Debian User Forums

[mikazo]

I've been browsing around the web for a good place to discuss server administration and security, and Debian User Forums seemed as good as any, since that's what I'm running on my server. However, I'm surprised to see there's no designated "Security" forum. Security is important, whether it's for a server or workstation and it would be good to have a place for others to learn and discuss security practices, issues, share what's went wrong/worked well in the past and so on. Anyone else agree?

[Raffles10]

Not really. Depends what you're doing with your computer, I would guess that most users are running basic desktop systems and doing basic stuff: email, browsing web, multimedia, etc. Security isn't really an issue at home, we're not using windows so no great danger from viruses, trojans, etc. In the workplace or any public place there are issues of privacy, but not many of us get to use Debian at work.

So generally speaking security is not such a big deal for most Linux users. It's one of the advantages of Linux, how much software do you need to keep windows safe these days?

[craigevil]

What security? I run sid, which was installed back around the time Sarge was released. Other than disallowing remote logins and using a router I haven't had to do anything to keep my system secure. Just for curiousity's sake I run rkhunter ever couple of months and have never found anything out of place.

Where as on my wife's laptop that runs Xp , I installed spyblaster, spy bot search and destroy, a hosts file, MS security essentials, and I scan it about once a month with one of the various online scanners. She uses Firefox with adblock plus, flashblock and noscript which seems to keep it pretty safe. Just making sure things like java, flash and other 3rd party apps stay updated is a pain, unlike my debian system where I do apt-get dist-upgrade every few days.

[smallchange]

Running sid and updating every few days certainly does make for a reasonable secure system, but is probably not the way to run a server. I would think that most security questions would fit in system configuration. A security section would be more sensible than a beginners section. Most here would welcome intelligent security posts.

[mikazo]

Running sid and updating every few days certainly does make for a reasonable secure system, but is probably not the way to run a server. I would think that most security questions would fit in system configuration. A security section would be more sensible than a beginners section. Most here would welcome intelligent security posts.

I'm with smallchange, there's more to security than a firewall and some updates. I'm talking about real, high-level security, the type one might find a large enterprise (hopefully) employs. True, the average user doesn't worry much about security in Linux, but if you're running a server 24/7 that might be highly visible to attackers, you take security a little more seriously.

I myself run a Debian server from home, simply to practice security on, since I intend to make a career out of it one day. I'd enjoy the occasional intelligent security discussion.