Re: Safety while network install.
Big thanks, Bob, for Your extended answer:
>The only external remotely accessible service available in the
>installer kernel are ICMP services such as ping. AFAIK. You can ping
>the system. Ping is a very useful diagnostic tool and is not
>disabled. The network code responding to ping is in the kernel. In
>times past there have been denial of service exploits by sending
>crafted ping packets that exploited a vulnerability. Years ago it was
>possible to crash a system remotely by sending a specially crafted
>ping-of-death packet. The previous exploits were denial of service
>attacks by crashing the kernel. But if the installer crashed you
>would know it. You would be unable to complete the installation and
>would not have a security vulnerability later.
>
>Those old vulnerabilities have since been fixed and are no longer a
>problem. But that is the type of attack that we still need to worry
>about on the system when installing because the kernel used is the one
>included with the installer image and it should be new enough to avoid
>any known problems.
Also it can be asked for pinging options such as which address can ping
for example - to reduce the possibility of attack in the future kernel
releases.
>Installing on a private network behind a firewall is a very good idea.
>I dare to say that most users operate from a private network these
>days. In the old days most universities and corporations had public
>IPv4 space. But IPv4 space is used up now and in short supply. These
>days most networks operate behind a NAT (network address translation)
>box that connects them to the larger Internet that uses one address
>externally but different addresses internally. To be clear, boxes
>such as a Linksys WRT54GL and similar from Netgear, D-Link, others.
>Boxes that connect to a cable modem or DSL and then provide a private
>RFC1918 network space in the 10.* or 192.168.* network behind them.
>Those boxes provide a firewall preventing incoming connections from
>the hostile Internet. Those firewall-router boxes prevent incoming
>ping and other packets from connecting to devices on the local private
>network. The NAT firewall-router box protects the local private
>network from external attack.
This is really a good thing as long as the routers have firewall - some
can buy it just for single IP sharing (just like hubs) rather than for
any protective stuff. So though people become more "routed" (using
routers more and more) it is not necessarily means they stay protective
just because of that - IMO.
>Installing a system on such a private network is a good idea because
>in that case even if the installer's kernel were vulnerable to a
>remote network exploit then that exploit could not be exploited
>because the firewall between the local private network and the hostile
>Internet would prevent the attack vector. The installer would run and
>install to completion. The installer will install the latest security
>upgrades available onto the target system. The installer will reboot
>into the target system. After the reboot the installed system will be
>running the latest available kernel. There won't have been a way for
>a remote attacker to crack into the system.
My pondering/suggestions here:
1. You agree that it is a good thing to be firewalled for the being
installed system - so in case there is no firewall already for it, then
it would be still good to have one in the install environment.
2. When the the system has its first reboot, and since then, it would
be a good thing to have a all net incoming requests for service to be
blocked by default - for: a) there are now services listening (at least
Debian likes to install exim, for example, but not limited to), b)
novice users may have no idea on firewall configuration or linux usage
at all, and therefore, making such important - I would say - default
settings just would add more security features to the already secure
name of Debian.
Reply to: