[sf-lug] addendum to " update from computer newbie"

[Asheesh Laroia]

On Fri, 7 Jul 2006, jim stockford wrote:

>    Buy a little router: plug it into the DSL modem and
> plug your computer into the router--generally, but not
> perfectly okay and right:

Why bother?  Just hook the computer up to the Internet.

Don't run services you don't to be offering.  But those innocuous-looking 
router boxes do network address translation, and NAT is evil.  It breaks 
the end-to-end connectivity that defines the Internet.  See also 
http://www.cs.utk.edu/~moore/what-nats-break.html .

>    It's only moderately unwise to hook an unprotected
> computer to the net and then configure it. There are
> claims of a few attacks per hour on any and every
> computer node on the internet. But if you've got a
> little router on the DSL, I'd say you're safe.

It's more frequently than that.  But those attacks are script kiddie / 
organized crime types doing standard attacks against Windows machines. 
It won't harm the Linux machine he's setting up.  Windows machines get 
0wned fast (*).

It's important to understand the security threats you face.  Otherwise you 
risk, as Rick mentioned earlier, "Cargo Cult" security - the strategy of 
"just doing something" since you don't know what actually would do you 
good.

The username/password advice given by Jim is good.  I personally like to 
use pwgen (+) to generate passwords that are not guessable by dictionary 
attacks but are still pronounceable (and therefore memorable).  For those 
of you know the name, it's written by Ted Tso <tytso at mit.edu>.

-- Asheesh.

*. For example, see http://isc.sans.org/survivalhistory.php

+. http://packages.debian.org/pwgen , or 
http://packages.ubuntu.com/pwgen , or 
http://sourceforge.net/projects/pwgen/

-- 
People who make no mistakes do not usually make anything.