Quote:
Originally Posted by tennisbum
...mainly just basis web serving,..
|
When I first read this, I read 'Web Surfing', but it is also possible that this machine is used as a local/global 'Web Server' (ie, you did actually mean exactly what you wrote), and, in that case the minimum security advice would be rather more comprehensive.
Anyway, was my original reading of the intended text as 'Web Surfing' correct?
Roughly, iptables/netfilter is a programming language for firewalls; what get described as 'firewalls' are often GUI frontends that allow you to create a firewall rule-set without getting involved in 'programming'. Firewalls are a good thing, but only really cope with the case that you have unnecessary/badly configured/unexpected services running and unexpected (and malicious) flows of packets occur. A good backstop, and while you could probably cope without one, there are probably good enough reasons for wanting one.
(Note that a Linux firewall is a firewall; it is not like, eg, Windows where primarily these things are Security Suites which combine a firewall with other things such as virus scanners, and whatever the commercial supplier thinks can help them sell more software.)
A virus scanner is more optional for Linux; you are primarily protecting other people (...which is nice...).
The other important security advice is to keep your software up to date. Once a vulnerability has been disclosed, exploits are likely to occur, so you need to update software, if you want to be safe. Fortunately, Linux Distros make this easy by providing some kind of app installer/app updater (details change by distribution - on Ubuntu, I like synaptic, but there are other options exist, and that includes command line options, if you prefer).