[PLUG] VNC, SSH, and iptables [was: Transfering mozilla mail and newsgroup settings fromlinux to windows]

Craig Ringer craig at postnewspapers.com.au
Sun May 9 23:53:31 WST 2004


On Sun, 2004-05-09 at 23:26, Cameron Patrick wrote:

> Running a firewall is a simple way of achieving a policy of, "no
> services listening to the outside world except for the ones I
> specifically allow".  This is a sensible thing to do on most
> internet-connected client machines.

I do think a default firewall is very bad for usability, as there's
little or no user feedback when access is blocked. I've seen users have
considerable trouble with this. 

The other issue is that with desktops, users will generally manage to
install nasties that could easily disable/bypass a local firewall if
they need to, so it's not much good for protection against
spyware/trojans/backdoors. Not such an issue for Linux boxes yet, but
just you wait - if there's any success as a desktop platform, the
trojans and spyware will follow.

Also, as James notes (if I understand correctly), a host should really
be locked down by default, such that a firewall should be of little or
no benefit.

That said, I think that _for_ _that_ _reason_, a default firewall is a
wise extra layer. Make it secure by default. Just like many other
security precautions, the user can turn this off if they need to, but to
do so they will need to be aware of that need, and hopefully more aware
of the consequences. 

> | That is, they trust their software vendor to configure their
> | firewall properly. Yet, it would seem to be the lack of vendor
> | trustworthiness that leads to the perceived need for firewalls in
> | the first place.
> 
> That's a valid point, and indeed I believe that one of the recent MS
> Windows worms propagated (amongst other ways) through a flaw in a
> Windows firewall product.

OTOH, with a default firewall the attacker must find _two_ holes - one
in the firewall, and one in a service. The service must also be running
and listening in the first place.

> I think the point was that running "xhost +" on a machine with a
> firewall would have the effect of allowing arbitrary local connections
> to the X server but not allowing connections from arbitrary hosts on
> the Internet (unless the firewall was also disabled), and that this
> would is desirable behaviour.

Actually, on many default Linux installs XFree86 is run with -nolisten
tcp by default (no listening services by default being generally wise),
so xhost + would at worst expose you to attacks from other local users.
That doesn't make it smart, of course, just slightly less awful.

[more snipped]

Craig Ringer




More information about the plug mailing list