And another Ubuntu convert!

Mark Kirkwood markir at paradise.net.nz
Sat Jan 24 03:57:56 UTC 2009 

Derek Broughton wrote:
> Mark Kirkwood wrote:
>
>   
>
>> I think we don't, instead:
>>
>> - use a firewall
>>     
>
> Mostly not necessary either - if you don't have servers, you don't need a 
> firewall.  Which is why Ubuntu Desktop versions don't install one.
>
>   

If you are using a DSL router, then most have one anyway. It is wise to 
leave it on - another layer of security to protect you (especially if 
you do wish to enable remote access - say from work to your machine at 
home, you can configure the firewall to only allow connection attempts 
from your work ip range - again, another layer of safety in case of an 
unknown ssh vulnerability).

>> - use a script blocker like noscript in your browser
>>     
>
> That's really, really, pointless.  The fact is, if you turn off scripting, 
> you lose most of the functionality of the web.  Even if you just make it 
> prompt before running scripts you'll be driven crazy.  I'd far rather block 
> specific domains (like adblock).
>
>   

Hmm, couldn't disagree more - I was referring to a configurable blocker 
(like Noscript in Firefix) - this is probably one of the best ways to 
protect yourself whilst browsing. Most sites work well enough for you to 
decide whether or not to trust them by allowing any scripts.

>> - make sure scripting if off in your mail client
>>     
>
> Well, no mail client really needs that...
>
>   

Exactly - I certainly hope none of the current crop ship with it enabled...

>> The article also points to the behavioural aspects of security - common
>> sense about what you do and where you go:
>>
>> - don't run your system as root (hard to do on Ubuntu, which is good)
>>     
>
> Actually it's very easy, and you'd be surprised how many people always have 
> a terminal session opened with "sudo -i".  I do agree with his "social 
> engineering" points.
>
>
>
>
>   

I wasn't really thinking about someone with a root shell left idle  - 
yeah, not such a great idea, but not nearly as bad as running Gnome (or 
whichever WM) logged in as root. Now Ubuntu makes that difficult (which 
is great).

regards

Mark

More information about the ubuntu-users mailing list