Author

Topic: How safe is this Uncomplicated Firewall setup? (Read 1518 times)

full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
There's still plenty of room for DNS Spoofing, MITM (there are 7 types, 4 are local), browser attacks (If you surf on it.), and router compromises.
There are custom attack tools that use multiple vulnerabilities simultaneously to overwhelm IDS's and Firewalls where a certain combo allows one to get through. The double or triple combo confuses the defense system logic allowing the attacker to succeed with an exploit when using just one exploit would normally be blocked.
legendary
Activity: 2058
Merit: 1452
firewalls aren't going to protect you against 0day exploits, which is your biggest risk.
legendary
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
For my "current account" wallet, I use a dedicated netbook where I run nothing but the Bitcoin client.

The OS is an Ubuntu 12.04 custom install with the majority of default software packages removed. 

The ufw setup is as follows:

Code:
$ sudo ufw status verbose

Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing)
New profiles: skip


To                    Action          From
--                    -----           ----
8333/tcp              ALLOW OUT       Anywhere               
8333/tcp              ALLOW OUT       Anywhere (v6)

From time to time I run the Ubuntu updates; for this I temporarily change default outgoing to ALLOW.

My question is, is this setup reasonably safe against wallet theft by hackers or viruses, or have I missed something important?
Jump to: