Firewall confusion
in [Suse]
|
Prev: Do I have a Virus?
Next: making an rpm package
From: Stephen Horne on 28 Dec 2009 07:44 On Mon, 28 Dec 2009 13:11:43 +0100, houghi <houghi(a)houghi.org.invalid> wrote: >Stephen Horne wrote: >> Just for the record, though, which of the following would your little >> sister be better equipped to cope with... >> >> 1. Answering "Thunderbird wants internet access - yes or no?" >> >> 2. Configuring the OpenSUSE firewall. > >Neither. System access should NOT be done on a user level. Not by me >and not by my little sister. > >To me there is a HUGE difference between "Me, the user" and "Me, the >system administrator" And this means that you can never decide which applications should be allowed to access the internet, irrespective of which hat you happen to be wearing? Why? I repeat - I'm not asking to clone ZoneAlarm or the Windows way. I just want to prevent applications from accessing the internet without my explicit permission. I'm quite happy to make those whitelisting decisions while wearing my system admin hat, and I agree that it's a necessity for the thing to really be secure. But even if blocking/unblocking internet access was done with no admin password needed, as is generally the case on home Windows boxes, it's still more secure than *always* allowing *all* applications to access the internet.
From: David Bolt on 28 Dec 2009 07:43 On Monday 28 Dec 2009 10:39, while playing with a tin of spray paint, Stephen Horne painted this mural: > On Mon, 28 Dec 2009 10:06:39 +0100, houghi <houghi(a)houghi.org.invalid> > wrote: > >>Stephen Horne wrote: >>> The scenario I have in mind is a trojan. I download it, mess around >>> with it within a user account, and don't realise that it has (e.g.) >>> scanned the files in my user account, spotted some passwords/bank >>> details/personal info, and phoned home. Why would you be messing around with a trojan under your own user account? If you're that concerned, set up a separate user account and use it either for messing about with programs of unknown provenance, or use it for your banking stuff. If you really want to go one step further, encrypt the home for that user. >>Well, it can also just maill home and thus use the programs where you >>already have opend the ports for. It could use firefox or whatever > > And these are also things that it shouldn't be allowed to do without > my explicit permission. How would cron be able to ask you for permission to send you a mail detailing the results of a job it's just run? >>Sure you can play arround and even have a user account, but do it with >>moderation and limitation. e.g. see that that user does not have access >>to the outside world. Wether sandboxing is enough or using a virtual >>manager (or both) I am not sure. > > Finally, we are getting somewhere ;-) > > Right - so are you saying that it's possible to set up a "sandbox" > user account with no internet access allowed? Yes, but you won't be able to do so without using iptables directly. All it takes is adding a rule that DROPS packets from a specific UID or GID. You could easily stop all users from accessing the net. It would probably make things quite unusable for them, since you'd need to prevent access to localhost as well, or they could use the mail server to send mail without asking your permission. While it's pretty old, this should give you an idea of how to do that: http://www.linuxjournal.com/article/6091 >>I would say that a virtual manager with no network is the most safe >>enviroment in your case as well as the easiest to do. > > Maybe, but on my less than awe inspiring machine, I want to limit the > number of layers of virtualisation if possible. I've run Parallels on an old Athlon, 1.2GHz with either 512 or 768MB IIRC, and it was pretty usable. It was slower than running the OS directly on the hardware, but not that much slower. I also used VMware, which was a faster on the same hardware, and that made it feel it was running at about the same speed it would have been if it was running directly on the hardware. Now I use Virtualbox, mostly on this X2 5200+ machine, and there doesn't seem to be any noticeable slowdown even when the system is under load. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | openSUSE 11.2 32b | openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11
From: Peter Köhlmann on 28 Dec 2009 07:49 Stephen Horne wrote: > On Mon, 28 Dec 2009 13:11:43 +0100, houghi <houghi(a)houghi.org.invalid> > wrote: > >>Stephen Horne wrote: >>> Just for the record, though, which of the following would your little >>> sister be better equipped to cope with... >>> >>> 1. Answering "Thunderbird wants internet access - yes or no?" >>> >>> 2. Configuring the OpenSUSE firewall. >> >>Neither. System access should NOT be done on a user level. Not by me >>and not by my little sister. >> >>To me there is a HUGE difference between "Me, the user" and "Me, the >>system administrator" > > And this means that you can never decide which applications should be > allowed to access the internet, irrespective of which hat you happen > to be wearing? > > Why? > > I repeat - I'm not asking to clone ZoneAlarm or the Windows way. I > just want to prevent applications from accessing the internet without > my explicit permission. Fine. Chose to ignore the advice "run it in a VM" and pull that idiotic "ZoneAlarm" card some more. You look exaclty like that clueless wintendo luser you are > I'm quite happy to make those whitelisting > decisions while wearing my system admin hat, and I agree that it's a > necessity for the thing to really be secure. No, whitelisting and other incompetent measures will not make any firewall "secure". > But even if blocking/unblocking internet access was done with no admin > password needed, as is generally the case on home Windows boxes, it's > still more secure than *always* allowing *all* applications to access > the internet. Which is bullshit and wishful thinking. You are actually *less* secure because of that false "security feeling" A firewall has *no* business knowing which *apps* want access. Because it has no idea (like you don't) if it is really the app or some malware from behind -- I refuse to have a battle of wits with an unarmed person.
