On Sat, Apr 29, 2006 at 05:45:10 +0200, "A.J. Bonnema" <abonnema@xxxxxxxxx> wrote: > What I wonder about is the following: > > * given that all ports are closed to external contact through a physical > allbeit consumer oriented firewall, just means I am safe for > port-scanners. But does it mean that I am safe from cracker systems / > programs? Is there a way to break in, without allowing external contact > through one of the ports? (not including trojans and the like). Since the firewall lets some packets through, there is a vector to compromise your system using the network connection. Blocking inbound connections reduces the risk a lot. You don't say what the firewall does for UDP (which is connectionless). If it passes any UDP packets through (or ICMP packets), then if there were bugs in your network stack or if you have processes listening for UDP requests with bugs, you could be attacked that way. > * A second issue is: suppose I would force my family to use really > random passwords (like characters picked from a one-time pad). And now > suppose I lose my root-password: would I be able to rectify this, > without destroying the data? You have physical access to the machine right? Unless you have encrypted file systems, you can boot in single user mode and change the password. Have a boot loader password? Boot off a rescue/live CD. Have the BIOS set only to boot off the first disk drive, password protected and you forgot the password? Pull the battery and the BIOS will reset to a state where you can change boot device settings. If your firewall is blocking inbound connections, it sounds like you aren't expecting your family memebers to connect to your machine remotely. If that is the case then they don't need particularly strong passwords (since they have physical access, there isn't a lot of point of having them even to protect against each other). If you go this route, you should take some extra steps to prevent remote connections on your box in case something happens to the firewall.