Re: firewall package for laptop wi-fi client

To: debian-user@lists.debian.org
Subject: Re: firewall package for laptop wi-fi client
From: Camaleón <noelamac@gmail.com>
Date: Mon, 24 Jan 2011 19:30:10 +0000 (UTC)
Message-id: <[🔎] pan.2011.01.24.19.30.10@gmail.com>
References: <[🔎] 20110103095545.GB3539@rlharris.org> <[🔎] 4D21B2D9.3050501@googlemail.com> <[🔎] 20110104111906.GK6404@think.homelan> <[🔎] 20110104093152.46997afrbqyd622o@mail.kalinowski.com.br> <[🔎] 20110104225514.GD2997@think.homelan> <[🔎] 20110105094938.422675hp301k9hxc@mail.kalinowski.com.br> <[🔎] 20110105205427.GK2997@think.homelan> <[🔎] 20110106091228.62212kmd5i5gjhj4@mail.kalinowski.com.br> <[🔎] 20110107181857.GA3162@think.homelan> <[🔎] 20110107162316.156747g2ggxlzwus@mail.kalinowski.com.br> <[🔎] 20110107185344.GG3162@think.homelan> <[🔎] pan.2011.01.07.19.51.59@gmail.com> <[🔎] AANLkTikx60ahFKFcVKRR68CzmwfsKeR1kQRYOU964NQ-@mail.gmail.com>

On Mon, 24 Jan 2011 01:17:55 +0200, Eero Volotinen wrote:

>> Open wifi hot-spots (or open networks) are dangerous because all your
>> "neighbors" can represent a potential security risk (they have
>> "physical" access to your machine), meaning that you should enforce
>> your computer firewall rules to treat all of the LAN computers as
>> "untrusted" hosts which BTW is not the normal behavior of a firewall
>> (in a LAN environment, internal hosts are the "good" guys and rules are
>> relaxed for the whole LAN machines).
> 
> Do you really trust your hosts at lan network? It's a dangerous way.
> There can be hackers, viruses inside your lan network also..

In my lan, at work/home? Sure! I designed it from scratch (bought the 
cables, designed the network structure, configured the hosts/firewalls/
gateways, defined computers security and enforce a strict policy for the 
users). Every computer/device that is connected to the wires is being 
monitored. Incoming wifi AP connections fall into another (separated) 
network.

Can't say the same for open networks or other company's network (wireless 
or wired). Open wireless hot-spots add additional monitoring complication 
(you don't only have to control unexpected visitors coming from anywhere 
but you depend on the client/user setup -which most of the time 
translates into easy attacks from hijackers who search for indefense/
unprotected computers and use them to run the attack, making the original 
source even more difficult to find).

Greetings,

-- 
Camaleón

Reply to:

References:
- Re: firewall package for laptop wi-fi client
  - From: "Russell L. Harris" <rlharris@broadcaster.org>
- Re: firewall package for laptop wi-fi client
  - From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
- Re: firewall package for laptop wi-fi client
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: firewall package for laptop wi-fi client
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
- Re: firewall package for laptop wi-fi client
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: firewall package for laptop wi-fi client
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
- Re: firewall package for laptop wi-fi client
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: firewall package for laptop wi-fi client
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
- Re: firewall package for laptop wi-fi client
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: firewall package for laptop wi-fi client
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
- Re: firewall package for laptop wi-fi client
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: firewall package for laptop wi-fi client
  - From: Camaleón <noelamac@gmail.com>
- Re: firewall package for laptop wi-fi client
  - From: Eero Volotinen <eero.volotinen@iki.fi>

Prev by Date: Re: Cannot turn on bell in xterm
Next by Date: Re: java 5 in squeeze
Previous by thread: Re: firewall package for laptop wi-fi client
Next by thread: Re: firewall package for laptop wi-fi client
Index(es):
- Date
- Thread