[opensuse] Re: Interactive Firewall Needed
On Wed, 06 May 2009 22:04:15 -0500, JB2 wrote:
On 06 May 09, Jim Henderson wrote:
On Wed, 06 May 2009 15:48:03 -0500, JB2 wrote:
On 06 May 09, Jim Henderson wrote:
On Wed, 06 May 2009 18:13:36 +0200, jdd wrote:
Jim Henderson a écrit :
Internet, she is asked "Application FooBizBan is attempting to access the Internet. Do you wish to allow this?"
If she recognizes the application as one she's just started, she knows to allow it.
but if this app is filled with a virus, she allows a virus...
True, which is why she also uses up-to-date virus protection as well.
"Up-to-date virus protection", no matter how you look at it, is *reactive*. Not worth a crud. Useless. etc. The use of anything M$, is the same *because* of that.
Trolling is not an effective means of discussion, JB2.
You meant to write 'I have no definitive answer for that because it makes too much sense, so instead I will call you a troll because it's the best I can do at the moment'. There, fixed it for you.
Um, no, you were saying (or I read) "If you use Microsoft, you get what you deserve", which is unhelpful, antagonistic, and completely beside the point. To me, that's a textbook definition of trolling. And something I probably would best have been advised to ignore outright. What can I say? Sometimes I get baited.
Now, if you want to continue with the discussion that I simply got in on with everyone else who is also in on, fine, but if you have to whine like this, you've lost already and show what an ass you can simply be. My addition(s) to this discussion are as relevant as anyone elses have been. Why is it others can bring up 'viruses and protecting against them', but I can't?
Look, there's no need to get personal. I apologise if my use of 'troll' was offensive to you. It sure looked like you were trolling, and let's face it, you and I don't exactly see eye to eye on anything we've talked about on the list. So let's return to being civil to each other and discussing the issues and stop attacking each other. Deal? Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Is everyone getting my points what i wanted to say below..... Thank you everyone for your valuable suggestion. I agree that knowing the port number in advance which will be used by a program is very secure.No doubt in it. But Just imagine a situation: --> one person(Not an expert in Linux security) installed linux in his laptop for his personal use --> For security reason he kept all his port closed in internal and external interface.(by default in open suse all ports are closed in external interface) [Yes its a very good security policy] -->Now he wants to listen a song.so he needs to run a player(say kaffaine or VLC or amarok etc)These players also needs some open port.So when ever he tries to run the application request is silently drops. [In this situation do we expect to him to call a *SUPPORT* team and pay them? Isn't it rediculus to call a security support team to listen a music?? ] --->Now he wants to chat/voice chat with some one using a VOIP messenger. but since this program also needs an open port.He cant do voice chat.Even if all ports are open from internal interface no one from out side call him since all ports are closed in external interface.[In this situation do we expect to him to call a *SUPPORT* team and pay them? Isn't it rediculus to call a security support team to chat with some one ?? ]I --> I belive actually to grow in desktop market and to make linux popular and reach everyone we need to think from their point of view not from a Linux server admin point of view.I request all of you to correct me which ever statement i made incorrect.Thanks again to all of you. Thanks Prasun ----- Original Message ---- From: Jim Henderson <hendersj@gmail.com> To: opensuse@opensuse.org Sent: Thursday, May 7, 2009 8:45:29 AM Subject: [opensuse] Re: Interactive Firewall Needed On Wed, 06 May 2009 22:04:15 -0500, JB2 wrote:
On 06 May 09, Jim Henderson wrote:
On Wed, 06 May 2009 15:48:03 -0500, JB2 wrote:
On 06 May 09, Jim Henderson wrote:
On Wed, 06 May 2009 18:13:36 +0200, jdd wrote:
Jim Henderson a écrit :
Internet, she is asked "Application FooBizBan is attempting to access the Internet. Do you wish to allow this?"
If she recognizes the application as one she's just started, she knows to allow it.
but if this app is filled with a virus, she allows a virus...
True, which is why she also uses up-to-date virus protection as well.
"Up-to-date virus protection", no matter how you look at it, is *reactive*. Not worth a crud. Useless. etc. The use of anything M$, is the same *because* of that.
Trolling is not an effective means of discussion, JB2.
You meant to write 'I have no definitive answer for that because it makes too much sense, so instead I will call you a troll because it's the best I can do at the moment'. There, fixed it for you.
Um, no, you were saying (or I read) "If you use Microsoft, you get what you deserve", which is unhelpful, antagonistic, and completely beside the point. To me, that's a textbook definition of trolling. And something I probably would best have been advised to ignore outright. What can I say? Sometimes I get baited.
Now, if you want to continue with the discussion that I simply got in on with everyone else who is also in on, fine, but if you have to whine like this, you've lost already and show what an ass you can simply be. My addition(s) to this discussion are as relevant as anyone elses have been. Why is it others can bring up 'viruses and protecting against them', but I can't?
Look, there's no need to get personal. I apologise if my use of 'troll' was offensive to you. It sure looked like you were trolling, and let's face it, you and I don't exactly see eye to eye on anything we've talked about on the list. So let's return to being civil to each other and discussing the issues and stop attacking each other. Deal? Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 6 May 2009, Prasun Dhara wrote:
Is everyone getting my points what i wanted to say below.....
Have you been listening to the points others have made? Seems not.
-->Now he wants to listen a song.so he needs to run a player(say kaffaine or VLC or amarok etc)These players also needs some open port.
