I love IP Tables....

Wed May 30 03:09:30 UTC 2007

Les <hlhowell at pacbell.net> wrote: wrote:

> But I want to use the darn thing, not babysit it.  That is why I left
> Windows.  ...
The only way anyone can safely ignore a computer attached to the 
internet is to boot it from a live CD, only use the hard drive as swap 
and shut it down when you're done.  Any system left on and connected is 
a potential target.  Some are easier to hack than others but all are 
potentially vulnerable.  On the other hand, I run a Linux box that's 
connected to the internet and running 24 hours a day that acts as my 
mail server, web server for my really lame web site, firewall for the 
rest of my home network and provides file and print services.  To the 
best of my knowledge, I've never been hacked but I still spend a minute 
or two every day looking at logwatch and the output from chkrootkit.  We 
use our computers to manage a lot of our finances so we have a lot to 
lose if we were to get hacked.  I don't consider a couple of minutes a 
day to be too much of a burden if I want to be (relatively) safe.
>
>     As to the car analogy, do you NEVER speed, never tailgate, always
> signal lane changes or turns?....  
Always? No.  Often enough to stay out of trouble?  Apparently.  I mainly 
worry about the idiots yakking away on cell phones and not paying enough 
attention to their driving.  I've almost gotten creamed a couple of 
times and probably would have if I hadn't been watching out.  One item 
you left out of your list of question is I try to remember to check both 
ways before entering an intersection after the traffic light changes in 
my favor.  The right of way isn't a right that's worth dying for.

So, I'd say the car analogy really fits computers.  Like with cars, you 
don't have to do everything perfectly all the time but any lapse is 
*potentially* an accident waiting to happen.  Do it often enough and 
eventually the accident will happen.  Like with safe driving, the idea 
is to develop a bunch of safe computing habits like checking what 
logwatch reports, running chkrootkit from cron, if you can, port scan 
your network from outside (e.g., visit the local library with a laptop) 
from time to time, etc.

Finally, like with cars, if all you want to do is the computing 
equivalent of hop in, turn the key and make a run to the grocery store, 
about all you need to do is scan the gages and idiot lights and do the 
scheduled maintenance.  On the other hand, if you want to drive like 
you're James Bond escaping from Specter, you'd better do a little bit 
more.  All I'd like to see normal users do is the equivalent of scan the 
idiot lights and do the scheduled maintenance.  That's all.  Conversely, 
if you want to go beyond just checking e-mail and surfing the 'net, it 
is your responsibility to make sure that whatever services you open up 
don't become an invitation to hackers.  It's in your best interest as 
well as helping others not have to deal with your security lapses.

Cheers,
Dave

-- 
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce