mobility and firewall
Ivan Krstic
krstic at hcs.harvard.edu
Mon Jun 6 21:38:17 CDT 2005
Scott Robinson wrote:
> any open ports are the result of either a user or an
> administrator specifically requesting it. So we're left with that
> dichotomy: user and administrator.
Precisely. I noted this a few messages back, but my last message was
aimed at the contingent that insists having some clever iptables policy
would magically make all machines more secure by default, which is
nonsense.
> http://0pointer.de/lennart/projects/fieryfilter/
Interactive personal firewalls are a non-solution. Plenty of anecdotal
evidence shows that users who are not technologically savvy quickly
become conditioned to hitting 'Allow' whenever the firewall dialog pops
up. Case in point -- look carefully at this FieryFilter screenshot:
http://0pointer.de/lennart/projects/fieryfilter/screenshots/fieryfilter-0.4-connection.png
One way this could have come up would be if the user went into the
'Adjust Date & Time' dialog in GNOME, then clicked the button to
synchronize his clock with an Internet server. Immediately, the dialog
from the above screenshot pops up. Now, from the point of view of that
user, what does the dialog tell you?
- UDP: huh?
- Port 123: huh?
- ntp: huh?
- eth0: huh?
- ID: huh?
- broadcast: huh?
It tells a regular user nothing. It's useless. Colin Walters talked
about this "deadly interactivity" at GUADEC in his SELinux session -- he
had a cute screenshot of OpenBSD's systrace control mechanism to prove
his point. The bottom line is simple. If we build a firewall solution,
it shouldn't rely on the user knowing all three volumes of Stevens by
heart. In fact, the user shouldn't even know the firewall is there,
unless she's interested.
-IK
More information about the ubuntu-devel
mailing list