[clug] Are outgoing firewalls of any use?
Alex Satrapa
alexsatrapa at mac.com
Tue Jun 30 07:32:56 GMT 2009
On 30/06/2009, at 16:52 , Francis Markham wrote:
> Is there any point in having desktop outgoing firewalls? They are
> common-place on Windows, but are generally considered unnecessary for
> desktop linux.
I prefer sticking to the rule of, "if it's not specifically allowed,
it's denied." As such, I use the FireHOL firewall builder. This
prevents a machine that is compromised by an insecure account being
used as an IRC relay, for example, unless the attacker gains root
privileges and takes the firewall rules away.
It's also worth making sure that you turn on "AllowUsers" in the SSH
configuration, to prevent people logging in using eg: the "printer"
account (how the printer account ever got a password is still a
mystery), which is how one attacker ended up getting access to a
machine of mine =(
The lessons we learn from the mistakes we make, hey?
"Outgoing" firewalls are certainly useful for containing damage, or
shutting up stupid software (no, MS Office, I really don't want you
advertising to the world that you're sitting here waiting to be
exploited). They can also be useful for helping you learn just how
protocols work (eg: the amount of fiddling required to get ZeroConf/
mDNS working through a firewall is an enlightening experience).
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 220 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/linux/attachments/20090630/a788c9b7/PGP.bin
More information about the linux
mailing list