Re: secure installation
On Thu, Aug 16, 2007 at 03:42:07PM -0700, Russ Allbery wrote:
> "R. W. Rodolico" <rod@dailydata.net> writes:
>
> > At this point, I disagree. Unfortunately, I have to point to some of the
> > user oriented firewalls you get for windoze (which, to my knowledge,
> > Linux does not have). When they are installed, the shut down basically
> > everything incoming, and all but a few standard outgoing ports (http,
> > smtp, pop and imap). When an application tries to go out of another
> > port, a pop-up informs the user and they can choose to accept, accept or
> > reject, with a "forever" modifier on both, and the firewall changes its
> > rules appropriately.
>
> > For un-informed users, this is a good thing.
>
> Well, I certainly disagree that the pop-up prompts are at all useful or
> offer any real security. Time and time again, studies of user interaction
> with security software have shown that this sort of security interaction
> is essentially useless.
>
> The only thing here that offers any real security protection is the
> default denial of all incoming traffic. And that just returns to my
> previous point, which is that the best and safest way to do that is to not
> listen to network traffic in the first place, rather than installing some
> daemon that listens to network traffic and then turning it off with a
> firewall. It's making the decision in the wrong place, and it's simply
> sloppy security thinking.
that depends. perhaps, if you are going to make potential network servers
that could also have a local use install listening on the loopback only.
so mysql would install listening to the loopback only. perhaps an ftp
server might be a reasonable example of something that could install
as listening on the network.
and if you're going to make it so that clicking on "Home Desktop" or
whatever the option is in tasksel still results in an install that
doesn't listen to the network, then that is at least consistent.
Appealing to the fact that a minimal install has nothing listening
on a network port when a typical desktop install will drag in at
least avahi ...
But really, networks are pervasive and unavoidable. We have to get past
this 80s-style, TSEC-style, black & white way of approaching networks
and come up with something practical.
networks are what people have computers for these days.
air gaps are the exception.
Do ordinary folk really *need* to grok rp_filter ?
Regards,
Paddy
Reply to: