[sf-lug] addendum to " update from computer newbie"
asheesh at asheesh.org
Fri Jul 7 21:36:10 PDT 2006
On Fri, 7 Jul 2006, jim stockford wrote:
> Buy a little router: plug it into the DSL modem and
> plug your computer into the router--generally, but not
> perfectly okay and right:
Why bother? Just hook the computer up to the Internet.
Don't run services you don't to be offering. But those innocuous-looking
router boxes do network address translation, and NAT is evil. It breaks
the end-to-end connectivity that defines the Internet. See also
> It's only moderately unwise to hook an unprotected
> computer to the net and then configure it. There are
> claims of a few attacks per hour on any and every
> computer node on the internet. But if you've got a
> little router on the DSL, I'd say you're safe.
It's more frequently than that. But those attacks are script kiddie /
organized crime types doing standard attacks against Windows machines.
It won't harm the Linux machine he's setting up. Windows machines get
0wned fast (*).
It's important to understand the security threats you face. Otherwise you
risk, as Rick mentioned earlier, "Cargo Cult" security - the strategy of
"just doing something" since you don't know what actually would do you
The username/password advice given by Jim is good. I personally like to
use pwgen (+) to generate passwords that are not guessable by dictionary
attacks but are still pronounceable (and therefore memorable). For those
of you know the name, it's written by Ted Tso <tytso at mit.edu>.
*. For example, see http://isc.sans.org/survivalhistory.php
+. http://packages.debian.org/pwgen , or
http://packages.ubuntu.com/pwgen , or
People who make no mistakes do not usually make anything.
More information about the sf-lug