![]() This guide is full of advise that was questionable in the early 2000s, and is wrong or obsolete in 2022. No debian system install telnet by default, or even has the old-school inetd. It's wrong, terribly outdated (judging from the cited references) where it's not wrong, and fully inapplicable to debian 11: it refers to update-rc.d, a script that simply has no role / existence on a modern debian any more, for example. That's unambigously more secure than letting root log in with the correct password. ![]() Without setting a root password, root can't log in using a password. Setting a good root password is the most basic requirement for having a secure system ![]() So, honestly, that guide seems to be not closely oriented on the packaging reality of debian, or security best practices. That will not magically become secure after installation, as service activation is the last step in the setup of a daemon package, anyways. ![]() The default configuration of services should be secure, everything else would be Debian's fault for rolling out an insecure default installation. Which services are meant here? Does this only apply to server installs (which might be running a web server, SSH, etc.), or does this also affect desktop users? Since the system will install and activate services immediately, if the system is connected to the Internet and the services are not properly configured you are opening it to attack. What are the specific risks? For instance, the Securing Debian Manual says in Section 3.3: Do not plug to the Internet until ready: So my question is: when installing Debian stable (Bullseye) to a laptop in 2022, is it dangerous to connect to the internet during installation? Moreover, the installer asked for an internet connection early on in the process with no clear option to opt out (but maybe I missed it), and neither the Debian Installation Guide nor the installer mentioned anything about this being insecure. This surprised me, because this seems to be the default way of installing Debian, and in fact there are many stories of people getting broken/unusable installations when installing without internet access. After installing Debian, I was reading through the Securing Debian Manual, and I found a warning to not connect to the internet during installation.
0 Comments
Leave a Reply. |