mobility and firewall

Rui Tiago Cação Matos tiagomatos at gmail.com
Mon Jun 6 10:20:57 CDT 2005 

From: HC Brugmans <hcbrugmans at gmail.com>
Date: Mon, 06 Jun 2005 16:52:29 +0200

> I have to add that when I switched from windows, being a bit of a power
> user, the ubuntu experience left me feeling naked and vunerable.
> I understood the no open ports policy, and was comforted by the lack of
> threats, but it bugged me greatly that I could not in an easy way check
> up on what was coming in, and what was going out.
>
> The reason for this, is that it was usually my firewall that picked up
> spy/mal-ware, and the occational virus/trojan first.

As far as I'm aware there are no harmful spy/mal-ware or virus/trojan self
replicating things that affect GNU/Linux systems. If you know of any I'd be
glad to know about them too.

> Even at this piont, it'd greatly re-assure me if I could just press a
> key, and my connection details / services / etc would pop up, with an
> ability to lock the system down, etc.

Does a 'sudo netstat -atup' make you more confortable? A default Ubuntu
install doesn't listen on any "outside" ports. Only postfix and cups are
listning on the _loopback_ interface by default.

> I'm aware that this is not a primary goal or function for any firewall,
> but I'd just like to relate to you the story of someone who'd feel
> comforted by the 'zonealam-experience'
>
> On a second piont, this is useful for far more people than just
> laptop-roaming users.
> When I first moved into my dorm, I was amazed to find that the majority
> of occupants in the building (250+) are connected to a single network. I
> could literally browse dozens of p2p sharing folders, and countless my
> documents.
> I don't know anything at all about securing linux on the network, and I
> solved messing about with it and pppoe by buying a router, but this
> would not be an option for everyone.

This doesn't happen on a default Ubuntu install. If you want to offer your
files to others securely you can always install samba server and set it up
accordingly including passwords and such. Unfortunately there is not at
this point any GUI interface to setup a samba server, it's only doable by
editing the configuration file or through SWAT.

> Just another set of user-cases where it'd be useful to be able to keep
> an eye on things.

Sincerily, I think this whole firewall-on-every-desktop-and-laptop idea is
kind of moot and something of a bad habit that Windows has inflicted upon
people. I'm still to be convinced by the way of real use cases where/when
it would be worth to have such a default setup in place.

Software should be written with security in mind (and I'm sure the default
programs Ubuntu ships are) and users just shouldn't have to worry about it
or they will lose much of the fun of using their PCs.

Take care,
Rui

> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20050606/113aaef3/attachment.pgp

More information about the ubuntu-devel mailing list