Incoming: Deny allI spent over 2 months to create firewall rules good enough to make me feel secure.
Works for me.
Incoming: Deny allI spent over 2 months to create firewall rules good enough to make me feel secure.
This is the default behavior of most firewalls includingIncoming: Deny all
Works for me.
NAT
routers but it's not good enough.nftables
to detect the so called zombie behaviorBecause that is the best basic security for new users. It seems to be pretty well agreed upon by all the big players. Is it perfect? No. Nothing is perfect, including all the effort you are investing in nftables.This is the default behavior of most firewalls
This tutorial (now over a decade old) is titled, "Basic security"... not "Advanced Security." Basic security begins by NOT installing untrusted software. And the default firewall settings are fine for most users, most of the time. These are the things that should be emphasized to our new Linux users... not scaring them into thinking they need a months-long effort to tweak complicated firewall rules that they do not understand, that most of us will never understand, including me.if you intentionally install untrusted software
If you get put down and give up from securing your system because big guys are known to fail in spite of all efforts then that's not good.Consider how many companies and governments continue to be hacked... many of whom that I would guess use complicated nftables rules applied by IT experts. That doesn't give me a good feeling.
I understand, I missed the point of this thread, thanks for reminder!This tutorial (now over a decade old) is titled, "Basic security"... not "Advanced Security."
I'm not giving up at all. I'm pretty much always trying to stay aware of what's going on in computer security and threats, at least generally speaking. No doubt there is much that I miss though, and like a lot of other older folks, I may sometimes be too set in my ways to change or learn new things. Using default firewall settings is a choice made because I have looked at iptables/nftables before... and I know that is not where I want to concentrate my time and energy. The firewall settings are not a source of fear for me.If you get put down and give up from securing your system because big guys are known to fail in spite of all efforts then that's not good.
There are so many examples where a malware or an attacker does not need you to give them a password.Many people coming from windoze are very paranoid about Security...what they forget is the malware needs permission (your password) to run on a Linux system...who's that stupid. View attachment 19456
There are so many examples where a malware or an attacker does not need you to give them a password.
Contrary to popular beliefs, Linux is not secure "by default"
What examples...
In Linux a password is everything...can't do anything without it "Contrary to so called popular beliefs" as you say.
Spectre is now mitigated, but there have been a few other such vulnerabilities as mentioned online.While Spectre is simpler to exploit with a compiled language such as C or C++ by locally executing machine code, it can also be remotely exploited by code hosted on remote malicious web pages, for example interpreted languages like JavaScript, which run locally using a web browser. The scripted malware would then have access to all the memory mapped to the address space of the running browser
Security is a process, not an application.
I cannot agree more with you!80% of security problems lay between the seat back and the keypad, the rest a good fire wall will usually take care of
this can easily be seen on social media, if we discount the usual look at me type post, and those obviously tied to advertising we are left with the two most dangerous post, the clickbait designed to find your preferences and to seek out ISP's, port addresses and Mac addresses or phishing topics designed to illicit information that can be compiled to find your passwords etc[ your favourite colour, first pets name, place/date of birth etc,] It never ceases to amaze me how many people will actually respond to such sites despite the number of warnings over the last 20 years or so..Human factor (the user) plays really big role.
This kind of touches both (1) security and (2) privacy, but there is also a third category which most people do not pay attention to.this can easily be seen on social media, if we discount the usual look at me type post, and those obviously tied to advertising we are left with the two most dangerous post, the clickbait designed to find your preferences and to seek out ISP's, port addresses and Mac addresses or phishing topics designed to illicit information that can be compiled to find your passwords etc[ your favourite colour, first pets name, place/date of birth etc,] It never ceases to amaze me how many people will actually respond to such sites despite the number of warnings over the last 20 years or so..
IMO Security is a mindset.
Amen.This tutorial (now over a decade old) is titled, "Basic security"... not "Advanced Security." Basic security begins by NOT installing untrusted software. And the default firewall settings are fine for most users, most of the time. These are the things that should be emphasized to our new Linux users... not scaring them into thinking they need a months-long effort to tweak complicated firewall rules that they do not understand, that most of us will never understand,