|
|
|
|
|
|
by e12e
4089 days ago
|
|
|
To be fair, I know that firewalls have come to be considered "good security practice" -- but I've always been more comfortable to only expose programs that are supposed to talk to the Internet. Any recent version of Windows (say 8.1) comes with a firewall enabled (and that's needed, as windows still is a bit chatty with various smb protocols etc... just don't enable filesharing on your lan, if it's not protected from the Internet...). Don't know about OS X -- and for a Linux box, one can just make sure that everything is either off, listens to loopback -- or is supposed to be open. Now, in many settings one do need a "LAN" in the sense of a firewalled playground for hopeless consumer devices, such as printers, ip web cameras etc. Perhaps the biggest reason to have a firewall, is if you're running windows -- as unpatched windows machines live dangerously on the open Internet. And you'll be unpatched from initial install until you've patched up... AFAIK there's been a while since any major Linux distro shipped with remote (no-action needed, like browsing) vulnerability out of the box. As for "does not have an email account" -- I generally assume that anyone with half a brain can patch into the upstream DSLAM of my DSL line, so anything between me, and everywhere else is suspect. Which is of course why I protect my IMAP/SMTP with TLS. [edit: consider people that use a laptop outside of the home -- they'll probably have to use dubious wireless links. It's more convenient to assume that the trust-boundary between you and the internet is at the local ethernet port/wireless card -- than anywhere else. That way you can have one set of "OpSec" that works (or not) wherever you are -- rather than fighting an uphill battle of situation awareness...] |
|
|