[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Firewall Check

Hi Michael,

> I've found an interesting Program to check firewalls. It demonstrates 
> the ability to connect to internet via other programs which are allowed 
> to connect. (Trojan Horses)
> Is it possible to block the program from accessing the internet via a 
> stand-alone router ?
--> A router cannot detect which program sent the package. It can deny 
access to certain IP ranges and/or certain port ranges.
> http://www.pcinternetpatrol.com/downloads/pcaudit.exe
> Is this simply a program to panic users or is there a serious danger ?
--> I think it is to a large extent a program to panic users and 
promote the selling of their firewall. Once you download a program and 
install it on your computer, it can use the network. And you do not 
want to block ALL outgoing connections. If you have a very strict 
security police though, you can configure the firewall to only let 
browser "A" access ports 80,443 on the net and only SSH-client B to 
access port 22. But this will restrict your users and give them 
problems when using a different browser, an WWW server on a different 
port a.s.o.

The important point IMHO is to teach users not to download programs 
from the internet without thorough checking of the intention of the 
program. And of course not to click on suspicious links or open Email 


Am Hasenberg 26         office: Institut für Atmosphärenphysik
D-18209 Bad Doberan             Schloss-Straße 6
Tel. ++49-(0)38203/42137        D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here