On Lu, 03 ian 11, 09:55:45, Russell L. Harris wrote:
> > But if you do only web browsing and email and don't run any
> > web-facing services you should be fine anyway.
> I do not understand; what is a "web-facing service"?
For example a web server (apache) or some other services accessible from
outside (ftp, ssh, file-sharing, ...). A counter-example would be cups
(the print server) which by default only accepts connections from the
> > The major threats are web browser security holes (update often)
> > especially through flash and java plug-ins, and pdf.
> Flash and java are in most web pages. Does a firewall not protect
> against these threats? or are browser updates necessary even with a
A firewall is just an additional layer of protection against possible
intruders, but it will not protect you against malware that affects
programs which access the internet "over" the wall (like browsers and
other *client* software) or software listening behind doors (ports)
which you have opened on purpose, to make that software (service)
accessible from the internet (like the web server above).
> > Hosting windows virus in mails attachments can also be a problem if
> > you have win machines on the lan, virus scanner clamav can help
> > here.
> This is a Window$-free environment.
As long as you don't run programs from outside Debian you can be 99,...%
sure that your own software doesn't play ugly tricks on you, as many
proprietary softwares do.
Unfortunately the Adobe flash plugin is not from Debian (even though you
can install it with the flashplugin-nonfree helper package from contrib)
and has had vulnerabilities in the past
> > Firewall alone won't protect you from man in the middle and such
> > niceties on open untrusted networks.
> Understood. This need is for socializing around the table at
> StarBucks, Internet cafes, etc.
Maybe you could go into details about what software you are using, in
order to get more specific recommendations.
Offtopic discussions among Debian users and developers: