I feel pretty good about things. I've got an OpenBSD packet filter scrubbing and normalizing everything that comes in, plus per-machine firewalls. SSH is only available using key pairs which are themselves password protected. My website is running on an uncommon, fault-tolerant web server which is running as an unprivileged user on a non-standard port. The only real concern I have is IMAPS, which is on the default port. Eventually I'm going to set things up to use SSH tunnels, but I haven't gotten there yet.

Not really. If somebody is scanning they're going to find you whether your IP address is dynamic or not. It would only really be a benefit to prevent somebody from getting in *twice* - and they could still just scan your block again. And besides, how often do you get a new IP address? Even if you reboot you'll usually get the same one again unless you change your MAC address or wait a sufficiently long period of time.

I figure I'm about as secure as my router settings. From script kiddies and windows targeted malware, I'm not in too bad of shape.

I doubt that an actual serious cracker would have much difficulty accessing my stuff though.

Mine's as secure as one can be while connected to the net. Nothing's 100%

Please look up the difference between hacker and cracker. I know a lot of people that could be offended by that...

(friendly advice)

Sorry, phantom_cyph.
I had always been under the impression that hackers are people who "hack" together code, and crackers are folks that "crack" security.

Crackers in general not only crack security, they are the ones that steal private info, install viruses, etc. Hackers are the ones that hack security, without using scripts/programs that do it for them, and in general, tend to leave people's computers alone.

So what exactly was wrong with my use of the word "Cracker"?

It's generally said nowdays that hackers are the white hat, and crackers are black hat. But most people usually see them both as the same, especially in the media etc.

I get a new IP address every few days, so it's pretty regular. I don't really keep tabs on if there's any cyclicity in the assigned addresses; it may be that I've only got a few addresses that get changed in turn.

This is all somewhat academic, however, since I've set up a dyndns account, so if some kiddie wanted to have a go and they found out what my chosen host was, it'd be the same as if I had a static IP.

Either way, the only thing I have open is SSH, and it'll only allow a single user to connect (me) and root access is disabled, so hopefully that'll help a little.

In this context, I'm going to take safe to mean involving little or no risk of mishap, in which case, yes, I consider myself safe.

I do not consider myself impervious or invincible, however.

I once deployed a server with Win2K on it. When I deploy a windows-based server, I always put a small consumer grade hardware router in front of it for the firewall features. This one time, I neglected to do that. Actually, I put the router up, but had the firewall turned off. I recognized my error within 15 minutes, and enabled the firewall.

In those 15 minutes, the Win2K machine, which was fully exposed and connected directly to a T3 in a datacenter, was also fully compromised and had become a spambot, with 2 trojans running in it.

This happened, I repeat, in 15 minutes. It didn't take me long to clean it up, but I did have to clean it up.

I have a fully hardened winXP system on my laptop which I take with me when I travel, and it has never been infected while connected to unknown networks.

My workstation and my LAN have a mix of Linux and Windows connected to them, and I have a number of ports forwarded through the firewall for various purposes, including Port 80, and though my network periodically is attacked (and sometimes vigorously attacked) none of my systems have ever been compromised. As I write this, I have Mandriva 2008, FC 7, Kubuntu (the latest one), 2 copies of Win2K, and 2 copies of WinXP up and running on the LAN. The Win2Ks are both VMWare virtual machines running under the Mandriva 2008 installation, and the WinXPs are each on their own physical machines. The linux distros are all on their own machines; the Mandriva installation is my personal workstation.

The point is that it IS possible to harden both Windows and Linux quite adequately. It is more work with Windows than it is with Linux, to harden it and keep it safe, but it can be done.

Hardened? yes. Fully hardened? Not possible for any system IMHO.