Re: Please enable firewalls by default on Linux distributions
From: Erik Aronesty (erik@zoneedit.com)
Date: 03/10/03
- Next message: David: "Re: How can I protect my Redhat Linux Webserver"
- Previous message: ynotssor: "Re: Please enable firewalls by default on Linux distributions"
- In reply to: al_dav: "Re: Please enable firewalls by default on Linux distributions"
- Next in thread: Andreas Happe: "Re: Please enable firewalls by default on Linux distributions"
- Reply: Andreas Happe: "Re: Please enable firewalls by default on Linux distributions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: erik@zoneedit.com (Erik Aronesty) Date: 10 Mar 2003 11:03:44 -0800
> having a firewall does not help if the user is stupid enough.
It helps a little if their stupid enough to leave it on.
> If the users are leaving all the services open they will probably just
> switch off the default firewall anyway because they will just see it as a
> problem to maintain.
Users won't know even how to turn it off, or care about it at all as
long as it doesn't stop them from surfing and running a crappy weblog
off their DSL.
> a user who does not understand or care about security cant be forced to.
If the edge routers and cable modems didn't support spoofing, it would
be impossible to mount a sustained DDOS attack. Even if you
compromised the security of the home PC's.
> most companies have strict control at a higher level so does not concern end
> users home users will learn the hard way :-)
No, you and I will learn the hard way when your network is DDOS'ed.
The home-PC user will just get mildly annoyed as the Earthlink tech
coaches him through some trojan removal. Then he can go back to
IM'ing his friends about how it was kindof cool that his machine was
one of the ones used to bring down Yahoo! over the weekend.
> just my 2 Cents worth
OS'es and routers come with security installed to prevent users from
logging in as root or admin or whatever, and limits to prevent them
from abusing memory and disk space, but almost nothing to prevent a
low-level guest user from r00ting someone else's PC and consuming all
available bandwidth.
Kindof short-sighted.
I think it'll take a lawsuit to convince the OS and router vendors
that they need better defaults.
I was kindof hoping that with Linux I'd be preaching to the choir.
It'd be trivial to include a decent-if-minimalist
/etc/sysconfig/ipchains(tables) with default distributions. Something
simple that just prevents source spoofing and syn floods, and has some
commented out examples.
P.S.:
Linux boxes are almost never used to attack other Nets. It's
Microsoft that will get hit with lawsuits-if-any. Some large Net
suffering from an attack will notice that Microsoft, though
negligence, hasn't the security on home PC OS's in a decade.
- Next message: David: "Re: How can I protect my Redhat Linux Webserver"
- Previous message: ynotssor: "Re: Please enable firewalls by default on Linux distributions"
- In reply to: al_dav: "Re: Please enable firewalls by default on Linux distributions"
- Next in thread: Andreas Happe: "Re: Please enable firewalls by default on Linux distributions"
- Reply: Andreas Happe: "Re: Please enable firewalls by default on Linux distributions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