From: Peter Köhlmann on 28 Dec 2009 07:56 Stephen Horne wrote: > On Mon, 28 Dec 2009 10:47:26 +0100, Peter Köhlmann > <peter-koehlmann(a)t-online.de> wrote: > >>This is the dumbest idea ever which came into the windows world: To let >>the user handle the decision if some arbitrary program which *claims* to >>be program xyz can access the outside world. > > No - the dumbest idea ever in the Windows world was a lot dumber than > that. Given the shear number and scale of the dumb decisions in > Windows, I'm not even going to speculate about which features are in > the running. > > On a machine where there is only one user, though, who else are you > going to ask? You can question the *way* that the question is asked, > certainly. But *someone* has to decide what is permitted and what > isn't. Right. And asking the ZoneAlarm way is for imbeciles >>It has not worked a tiny little bit in windows, and it will not work >>anywhere else. It is just plain stupid to even try it that way > > If the idea of asking at the time is really so dumb, then why is it OK > for Linux apps to request the root password when they need extra > priviledges? Well, because they need them? Whenever the user is not knowing what he is doing he has no business knowing the root password. It's as simple as that. Because, unlike on windows, there are *no* apps a normal user would run which need the root password. None What gives you the idea that there are linux apps which need root priviledges that any normal user would run? Why do you know so extremely little about linux, yet want ZoneAlarm toys introduced? > And lets be honest - the ZoneAlarm approach, flawed as it is, works a > whole lot better than having no restrictions at all on which > applications can access the internet. No. It provides a false sense of "security". Which is a lot worse than knowing that there is no security -- Just out of curiosity does this actually mean something or have some of the few remaining bits of your brain just evaporated?
From: Stephen Horne on 28 Dec 2009 08:55
On Mon, 28 Dec 2009 14:01:26 +0100, houghi <houghi(a)houghi.org.invalid> wrote: >Stephen Horne wrote: >> On a machine where there is only one user, though, who else are you >> going to ask? You can question the *way* that the question is asked, >> certainly. But *someone* has to decide what is permitted and what >> isn't. > >When I just came from Windows 95 to Linux, that is what I thought as >well. However I learned that is is much easier to understand that there >are always two users on a machine. root and user. Please point out any part of any of my posts that indicates that I don't understand this. I want to be able to prevent untrusted apps from accessing the internet without my explicit permission. Where in that sentence does it say "I must be able to make these choices without supplying a root password". That's right - I never made any such request. I even said that I wish ZoneAlarm *did* ask for a password. True I didn't say "root password" but what sense would that make on Windows? Now - exercise two - point out exactly where I said "Windows good Linux bad". That's right - I never said that. >> And lets be honest - the ZoneAlarm approach, flawed as it is, works a >> whole lot better than having no restrictions at all on which >> applications can access the internet. > >Sure, a bit is better then nothing. This ONLY goes if you understand the >limitations and what goes on. Many people don't and think that because >zonealarm offers an option, that that option is safe. It isn't. Exercise three - point out where I said "ZoneAlarm good Linux bad". That's right - I never said that either. In fact I rather think I said the opposite several times. |