1) IF an applicaiton needs an open port, it is opened upon *INSTALLATION*, not use! 2) A mp3 player should not USE an open port, so select one designed properly.
So when ever he tries to run the application request is silently drops.
No, an application like that never gets installed, because the installer program [or person] in that situation is/was not capable of installing/creating a proper application. See #1 above.
--->Now he wants to chat/voice chat with some one using a VOIP messenger. but since this program also needs an open port.He cant do voice chat.
No, he/she CAN. See #1 above. It's fairly obvious that you come from the MS world, where either the applications lack good security design, is not installed properly, or 'add-on' software is being used (e.g. standalone firewall application). Security is fundamental to a good system installation, and it's simple with Linux. The fact that the MS world HAS no good security should not be fodder for a lenghty thread here. Lee -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Yes Lee I am new to this OSS world and I agree that i am not a security expert.That is why i am trying to learn from the discussion made by experts like you. But I can not agree with you on the point #1. When one particular application will listen to a port, it totally depends on the application. It may be during installation,may be during anytime the application wish. I am totally agree with you Jim. --Prasun ----- Original Message ---- From: L. V. Lammert <lvl@omnitec.net> To: Prasun Dhara <prasun_instru@yahoo.com> Cc: Jim Henderson <hendersj@gmail.com>; opensuse@opensuse.org Sent: Thursday, May 7, 2009 7:06:32 PM Subject: Re: [opensuse] Re: Interactive Firewall Needed On Wed, 6 May 2009, Prasun Dhara wrote:
Is everyone getting my points what i wanted to say below.....
Have you been listening to the points others have made? Seems not.
-->Now he wants to listen a song.so he needs to run a player(say kaffaine or VLC or amarok etc)These players also needs some open port.
1) IF an applicaiton needs an open port, it is opened upon *INSTALLATION*, not use! 2) A mp3 player should not USE an open port, so select one designed properly.
So when ever he tries to run the application request is silently drops.
No, an application like that never gets installed, because the installer program [or person] in that situation is/was not capable of installing/creating a proper application. See #1 above.
--->Now he wants to chat/voice chat with some one using a VOIP messenger. but since this program also needs an open port.He cant do voice chat.
No, he/she CAN. See #1 above. It's fairly obvious that you come from the MS world, where either the applications lack good security design, is not installed properly, or 'add-on' software is being used (e.g. standalone firewall application). Security is fundamental to a good system installation, and it's simple with Linux. The fact that the MS world HAS no good security should not be fodder for a lenghty thread here. Lee -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2009-05-07 at 11:04 -0700, Prasun Dhara wrote:
Yes Lee I am new to this OSS world and I agree that i am not a security expert.That is why i am trying to learn from the discussion made by experts like you.
But I can not agree with you on the point #1.
When one particular application will listen to a port, it totally depends on the application. It may be during installation,may be during anytime the application wish.
No, in Linux that has to be during installation. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkoDWuYACgkQtTMYHG2NR9VW8gCfbJ3+/Dd4szDF45MRo6EfOnDZ ZE8AniOdD35CY+tifHKaTbfZbefdot+e =6/kn -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2009-05-08 at 00:04 +0200, Carlos E. R. wrote:
On Thursday, 2009-05-07 at 11:04 -0700, Prasun Dhara wrote:
But I can not agree with you on the point #1.
When one particular application will listen to a port, it totally depends on the application. It may be during installation,may be during anytime the application wish.
No, in Linux that has to be during installation.
Clarification: - The port should be opened on the firewall during installation of the program, sometimes automatically (by Yast), or manually by the administrator. - The program binds to the port when the running programs sees fit. Ie, there are two places where a port is "opened". - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkoDXGEACgkQtTMYHG2NR9U5PgCeIB//1ndKJBkhYiwDEpm8C2cv njAAoILxx7Qkl8LaFNaCIiJhG8FmKAkO =MMeN -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-05-06 at 21:11 -0700, Prasun Dhara wrote:
But Just imagine a situation: --> one person(Not an expert in Linux security) installed linux in his laptop for his personal use --> For security reason he kept all his port closed in internal and external interface.(by default in open suse all ports are closed in external interface) [Yes its a very good security policy]
-->Now he wants to listen a song.so he needs to run a player(say kaffaine or VLC or amarok etc)These players also needs some open port.So when ever he tries to run the application request is silently drops.
I can't imagine a reason why a player would need to open a listening port to internet. Why? Not even if you have to download the music at that instant, like from an online radio, would any action be needed to open a port on the firewall, that's automatic (the connection is initiated from inside, not outside). There is no port on the outside waiting for a connection, the player is not a server but a client.
--->Now he wants to chat/voice chat with some one using a VOIP messenger. but since this program also needs an open port.He cant do voice chat.Even if all ports are open from internal interface no one from out side call him since all ports are closed in external interface.[In this situation do we expect to him to call a *SUPPORT* team and pay them? Isn't it rediculus to call a security support team to chat with some one ?? ]I
He would need to do a similar action on the internet router. If he knows how to prepare the router, he also knows how to prepare the internal firewall. Plus, that VoIp program would have to document this in detail. Not to forget that some apps, like Skype, do not need any action. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkoDXt4ACgkQtTMYHG2NR9VEyACfbVWra4LG4CE5Y48BDTGv2UI5 8ZsAnjQ/Z7CCp4AoQHfl5m0csAbU/csm =uemu -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Carlos E. R. -
Jim Henderson -
L. V. Lammert -
Prasun Dhara