Linked by Igor Ljubuncic on Mon 21st Jun 2010 09:35 UTC
Privacy, Security, Encryption I've bored the readers of my personal website to death with two rather prosaic articles debating the Linux security model, in direct relation to Windows and associated claims of wondrous infections and lacks thereof. However, I haven't yet discussed even a single program that you can use on your Linux machine to gauge your security. For my inaugural article for OSNews, I'll leave the conceptual stuff behind, and focus on specific vectors of security, within the world of reason and moderation that I've created and show you how you can bolster a healthy strategy with some tactical polish, namely software.
Thread beginning with comment 430891
To read all comments associated with this story, please click here.
insecurity
by xaeropower on Mon 21st Jun 2010 13:50 UTC
xaeropower
Member since:
2005-12-16

"Well, firewall seems like the best single solution overall."

Firewall won't save you from anything by itself and the only meaningful reason of using fws is when certain hosts need access to certain service. On a workstation you can pretty much disable/remove every network daemon like ssh, apache, mysql etc. or if you need them to develop stuff then just bind them to localhost.

"It's useful and sometimes rather necessary. Anti-virus and malware scanners are definitely not needed."

Then why do you even mention them? Most of the linux AVs were made for mail gws or to scan fileservers and their detection rate is far worst than what their windows version can offer. Except clamav because thats crap on both. If you would have to write a list which av is the worst clamav would be somewhere on top.

You should've rather write about rootkit detectors like: http://www.chkrootkit.org/


One of the best nix sec guide I read in the past (good for workstations too) was this one, unfinished unfortunately:

http://slackware.asmonet.net/index.php?dzial=artykuly&p=5

Edited 2010-06-21 13:54 UTC

Reply Score: 1

RE: insecurity
by Soulbender on Mon 21st Jun 2010 15:07 in reply to "insecurity"
Soulbender Member since:
2005-08-18

Firewall won't save you from anything by itself


Yes, I agree. I really don't see much point in packet filters on workstations. Either you want to run a certain daemon and then it needs open ports or you don't and you just don't run it. If daemons are running with listening ports that shouldn't either you screwed up or your distro is fundamentally broken.

Except clamav because thats crap on both.


I'd have to disagree, in my experience it's quite capable at mail scanning. Sure beats most the Windows junk AV's.

Reply Parent Score: 2

RE: insecurity
by fewt on Mon 21st Jun 2010 15:20 in reply to "insecurity"
fewt Member since:
2010-06-09

Firewall won't save you from anything by itself and the only meaningful reason of using fws is when certain hosts need access to certain service. On a workstation you can pretty much disable/remove every network daemon like ssh, apache, mysql etc. or if you need them to develop stuff then just bind them to localhost.


A local firewall is very useful, even on a Linux computer when it's directly connected to the internet (home, free public WIFI, etc).

There are a lot of network based attacks that computers without firewalls are vulnerable to.

man in the middle attacks, spoofing, etc. It also keeps ports that shouldn't be exposed to the internet away from the internet.

Reply Parent Score: 1

RE[2]: insecurity
by xaeropower on Mon 21st Jun 2010 18:32 in reply to "RE: insecurity"
xaeropower Member since:
2005-12-16

"Sure beats most the Windows junk AV's"

I don't think that any antivirus company even consider clamav as a competitor or care to share samples with them this is the reason why their signature db is nowhere compared to the "junk avs" you mentioned. My experience is that clamav not just gets sigs for a certain malware later but it doesn't have a signature from 10/8 files.

"There are a lot of network based attacks that computers without firewalls are vulnerable to.
man in the middle attacks, spoofing, etc."

I don't see how firewall would help you in a MITM attack. There is a publicly available tool called ZXARPS which is able to intercept/change traffic between hosts in the same broadcast domain (eg between yout laptop and default gateway), try to defend your box against that with iptables ;)

"It also keeps ports that shouldn't be exposed to the internet away from the internet. "

The thing is that you are almost always behind a NAT device whether you using your laptop in a corporate network or just at home behind a dsl router but don't get me wrong having a firewall in situations where you for example have a samba server running on your laptop what you need to access when you are home is ok.
Using premade firewall rulesets however what the user in many cases don't understand and probably just an "input only" ruleset doesn't help much.

Reply Parent Score: 1

RE[2]: insecurity
by rexstuff on Mon 21st Jun 2010 18:50 in reply to "RE: insecurity"
rexstuff Member since:
2007-04-06

There are a lot of network based attacks that computers without firewalls are vulnerable to.

man in the middle attacks, spoofing, etc.


What?!? How exactly does a firewall mitigate man in the middle attacks or spoofing? That's just silly.

Reply Parent Score: 2

RE: insecurity - SSH is a must for workstations
by jabbotts on Mon 21st Jun 2010 17:07 in reply to "insecurity"
jabbotts Member since:
2007-09-06

For workstations and even home personal machines; SSH is a must for me. I can manage, and have, my home machines from anywhere in the world with a network connection; safely. If you support client/family/friend machines then SSH can save you a house call.

Not to mention, copy files between machines safely, provide ad-hoc secure proxy when away from home, provide network shares with real security rather than CIFS/Samba's leaky credential management.

Even if SSH wasn't so wonderfully useful, I'd still recommend firewall rules if only to detect port scanning and other network oddities. If it has a network connection, it should have a firewall in place.

Reply Parent Score: 3

Soulbender Member since:
2005-08-18

Even if SSH wasn't so wonderfully useful

Yep, SSH is awesome.

I'd still recommend firewall rules if only to detect port scanning and other network oddities.


Why bother? If you're connected to the internet you're going to get port scanned and probed. It's a fact, you don't need a packet filter to tell you that.
Heck, you're probably getting scanned and probed so often that that logs will be too big to be useful.

If it has a network connection, it should have a firewall in place.

Firewalls are over-rated, both on workstations and standalone gateways.

Off-topic but this is especially common in corporate environments where many managers seem to think that firewalls (especially Cisco ones) are magic amulets that will protect you from all evil.

Reply Parent Score: 2