Mailinglist Archive: opensuse (3100 mails)
| < Previous | Next > |
Re: [SLE] SUSE Firewall not like ZoneAlarm...
- From: Michael W Cocke <cocke@xxxxxxxxxxxxxx>
- Date: Mon, 13 Mar 2006 09:28:25 -0500
- Message-id: <db0b12lah0v5nefetum380nvat7ts1sldn@xxxxxxx>
On Sun, 12 Mar 2006 21:36:11 +0100, you wrote:
>On Friday 10 March 2006 18:05, Daniel Bauer wrote:
>> As much as I understand it (and I don't understand very much :-) ) the
>> SUSE-firewall doesn't care abaout which application is using a specific
>> port, so in my opinion it could easily be possible for a maleficent program
>> to get an internet connection.
>
>maleficient? Please tell me you got that from babelfish :)
>
>Yes it's easy for a program to get internet access in linux, SuSEfirewall2
>won't block outgoing connections by default. If you worry about these things,
>you might want to look at AppArmor, which is included by default in 10.0 and
>can block much more than just network access
>
>zonealarm isn't exactly the solution. It's not too difficult to defeat, so the
>only thing you get from it is a false sense of security. If you're worried
>about outgoing connections, the only real solution is to only run software
>you trust.
On systems that I'm forced to run windows on, I use both Norton
systemworks (includes antivirus) and ZoneAlarm on. ZoneAlarm is
configured ENTIRELY to prevent outgoing access from software that's
not supposed to be requesting internet access - the whole network is
behind a normal firewall, which is (besides being a normal firewall)
also running snort_inline - which is configured to monitor inbound AND
outbound traffic.
Any bets which direction causes me more trouble?
Seriously, Zonealarm is really pretty good if you use it the way I do
- to catch ET phoning home. I recommend that everyone who thinks
Microsoft "really isn't that bad" to watch it for an average week.
Mike-
--
If you're not confused, you're not trying hard enough.
--
Please note - Due to the intense volume of spam, we have installed
site-wide spam filters at catherders.com. If email from you bounces,
try non-HTML, non-encoded, non-attachments,
>On Friday 10 March 2006 18:05, Daniel Bauer wrote:
>> As much as I understand it (and I don't understand very much :-) ) the
>> SUSE-firewall doesn't care abaout which application is using a specific
>> port, so in my opinion it could easily be possible for a maleficent program
>> to get an internet connection.
>
>maleficient? Please tell me you got that from babelfish :)
>
>Yes it's easy for a program to get internet access in linux, SuSEfirewall2
>won't block outgoing connections by default. If you worry about these things,
>you might want to look at AppArmor, which is included by default in 10.0 and
>can block much more than just network access
>
>zonealarm isn't exactly the solution. It's not too difficult to defeat, so the
>only thing you get from it is a false sense of security. If you're worried
>about outgoing connections, the only real solution is to only run software
>you trust.
On systems that I'm forced to run windows on, I use both Norton
systemworks (includes antivirus) and ZoneAlarm on. ZoneAlarm is
configured ENTIRELY to prevent outgoing access from software that's
not supposed to be requesting internet access - the whole network is
behind a normal firewall, which is (besides being a normal firewall)
also running snort_inline - which is configured to monitor inbound AND
outbound traffic.
Any bets which direction causes me more trouble?
Seriously, Zonealarm is really pretty good if you use it the way I do
- to catch ET phoning home. I recommend that everyone who thinks
Microsoft "really isn't that bad" to watch it for an average week.
Mike-
--
If you're not confused, you're not trying hard enough.
--
Please note - Due to the intense volume of spam, we have installed
site-wide spam filters at catherders.com. If email from you bounces,
try non-HTML, non-encoded, non-attachments,
| < Previous | Next > |