Hello, On Aug 2 10:59 Vincent Untz wrote (excerpt):
Le mardi 02 août 2011, à 10:16 +0200, Johannes Meixner a écrit :
On Aug 1 14:18 Vincent Untz wrote (excerpt):
For instance, when configuring printers, the tool can open the mdns, ipp, ipp-client and samba-client ports for 5 minutes and probe the network (ports will get closed after the 5 minutes). And if the user chooses to use a printer using one of those ports, the tool will permanently open the port.
What is the security concept behind this?
In other words: Why is it secure to remove security for 5 minutes? Why is it secure to remove security permanently for particular stuff?
Oh, it's certainly not the most secure approach; it's a compromise between user-friendliness and security.
From my experience I think the only user-friendly way to deal with security settings is to talk to the user so that he knows what is going on. In particular when security should be removed, I think that an explicite confirmation by the user is mandatory.
From my personal point of view it would be perfectly o.k. if there is a popup dialog which shows:
"FancyStuff" requires that others have full access to your host via network. To make "FancyStuff" work, do you want that all network access protection will be removed now from your host? [Remove all protection] [Cancel (keeps current protection)] ---------------------------------------------------------------
And while I haven't thought about firewall security in a while, the first example I come with when talking about trusted zones is connecting to WiFi at a university. Is this trusted or not? It might need to be trusted to allow printing documents and most people would trust it, and yet there are hundreds of individuals on this network, including some who might abuse your trust.
Regarding firewall zones, you may have a look at https://bugzilla.novell.com/show_bug.cgi?id=630750 "the whole 'firewall zones stuff' has no meaning to normal users" FYI regarding printing: To print documents on a remote printer, there is no need to open any port in the firewall on your host. But when you like to get the user-friendly "CUPS browsing information" from CUPS servers in the network, the firewall on your host must permit that others (which are not necessarily CUPS servers) can send you stuff which looks like "CUPS browsing information" but then you must trust the others, see "print job phishing" in http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings Alternatively use "BrowsePoll" to poll the information from explicite CUPS servers which you trust, see also https://bugzilla.novell.com/show_bug.cgi?id=433047#c12 When others in the network should be able to print documents via a CUPS server running on your host, the firewall on your host must permit that others can access your CUPS server. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer