On Tue, 5 May 2009, Rajko M. wrote:
On Tuesday 05 May 2009 05:24:05 pm Carlos E. R. wrote:
The request for someone to learn firewall internals in order to open ports is the same as to ask car owner to know how to tune cars in order to use them. Some will do that, but majority see car as a way to go from point A to point B, not a bit more.
Sorry, you have missed the support equation entirely! A *USER* should never be asked to open a port, as that request might have come from some malicious program! If they KNOW it is a valid request, it's only three or four mouse clicks to turn on that port - no internal knowledge needed.
Having program that will monitor all ports and notify user that some application wants to go out is not out of mind. That is way better option then having all ports closed making application to fail, or forcing user to shut down the firewall.
Sorry, not true either. The system comes configured with standard ports open, and any other required ports would be opened at installation. Under normaly circumstances, the user would never see a request to open a port; if he/she DOES, it is higly likely that some malicous application is the cause, OR a new application is being installed, which should have been monitored by a qualified professional anyway.
What that monitor will do is the same as user will do with much more hassle. It will record port, destination IP and application name. Notify user and after, [yes], [yes, log traffic], or [no], perform action.
No, no, no! Training users to always click on the "YES" button is absolutely no security at all. Why do you think Vista had so many problems? USERS are not qualified to make a security decision. Lee ============================================== Leland V. Lammert lvl@omnitec.net Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net ============================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org