[sf-lug] addendum to " update from computer newbie"
rick at linuxmafia.com
Sat Jul 8 00:52:57 PDT 2006
Quoting bob sungib (ffejveg at yahoo.com):
> Well the pclinuxos cd did not come in the mail yesterday as expected,
> so I 'm hoping today's the day...
Good news: It took 18 minutes to download the ISO from ibiblio. So,
I'm about to burn the disc, now. (I hope you're not looking for bundled
proprietary Nvidia graphics drivers or rot like that. I'm burning the
generic ISO image, only.)
> And am I correct in assuming that it is VERY unwise to have the
> computer exposed even for the few minutes it would take me to re-boot
> and go to the control center to reconfigure the firewall?
Not as such.
Read my articles "Attacking Linux" and "Constructive Paranoia at the End
of 2003" to understand threat models a bit better. And, to paraphrase
Marcus J. Ranum, the real key to good security, aside from (over the
long term) understanding your system, is:
o Don't install sucky software, and
o Keep Internet-facing network services (services your machine offers
_to_ the Internet) to the bare minimum.
> Will I be exposed anyway because dsl is "always on" even when the
> computer is turned off?
Your computer cannot be (fruitfully) attacked while it's turned off, no.
"Exposure" (exposing vulnerable, accessible software to public networks)
is what's bad -- regardless of whether you do it only for a little
while, or all the time. One bit of good news: Desktop Linux
distributions most often default to having few or no network services
exposed to networks. (Why? Because they're _desktop_ machines!)
More information about the sf-lug