Re: End-user laptop firewall available?
On 12/08/2013 07:05 PM, Jordon Bedwell wrote:
> On Sun, Dec 8, 2013 at 11:01 AM, Riku Valli <riku.valli@vallit.fi> wrote:
>> On 12/08/2013 02:44 PM, Volker Birk wrote:
>>> On Sun, Dec 08, 2013 at 01:36:36PM +0100, Frédéric CORNU wrote:
>>>> What about the possibility of a malicious piece of software
>>>> beeing installed and starting listening to incomming connections
>>>> without the knownledge of the system user ?
>>>
>>> What about the possibility of a malicious piece of software
>>> running in the kernel?
>>>
>>> What about the possibility of a malicious piece of software
>>> running in an hypervisor below the kernel?
>
>> Malicous piece of software with root privileges. My guess, you are lost.
>
> More so if it's at the hypervisor level because you can't do anything
> to stop that and you couldn't even detect it, protect from it or
> anything, the hypervisor is the boss and it can do what it wants, and
> you are the guest so you have to play by the houses rules.
>
Thats true, but if we speaking about firewall rules. Every rule where
source, destination or ports are any means at rule and firewall is most
in cases a useless and this is true most in time a laptop/desktop.
When somebody gain root access via vulnerability and this kind of rule.
Hs/she owns your host and firewall.
Normal Debian installation uses only avahi/mdms port udp 5353. Others
example cups listen only localhost, but most of users install sshd which
isn't intalled default. Exim ask which kind configuration, but default
is listen only localhost. That is what tasksel offer at default
installation.
<sarcasm>
If you don't trust your own host. I recommed use snort, aide, policykit
or selinux or apparmor and audit at least with you firewall :)
</sarcasm>
BR, Riku
Reply to: