doug at proficio.ca
Sat Feb 10 22:39:37 EST 2007
I totally agree that firewalls are not a panacea, and also that
its more important to not open ports that you don't have to.
I don't run any kind of services like ssh or ftp, I don't even
run inetd or anything like it. There are no ports open! The
only open ports are outgoing and related answers incoming.
One thing that linux distros have traditionally had backwards
is turning everything on by default, including all kinds of
port access. The first thing I do whenever installing is make
sure no services are running that open ports, and that only
what I need is running, period.
Having said that, a basic firewall is still important for its
drop packets functionality. You do not want any info that
you are even there, that you exist. You want to drop packets
therefore you should have a simple basic firewall in place.
Start by dropping everything, then allow only what you need.
More information about the Speakup