-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2015-09-19 a las 10:47 +0200, Daniel Bauer escribió:
Probably it is not even possible to set up such a how-to, thinking about all the different systems, routers...
Maybe it exists. I have read writeups but I don't remember where.
So for people like me, the only hope is that the firewall as set up by default when installing the system and using strong passwords, is enough to protect me from a disaster...
Maybe I could call this "security by luck".
:-) The firewall alone is not enough, but yes, the default firewall (set as external) is good enough (as firewall). The important thing is that security is not achieved by a single item. If you use WiFi, you need to secure access to it, because anybody within, say, 50 meters, can try. Even an inocent child. Maybe they just want to use your connection and do no harm, but things happen. Hiding the SSID does little, and it is a nuisance for you and your guests. But if you want to use it, go ahead: it will make no harm. Similarly for MAC filtering, but it is harder to bypass. Use WPA2 with a strong password, and don't use the one supplied by your ISP: who knows where they store it and who knows it. I heard of one ISP which generated the password from the phone number and/or SSID; the algorithm had been found, so anybody could in fact have your password. Have all internal machines with a firewall. In openSUSE, use the external interface setting, or if you use the internal setting, tell YaST to also protect from internal. Yes, this is a nuisance, but I don't trust ISP routers with firewall: those things have holes and they are seldom patched. Keep your machines updated. This protects you from most "hacks". Use common sense when clicking links or opening emails, specially in Windows. An antivirus, even in Windows, does little. In fact, I know people that don't use one, yet their machines are absolutely clean. And most of the virii I get on the mail the antivirus pass them as clean, anyway... Finally, if you need to have open services to the outside, like ssh, http, whatever, you have to really secure them. Ask, if you don't know how. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlX9UucACgkQja8UbcUWM1wrIgD9FOU6LD/XbahOH59c6N7mvH75 UyZJRcei+fCgqubPDnwA/i4RU7eSrs8YUHp23trTldV3cH37KSV4JFRmxxIpSduW =ikAP -----END PGP SIGNATURE-----