[LBo] Chapter 10
Billy Pollifrone
billy at silverbaseball.com
Mon Jan 22 18:40:51 CET 2007
Stefan Waidele wrote:
> Rafi Gabzu schrieb:
>> Thanks.
>> applications , but I assumed its not true for local LAN since I do not
>> open
>> the Router Ports, or may be I'm wrong ...?
> =
> * Each and every application you install can introduce new
> vulnerabilities to your system. Installing a network application, these
> potential vulnerabilities could be abused from across the network.
Remember that if you didn't write the code yourself or monitor the
outbound traffic, you run the risk of exposure even if inbound traffic
by your router is blocked. This is one reason that software firewalls
that let you control and/or monitor outbound data are useful even if it
would be like wearing a belt and suspenders.
> * When transfering data across the network, a "black-hat" could sniff
> the network traffic and extract data - including any private data you
> send. That is why the use of telnet is discouraged and ssh is endorsed.
> That is why X11 across the network is insecure, while TightVNC can
> tunnel the connection via ssh (if both hosts are running Unix).
Windows X server's can be tunneled through PuTTY or OpenSSH win32 port.
> * Sharing disks or printers across the network does transfer data
> without encryption. I never heard about an encrypting alternative to NFS
> or SMB.
scp or sftp that is installed with sshd. Konquerer even has an equiv
"protocol" called fish:// that works excellent with these whether the
host is a Win32 or Linux sshd host.
-- =
(o_ Billy Pollifrone
//\ billy AT silverbaseball DOT com
V_/_ Registered Linux User #433318 (http://counter.li.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://linuxbasics.org/pipermail/qna/attachments/20070122/d083b943/si=
gnature-0001.pgp
More information about the QnA
mailing list