on Thu, Apr 28, 2005 at 02:07:32PM -0700, Karsten M. Self (kmself@xxxxxxxxxxxxx) wrote: > on Wed, Apr 27, 2005 at 09:53:59AM -0300, Stephen Downes (stephen@xxxxxxxxx) wrote: > > Yishay Mor wrote: > - Clean network profile. As noted above, you'll have to install any > services you want to run, SSH among them. One consequence is that > there is no firewall configured or installed by default, > rationalized by the lack of listening services. Re-reading this, I realized that this is a good place to mention a suggestion of Don Marti's (Linux Journal's editor): autoconfigured firewalls based on installed and/or running services. Don laid out the basic scheme in a linux-elitists post: http://zgp.org/pipermail/linux-elitists/2005-April/011145.html [linux-elitists] Integrating the firewall and the package manager? Don Marti dmarti at zgp.org Tue Apr 12 11:28:06 PDT 2005 Problem: malware can spread without getting root. Solution: Solution? What is this, a banner for a tradeshow booth? There are no "solutions", just extra hops on the attack path. I think it's possible to combine the problem of setting up local firewall rules with the easier problem of using the package manager correctly. Basically, the system boots up with all tables default DROP. Then, when any daemon starts, its init script is responsible for setting up any rules necessary for it to do its job. If you start a local-only daemon, the script should be smart enough to parse the daemon's config file and only allow traffic that the daemon will. If you set up an MTA with a smarthost, the script should be smart enough to allow outgoing port 25 only to the smarthost. This would be a great value-add for distros, and something a policy-based, APT-managed distro could do quite readily. There's discussion of some of the obvious implications / concerns in the list followup, but I think the basic idea is really sound. Peace. -- Karsten M. Self <kmself@xxxxxxxxxxxxx> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? The black hat community is drooling over the possibility of a secure execution environment that would allow applications to run in a secure area which cannot be attached to via debuggers. - Jason Spence, on Palladium aka NGCSB aka "Trusted Computing"
Description: Digital signature