# Netinstall and security

## ceced

Hi everyone,

I have a question about overall security during the netinstall installation process.

Since the computer is connected to the internet from the beginning of the process, doesn't that make the system completely vulnerable until a firewall is set up ?

I'm sure I'm missing something, but I can't find what.

P.S : sorry for any language error, it's under perpetual improvement

----------

## chiefbag

There is nothing listening on any ports, the only internet access is used by portage to pull distfiles from repositories so I would not see any security issue, plus you would need port forwarding setup on your home router, otherwise I imagine you would be sitting behind a secure company firewall.

----------

## ceced

I think I'm getting your point, chiefbag.

So, suppose the computer is directly connected on the internet, it is still safe because all ports are closed. Must have been so obvious (except for me  :Embarassed:  ) that the handbook didn't mention it !

----------

## cach0rr0

 *ceced wrote:*   

> I think I'm getting your point, chiefbag.
> 
> So, suppose the computer is directly connected on the internet, it is still safe because all ports are closed. Must have been so obvious (except for me  ) that the handbook didn't mention it !

 

there's still not going to be anything listening for inbound connections

in the event you're doing the install over ssh, you will have already set an ssh password - otherwise, it's going to be scrambled anyway with most installation CD's and whatnot

just not really something you should be particularly concerned about.

----------

## ceced

 *Quote:*   

> just not really something you should be particularly concerned about.

 

Well, I was a bit worried after reading the "Securing Debian Manual", in which the authors clearly mean : don't connect before your system is prepared to defend itself !

Then again, it's Gentoo we were talking about here.

----------

## cach0rr0

 *ceced wrote:*   

> don't connect before your system is prepared to defend itself !
> 
> 

 

right, so i would agree with that, but your system *is* ready to defend itself if there's quite literally nothing to attack

nobody has anything to connect to inbound, so you're good to go.

----------

## ceced

 *Quote:*   

> you're good to go.

 

Great !

Thanks for the answers. Now, installation step 1: buy a laptop  :Mr. Green: 

----------

