Re: linux firewall with 2 wireless nics

On 14 Nov 2006, in the Usenet newsgroup, in article
<1163565653.259633.82340@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, CUIllini wrote:

I am behind a linksys router which does provide some security and I not
concerned about other people hacking into my network as I am monitoring
an infected machine on my network.

There are two means to hack into the network. The first is by the
attacker entering via a service you are offering - such as a web, mail,
or file server. The two means of defeating this is to not offer any
unwanted service (a problem with systems that are configured by default
to offer everything because someone _might_ find it useful), and using
_any_ firewall capability to restrict access to those IP addresses that
you specifically want to allow. Your wireless link[s] [is/are] a
potential security hole, for the simple reason that few people bother
to read the manual that comes with the units and actually implement
even rudimentary security. Out-of-box configurations are not secure.
Some so-called "security" features are trivial to defeat/bypass.

The second way to hack in is to have the user invite you - have them
install mal-ware for you. This is the more common attack vector, because
most users are unwilling to take responsibility for their own actions.
Contrary to popular belief, there is no Mal-Ware Fairy that sneaks about
and installs mal-ware when the user isn't looking. The user is the one
doing the installs, either because they have enabled the "install anything
from anywhere" mode in the web browser (which is the only piece of software
they've "learned") and have clicked OK automatically, or have told the
computer to NEVER SHOW THIS WARNING MESSAGE AGAIN. Users don't want to
know anything about the computer or software it runs - because that is
obviously to much work. The number one computer bug is mankind!

My concern is that even though I have tried my best to protect it, it
has been infected with spyware and rootkits.

Why was the mal-ware installed by the users? Two common vectors are the
user installing some Wonderfool Helper Program, so that by clicking on
this icon they get taken directly to their favorite pr0n site or similar,
and their insistence on enabling all scripting and "Special Features" so
they can see the exact shade of crayon that some "friend" used to scrawl
a message and email them - complete with animation and sounds of their
dog chasing a motorcycle. If you need that style of "communication",
get a video phone that is not connected to your computers.

Thus, I really only want to monitor that 1 machine on my netwwork for
strange activity. I would just use a software firewall like ZoneAlarm
on it but, a rootkit can theoretically get past that.

The firewall gets bypassed because the user wants to do something st00pid
and the firewall is either in the way (and gets disabled by the "Allow
This Connection" button), or was never designed to block content.

Thus from my primative understanding of security, the only sure way to
monitor that computers traffic is to do with a separate computer.

Monitor? Yes. But control, that is prevention, is a whole 'nother story.

Old guy

Relevant Pages

  • recovering from hack/trojan
    ... own network and internet connections, ... soon after an install: Keep ... and deleting and/or disabling and/or uninstalling ... or the system file monitor restores them. ...
  • Re: Kubuntu: Screen only goes to 1024 x 768?
    ... Monitor "Monitor0" ... PC somewhere so I can do a proper install and edit the file. ... When I try to make network connections via System Settings | ... Can't find anything explicitly SMB or NFS in the Adept Installer, ...
  • Re: Monitor loses signal during install (was Re: Burning ISOs with Roxio)
    ... If yon can stick a network card in this ... > I swapped out the CD-ROM drive and managed to get RedHat 7.1 to install in ... > monitor started clicking at what I assume was the end, ...
  • Trouble installing Network Monitor
    ... Have a trial version of Windows 2003. ... Am trying to install the Network ... Monitor to track down why mapped drives continually get disconnected only on ...
  • Re: Windows cannot find C: (doc) Make sure you typed the name cor
    ... default printer back to my brother network printer. ... Cannot be removed- message "The connected state of Office Add-ins ... uninstall the printer driver, and then install the latest version of ... from Outlook email - it opens a blank page in Word 2007 and you ...