Re: linux firewall with 2 wireless nics
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Wed, 15 Nov 2006 13:57:50 -0600
On 14 Nov 2006, in the Usenet newsgroup comp.security.firewalls, in article
<1163565653.259633.82340@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, CUIllini wrote:
I am behind a linksys router which does provide some security and I not
concerned about other people hacking into my network as I am monitoring
an infected machine on my network.
There are two means to hack into the network. The first is by the
attacker entering via a service you are offering - such as a web, mail,
or file server. The two means of defeating this is to not offer any
unwanted service (a problem with systems that are configured by default
to offer everything because someone _might_ find it useful), and using
_any_ firewall capability to restrict access to those IP addresses that
you specifically want to allow. Your wireless link[s] [is/are] a
potential security hole, for the simple reason that few people bother
to read the manual that comes with the units and actually implement
even rudimentary security. Out-of-box configurations are not secure.
Some so-called "security" features are trivial to defeat/bypass.
The second way to hack in is to have the user invite you - have them
install mal-ware for you. This is the more common attack vector, because
most users are unwilling to take responsibility for their own actions.
Contrary to popular belief, there is no Mal-Ware Fairy that sneaks about
and installs mal-ware when the user isn't looking. The user is the one
doing the installs, either because they have enabled the "install anything
from anywhere" mode in the web browser (which is the only piece of software
they've "learned") and have clicked OK automatically, or have told the
computer to NEVER SHOW THIS WARNING MESSAGE AGAIN. Users don't want to
know anything about the computer or software it runs - because that is
obviously to much work. The number one computer bug is mankind!
My concern is that even though I have tried my best to protect it, it
has been infected with spyware and rootkits.
Why was the mal-ware installed by the users? Two common vectors are the
user installing some Wonderfool Helper Program, so that by clicking on
this icon they get taken directly to their favorite pr0n site or similar,
and their insistence on enabling all scripting and "Special Features" so
they can see the exact shade of crayon that some "friend" used to scrawl
a message and email them - complete with animation and sounds of their
dog chasing a motorcycle. If you need that style of "communication",
get a video phone that is not connected to your computers.
Thus, I really only want to monitor that 1 machine on my netwwork for
strange activity. I would just use a software firewall like ZoneAlarm
on it but, a rootkit can theoretically get past that.
The firewall gets bypassed because the user wants to do something st00pid
and the firewall is either in the way (and gets disabled by the "Allow
This Connection" button), or was never designed to block content.
Thus from my primative understanding of security, the only sure way to
monitor that computers traffic is to do with a separate computer.
Monitor? Yes. But control, that is prevention, is a whole 'nother story.
- Prev by Date: Multiple Public Ip address on one physical interface
- Next by Date: Re: D-Link DFL-700 Firewall Router - I'm impressed
- Previous by thread: Re: linux firewall with 2 wireless nics
- Next by thread: Configuring DMZ