Re: secure installation

To: debian-security@lists.debian.org
Subject: Re: secure installation
From: paddy@panici.net
Date: Fri, 17 Aug 2007 10:30:39 +0000
Message-id: <[🔎] 20070817103039.GA16046@localhost.localdomain>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87y7gbm79c.fsf@windlord.stanford.edu>
References: <[🔎] CPEDKBGBJHLAJMBJNEACKEOAINAA.rvan@ncoastsoft.com> <[🔎] 200708161407.42380.jakykong@theanythingbox.com> <[🔎] 27507.75.11.237.22.1187299117.squirrel@admin.dailydata.net> <[🔎] 87eji3rvnv.fsf@windlord.stanford.edu> <[🔎] 27581.75.11.237.22.1187302167.squirrel@admin.dailydata.net> <[🔎] 87y7gbm79c.fsf@windlord.stanford.edu>

On Thu, Aug 16, 2007 at 03:42:07PM -0700, Russ Allbery wrote:
> "R. W. Rodolico" <rod@dailydata.net> writes:
> 
> > At this point, I disagree. Unfortunately, I have to point to some of the
> > user oriented firewalls you get for windoze (which, to my knowledge,
> > Linux does not have). When they are installed, the shut down basically
> > everything incoming, and all but a few standard outgoing ports (http,
> > smtp, pop and imap). When an application tries to go out of another
> > port, a pop-up informs the user and they can choose to accept, accept or
> > reject, with a "forever" modifier on both, and the firewall changes its
> > rules appropriately.
> 
> > For un-informed users, this is a good thing.
> 
> Well, I certainly disagree that the pop-up prompts are at all useful or
> offer any real security.  Time and time again, studies of user interaction
> with security software have shown that this sort of security interaction
> is essentially useless.
> 
> The only thing here that offers any real security protection is the
> default denial of all incoming traffic.  And that just returns to my
> previous point, which is that the best and safest way to do that is to not
> listen to network traffic in the first place, rather than installing some
> daemon that listens to network traffic and then turning it off with a
> firewall.  It's making the decision in the wrong place, and it's simply
> sloppy security thinking.

that depends. perhaps, if you are going to make potential network servers 
that could also have a local use install listening on the loopback only.
so mysql would install listening to the loopback only. perhaps an ftp
server might be a reasonable example of something that could install
as listening on the network.

and if you're going to make it so that clicking on "Home Desktop" or 
whatever the option is in tasksel still results in an install that 
doesn't listen to the network, then that is at least consistent.
Appealing to the fact that a minimal install has nothing listening
on a network port when a typical desktop install will drag in at 
least avahi ...

But really, networks are pervasive and unavoidable.  We have to get past
this 80s-style, TSEC-style, black & white way of approaching networks
and come up with something practical.  

networks are what people have computers for these days.

air gaps are the exception.

Do ordinary folk really *need* to grok rp_filter ?

Regards,
Paddy

Reply to:

References:
- RE: secure installation
  - From: "Robert Van Nostrand" <rvan@ncoastsoft.com>
- Re: secure installation
  - From: Jack T Mudge III <jakykong@theanythingbox.com>
- Re: secure installation
  - From: "R. W. Rodolico" <rod@dailydata.net>
- Re: secure installation
  - From: Russ Allbery <rra@debian.org>
- Re: secure installation
  - From: "R. W. Rodolico" <rod@dailydata.net>
- Re: secure installation
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: security.debian.org: MD5Sum mismatch
Next by Date: Re: security.debian.org: MD5Sum mismatch
Previous by thread: Re: secure installation
Next by thread: Re: secure installation
Index(es):
- Date
- Thread