
I'm concerned on safety of install over network (the netinst) - what
techniques are used to protect the installed system during the very
process of installation?
System is still not installed so what are you afraid of? :-?
Or it includes some
On Du, 20 nov 11, 18:10:34, Camaleón wrote:
I've never faced a security problem when installing over the network
How can you tell? ;)
(Internet) and take no additional countermeasures but ensuring the net
ISO checksum for the image I have downloaded is okay.
A compromised mirror can
26 matches
Mail list logo
