[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Firewall Check



Hi,

> > --> A router cannot detect which program sent the package. It can deny 
> > access to certain IP ranges and/or certain port ranges.
> 
> Ok - this was a clear point. And what about standalone firewalls (i.E. 
> SuSE Firewall) ?
>
--> As pointed out already, there may be some change to guess from the 
content of the packets which application is behind. But this applies 
for SuSE Firewall as well.

> I think, to block such internet access is only possible with an 
> client-based firewall, which knows the programs and dlls which are 
> allowed to access the net ?
> 
--> Yes. A nice one for windows is "Personal Firewall" it can display 
pop-up windows for packets that do not match any rule and you can 
restrict internet access to certain applications (they are identified 
by md5 checksums so even naming a trojan "netscape.exe" won't help).

> > The important point IMHO is to teach users not to download programs 
> > from the internet without thorough checking of the intention of the 
> > program. And of course not to click on suspicious links or open Email 
> > Attachments.
> 
> I think the only posibility to avoid such dangers is to prevent users 
> from downloading ANY program ;-)
>
--> Yes, but I guess in most places this is not an option as it means 
restricting net access very much. Think about naming a file 
"program.html" and then save it as "program.exe". It would require a 
real content-check based on "magic chars" in each document that is 
retrieved from the net.

Cheers,
Armin

-- 
Am Hasenberg 26         office: Institut für Atmosphärenphysik
D-18209 Bad Doberan             Schloss-Straße 6
Tel. ++49-(0)38203/42137        D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here