Re: debian users ( what do people think of interactive desktop security as in an interactive firewall and )
- From: Richard Corfield <Richard.Corfield@xxxxxxxxx>
- Date: Thu, 16 Nov 2006 23:10:09 GMT
On 2006-11-16, AM Christophe <xxxx@xxxxxxxxxxx> wrote:
I like the idea of personal firewalls
Something like 'let application XX uses port YY when user ZZ run it' is cool
for personal security.
If one port is open, as long as it is not under 1024, any other applications
can use it at present. Am I wrong?
On a default Linux setup any user can open a port above 1024. The Linux
firewall does allow rules based on userID. I don't know about process
name. Capabilities sound an interesting way of approaching this. That
would be process based and much like Microsoft's new Dot-Net-2 permissions
system (and probably just as hard to administer). In a capabilities
based system both user and application will need networking permission.
I can imagine a suitable user interface to administer application
capabilities. Things is you'd want to default to deny if you want to
be secure, and people are afraid to do that as forcing users to turn
capabilities on is "User Unfriendly". Microsoft's new tools in Vista
have come under fire and they don't seem that strict - no more strict
than the current Linux systems which are user permission based.
We get situations where people just turn off the security so as not to
be bothered. Anyway - if you're running an ICQ client or whatever then
you're running an ICQ client. It's useless without connectivity. If you
don't want it listening, then don't run it. It's only nefarious things
you have to be aware of. Then network monitoring and user education
would be needed.
_/_/_/ _/_/_/ _/_/_/ Richard Corfield <Richard.Corfield@xxxxxxxxx>
_/ _/ _/ _/
_/_/ _/ _/ Time is a one way street, .
_/ _/ _/_/ _/_/_/ except in the Twilight Zone 3^
- Prev by Date: Re: OK, You guys are pretty smart. This is not LINUX, but Network:
- Next by Date: Re: how to read nonstandard CD format?
- Previous by thread: Trouble with Centron?
- Next by thread: Re: debian users ( what do people think of interactive desktop security as in an interactive firewall and )