On Wed, 11 Jul 2012, Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
I am surprised that nobody seems to be concerned about the security of having your public IP address directly on the attached computer. Sure, you can firewall everything, but without a suitable firewall, your machine [Windows, Linux, Mac or other...] will be directly exposed to the Internet.
If you use Windows (particularly the older versions) this is a problem.
Modern Linux distributions tend to have almost nothing listening for inbound connections by default so this shouldn't be an issue.
Most people here probably started using Linux after ssh obsoleted telnet and rsh for remote logins and after shadow password became mandatory everywhere. There are probably very few people here who can remember the old days when Unix was insecure.
http://www.coker.com.au/selinux/play.html
Let me know if there's any particular application which you think is a security risk which is typically listening for connections from the outside world and I'll add it to my Play Machine.
It's been a while since I installed a Debian machine via any other means than debootstrap... do any flavours of Linux these days take any steps to ensure you choose a sensible password? A computer without a firewall is only as secure as the user that set it up, regardless of the OS. So if the user didn't choose a good password, and ran openssh-server with password authentication, then we have a problem. (or maybe modern distributions don't enable password authentication on ssh by default?? In which case I withdraw my remarks :) For my kids at home, I just used their name as a password (a 2 year old can easily learn to type their name (or a shortened version of), but probably not a password that anyone would consider secure), but I separated that machine from anything that could attack it. Someone without any network knowledge wouldn't be able to do that. James