Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Sep 2000 18:31:31 -0400
From:      Bill Moran <wmoran@columbus.rr.com>
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: firewall rules for applications
Message-ID:  <39BD5D43.9231594B@columbus.rr.com>
References:  <200009112201.SAA26880@misha.privatelabs.com>

next in thread | previous in thread | raw e-mail | index | archive | help
mi@aldan.algebra.com wrote:
> 
> I wonder how feasible would it be to implement firewall rules
> that would take into consideration the program (on the local machine)
> sending/receiving the packets. I know, I can now base the rules on
> the user/group id, but I may want to go further.

Technically, this is what ports are for. Port 80 is for http, 23 for
telnet, etc.
In a better world, this would be all that's needed. But ...

> Identifying a program to the kernel may not be simple -- perhaps a
> regexp of the executable's name or an md5 of the /proc/file? Or the
> executable's (or script's) inode-filesystem?

If I understand it correctly, this is what they're trying to do with
certificates.

> I just read a description of a Windows product, that attempts to fight
> software offered by sneaky vendors, that tries to contact the vendor
> over the Internet to send back user's data. The blocking software,
> supposedly, blocks applications from accessing certain sites. This is
> not an immediate problem for FreeBSD, but...

Why not prevent the user from installing the trojan to begin with
(that's basically what that is)
Fact is ... as long as people think they can use computers without
knowing anything about them, they'll be open to this kind of attack. You
can put all the software guards in place you want, but if they fall for
the old "I'm from Compuserve support and we're having some trouble with
your account. If you'd just give me your password we can straighten
everything out."
You may laugh, but remember that most security holes are "socially
engineered" The untrained security guard that falls for some lie or
another. Or just someone who's become complacent because they haven't
had any trouble ever before. I used to laugh when I worked at Bank One
because they made such a big deal about network security. Meanwhile,
they were having hundreds of laptops stolen each month because the
building I worked in was so insecure. Anyone could just walk in. If you
could break in and steal a laptop, how much harder would it be to break
in, get to the server room or something like that.
The best security will always be trained individuals who are paranoid.

(Self employed: The opinions expressed here do not reflect those of my
employer)

--
FreeBSD ('BSD'):
No battles to the death are recalled. It is a small Daemon wearing
sneakers. It
is normally found on Internet servers and powerful desktops, and moves
very
quickly. A kill of this poweful creature is enough to tick off any
sysadmin. It
is highly magical, having the power to serve. It resists DoS and SYN
flood
attacks. Nothing is known about its attack.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39BD5D43.9231594B>