Re: debian users ( what do people think of interactive desktop security as in an interactive firewall and )

On 2006-11-16, AM Christophe <xxxx@xxxxxxxxxxx> wrote:


home.home1@xxxxxxxxxx wrote:
I like the idea of personal firewalls

Something like 'let application XX uses port YY when user ZZ run it' is cool
for personal security.

If one port is open, as long as it is not under 1024, any other applications
can use it at present. Am I wrong?


On a default Linux setup any user can open a port above 1024. The Linux
firewall does allow rules based on userID. I don't know about process
name. Capabilities sound an interesting way of approaching this. That
would be process based and much like Microsoft's new Dot-Net-2 permissions
system (and probably just as hard to administer). In a capabilities
based system both user and application will need networking permission.

I can imagine a suitable user interface to administer application
capabilities. Things is you'd want to default to deny if you want to
be secure, and people are afraid to do that as forcing users to turn
capabilities on is "User Unfriendly". Microsoft's new tools in Vista
have come under fire and they don't seem that strict - no more strict
than the current Linux systems which are user permission based.

We get situations where people just turn off the security so as not to
be bothered. Anyway - if you're running an ICQ client or whatever then
you're running an ICQ client. It's useless without connectivity. If you
don't want it listening, then don't run it. It's only nefarious things
you have to be aware of. Then network monitoring and user education
would be needed.

- Richard

--
_/_/_/ _/_/_/ _/_/_/ Richard Corfield <Richard.Corfield@xxxxxxxxx>
_/ _/ _/ _/
_/_/ _/ _/ Time is a one way street, .
_/ _/ _/_/ _/_/_/ except in the Twilight Zone 3^
.

Relevant Pages

  • Re: FW: Legal? Road Runner proactive scanning.[Scanned]
    ... By this act you give permission ... The port they send to does not make a difference as far as ... Attaching a host to the internet is like opening your business ...
    (Security-Basics)
  • Re: File permissions for a wiki-like site
    ... A smart host will make users members of the group owned by the Apache server. ... Then you can use 660 and be accessible by the owner and the web server, ... Port 80 just happens to be the default port for the http: ... which needs x permission). ...
    (comp.lang.php)
  • Re: ADP: Cant use stored procedure on remote SQL server
    ... No other port need to be open. ... permission issue here or that ADP have a problem opening some background ... "Run-time error '2812' Could not find stored procedure 'SPInc'. ...
    (microsoft.public.access.adp.sqlserver)
  • RE: App. unable to open network ports
    ... Try using filemon & regmon from Sysinternals to determine which objects users need permission to. ... Microsoft MVP - Terminal Server ... the ports, the system is unable to do so and marks each port with an 'X' ...
    (microsoft.public.win2000.termserv.apps)
  • Re: Question -- Running Programming Python Examples
    ... Preview chapter of "Progamming Python" to run? ... You need special permission to open any of the ... So either kill off the web server that has port 80 opened, ... I'm running linux. ...
    (comp.lang.python)