The Fine Print: The following comments
are owned by whomever posted them.
( Reply )
|
Re: linux junky
by Matthew Trump on Friday 03/May/2002, @07:41
|
You're absolutely right. This is the approach which
<a href="http://www.smoothwall.org>smoothwall</a> uses: keep what's running on the firewall to a minimum.
--m--
|
[
Reply To This | View ]
|
Re: linux junky
by Josh on Friday 03/May/2002, @16:57
|
Smoothwall is probably higher assurance and less vulnerable than Guarddog. Smoothwall is fine if you can support it yourself. If you can't, then you'll probably run into Richard Morrell or one of his minions. Freshmeat has some choice comments about Smoothwall support...even the paying customers get crapped on, while GPL users are beneath dirt.
http://freshmeat.net/projects/smoothwall/?topic_id=253 (scroll down to messageboard)
If you just need to block portscans and script kiddie attacks, then Guarddog is sufficient for what you need. Simon on the other hand has been very helpful in the give and take with the KDE community. Thanks Simon!
|
[
Reply To This | View ]
|
|
Re: linux junky
by Christian A Strømmen [Number1/NumeroUno] on Friday 03/May/2002, @07:45
|
You're missing the point.. This is about having a firewall on a normal desktop workstation. Also, the script that it generates can be used on other machines.
|
[
Reply To This | View ]
|
Re: linux junky
by Simon Edwards on Friday 03/May/2002, @07:55
|
You could run a firewall along side the window manager to block the extra ports. .. ;-)
--
Simon
|
[
Reply To This | View ]
|
Re: linux junky
by Chad Kitching on Friday 03/May/2002, @14:48
|
Or you just tell X and kdm/xdm not to listen on a TCP/IP port, and you're just as safe as not running X. The "-nolisten tcp" command line will prevent XFree86 from opening TCP (all communication will be done via UNIX domain sockets instead).
|
[
Reply To This | View ]
|
Re: linux junky
by Michael on Tuesday 07/May/2002, @04:30
|
> and you're just as safe as not running X.
No you aren't.
Precisely because by running applications on the firewall you
risk bugs in those applications compromising that machine.
2 examples
a) Using them to connect to the internet and some untrusted data compromising
the application (consider a bug in, say, konqueror that was exploited
by visiting a site, or a bug in mozilla that was compromised by reading
an email)
b) Having them used by a successful exploit to a normal user account to gain
higher privileges - plenty of old exploits have exercised bugs in XFree to
do this.
Bugs like these on a desktop / firewall using the same machine compounds the
damage - precisely why best practise would recommend running services / applications
off the firewall and running the minimum on the firewall (certainly
not using it at a desktop with all your personal data / passwords etc on it)
|
[
Reply To This | View ]
|
|
Re: linux junky
by fault on Sunday 05/May/2002, @15:07
|
Why should it matter? A firewall would block those open ports from usage anyways.If it doesn't, it's not a firewall.
Besides, if you are uncomfortable with this, just copy the guarddog-generated script from your desktop computer to your firewall.
|
[
Reply To This | View ]
|
The Fine Print: The previous
comments are owned by whomever posted them.
( Reply )
|
![[KDE Dot News]](http://www.kde.org/dot/Images/kdedotnews.gif)
