[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Firewall Check
> > --> A router cannot detect which program sent the package. It can deny
> > access to certain IP ranges and/or certain port ranges.
> Ok - this was a clear point. And what about standalone firewalls (i.E.
> SuSE Firewall) ?
--> As pointed out already, there may be some change to guess from the
content of the packets which application is behind. But this applies
for SuSE Firewall as well.
> I think, to block such internet access is only possible with an
> client-based firewall, which knows the programs and dlls which are
> allowed to access the net ?
--> Yes. A nice one for windows is "Personal Firewall" it can display
pop-up windows for packets that do not match any rule and you can
restrict internet access to certain applications (they are identified
by md5 checksums so even naming a trojan "netscape.exe" won't help).
> > The important point IMHO is to teach users not to download programs
> > from the internet without thorough checking of the intention of the
> > program. And of course not to click on suspicious links or open Email
> > Attachments.
> I think the only posibility to avoid such dangers is to prevent users
> from downloading ANY program ;-)
--> Yes, but I guess in most places this is not an option as it means
restricting net access very much. Think about naming a file
"program.html" and then save it as "program.exe". It would require a
real content-check based on "magic chars" in each document that is
retrieved from the net.
Am Hasenberg 26 office: Institut für Atmosphärenphysik
D-18209 Bad Doberan Schloss-Straße 6
Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here