Security for the desktop user
in [UK Linux]
|
From: Anahata on 17 Apr 2008 03:54 Ian wrote: > > As a matter of interest, how will I get IPv6 addresses for all the > things around my home network? A good question, but I think there's a block of IPV6 addresses reserved for ethernet addresses, so as long as all your ethernet inferfaces have 48 bit addresses from blocks that the manufacturers registered with the IEEE they'll all be unique and you can use them. If that's anything like the right answer, *I* want to know how a router on the other side of the world would know how to find a device on your network. Anahata
From: tinnews on 17 Apr 2008 04:16 Nix <nix-razor-pit(a)esperi.org.uk> wrote: > On 16 Apr 2008, tinnews(a)isbd.co.uk outgrape: > > > D.M. Procida <real-not-anti-spam-address(a)apple-juice.co.uk> wrote: > >> <tinnews(a)isbd.co.uk> wrote: > >> > >> > > What would you suggest as sensible security measures for desktop Linux > >> > > users, who won't be running such things as PHP websites or an array of > >> > > vulnerable services? > >> > > > >> > Security against what? > >> > >> Bad People, mainly. > >> > > Well secure the system physically against "bad people" for a start! > > This is a *university*. What are they going to do, station armed guards > around it with instructions to shoot approaching faculty, admin staff, > and students? (That should cover most categories.) > If they really are 'bad people' then you've lost before you've started. Anyone with physical access to the machine and bad intent will be able to 'infect' it regardless of what else you do. In almost any multi-user, multi-machine environment you need to have some reasonable level of trust between your users and between them and the administrators. If you don't have this then everything else becomes pointless. -- Chris Green
From: Will Kemp on 17 Apr 2008 04:40 On Wed, 16 Apr 2008 22:37:11 +0100, Nix wrote: > NAT is evil. Oppose it. > > (Firewalls are, of course, not evil: more a necessity. But every system > on the Internet should be *addressable* by every other.) Why? -- http://SnapAndScribble.com/will
From: Andy Burns on 17 Apr 2008 04:46 On 17/04/2008 08:54, Anahata wrote: > I think there's a block of IPV6 addresses reserved > for ethernet addresses, so as long as all your ethernet inferfaces have > 48 bit addresses from blocks that the manufacturers registered with the > IEEE they'll all be unique and you can use them. That's a "link local" IPv6 address, but is not routable from other subnets, it's the equivalent of a 169.x.y.z APIPA IPv4 address.
From: Geoffrey Clements on 17 Apr 2008 14:02
Nix wrote: > On 16 Apr 2008, tinnews(a)isbd.co.uk outgrape: > >> D.M. Procida <real-not-anti-spam-address(a)apple-juice.co.uk> wrote: >>> <tinnews(a)isbd.co.uk> wrote: >>> >>> > > What would you suggest as sensible security measures for desktop >>> > > Linux users, who won't be running such things as PHP websites or an >>> > > array of vulnerable services? >>> > > >>> > Security against what? >>> >>> Bad People, mainly. >>> >> Well secure the system physically against "bad people" for a start! > > This is a *university*. What are they going to do, station armed guards > around it with instructions to shoot approaching faculty, admin staff, > and students? (That should cover most categories.) > You forgot bad people :-) -- Geoff Registered Linux user 196308 Replace bitbucket with geoff to mail me. |