LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-19-2005, 08:27 PM   #16
foo_bar_foo
Senior Member
 
Registered: Jun 2004
Posts: 2,553

Rep: Reputation: 52

Quote:
all in all linux is not so advanced in apps as windows so it cant offer such cool programs. if you find something similar to zonealarm in linux plz post link.
yea right ~roll eyes~

i think what you guys are talking about is
roll based access controll
http://csrc.nist.gov/rbac/

it's been a part of unix/linux since the stone age
RBAC in Linux is provided by the SE Linux kernel and user space tools
http://selinux.sourceforge.net/
http://www.nsa.gov/selinux/code/download0.cfm
 
Old 08-24-2005, 10:36 PM   #17
LukeNukem
LQ Newbie
 
Registered: Apr 2005
Location: Aachen, Germany
Posts: 2

Rep: Reputation: 0
Quote:
Originally posted by marvelito
all in all linux is not so advanced in apps as windows so it cant offer such cool programs.
I'm afraid that ZoneAlarm and all similar programs are not cool, but primarily ridiculous and have no effect on system security, at best. In other scenarios, "personal firewall" programs are a real security threat.

If you want to control network access on your machine, consider RSBAC, SELinux or similar kernel enhancements. But be careful: we're talking /real/ security here and it would be easy for you to lock yourself out of your own machine. Always be sure to have a working rescue floppy and a kernel image without these enhancements at hand. YMMV, you have been warned.

If that's too heavyweight for your needs, you could code an iptables enhancement on your own; I'd consider the owner module a good starting point. But then, maybe the --cmd-owner parameter of this module is just the right thing for you? And, being in need of a GUI, its easy to use (for example) logsurfer to watch your logs and then use Python or something similar for some nasty GUI sicky-clicky on that.

So, what are you talking about? The stuff i mentioned is indeed _much_ mode sophisticated than everything Windows has to offer in the security area.

Luke

PS: Please excuse my bad english, but I am not a native speaker (I'm German) and unfortunately lack of training.
 
Old 08-25-2005, 06:03 AM   #18
plapla
LQ Newbie
 
Registered: Jul 2003
Distribution: Mandrake
Posts: 10

Rep: Reputation: 0
I totally agree LukeNukkem.

Being in the security field for some years now and having to tackle with ZoneAlarm or the Windows firewall I see the problems everyday.
I fear that the real use of these programs is to instill a false sense of security in their users and of course beside making some money for their makers.

People feel safe 'cos I have a firewall, so viruses can't come in' ...

The GUI problem is that it won't gives you the knowledge on how to operate a security technology and not an hint on its limits.
It makes you feels you are in control since U can clik on some buttons and see some lines with red or green marks in a window but I would ask you :
Do you REALLY know what it means ? What these lines represent at the network level and what happens for the packets flowing in or out your PC ?
Do you have the slightest idea on the technics used by the hackers to penetrate a Windows machine ?
Do you know the vulnerable programs and services ?
And if you don't know the uses and vulnerabilities of the various services running out there in your Windows then how could you pretend to take the right decision about what to block and what to allow.
Did you ever consider than blocking a program could in fact hinder the functionning of your PC and even lower its security ?
And on the opposite NOT blocking a service could let you open to some baddy who would break in ?

But then what to do and how to do it ?
If you can respond then may be a GUI firewall on Windows could be a good tool for you to help protect your Windows.
Else use some Shorewall or other helper under Linux, and let it do the job of building real network filtering.

And if it works without bothering you and needing constant tweaking on your side then why regret your GUI ?

Hope this helps put things in perspective.

Plapla
 
Old 08-25-2005, 10:49 AM   #19
axobeauvi
Member
 
Registered: Apr 2003
Posts: 128

Rep: Reputation: 16
I also wanted to agree with both LukeNukem and plapla
the botom line here is ,there is just no need for apps like that on linux
since I find the only progs that call home are win apps I run in wine
 
Old 08-26-2005, 02:20 AM   #20
Emmanuel_uk
Senior Member
 
Registered: Nov 2004
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,605

Rep: Reputation: 53
axobeauvi,
<<no need for appls like that>>
this is not the case. I believe adobe acrobat reader (version 7?) does call home for example. Ok most of the time you can use other pdf readers.
Ok, most (all?) open sources do not call home I suppose
(but home-users do not check the source, do they?).
I also noticed my mandriva edition was calling home at some point,
without me ever configuring the autoupdate to do so. I guess this was
legitimate. The fact I found it was doing so because of the firewall rejecting packets
is the proof that it did not ask me before calling home. (By the way,
it has now stopped, or I changed the settings of shorewall, anyway it does
not matter too much)

So "little need for appls lile that", I can agree with that
 
Old 08-26-2005, 08:36 AM   #21
plapla
LQ Newbie
 
Registered: Jul 2003
Distribution: Mandrake
Posts: 10

Rep: Reputation: 0
About Mandriva or another distro calling home there is this need to help setting up stuff like, for example, update source.
In Mandriva, it downloads a list of mirrors maintained on Mandriva servers, then it asks you to choose which mirror is closest to you in this list.

This is of course a good thing (tm).
And about the fact that you don't look at the source code, then others do.
When the code is available, one day or the other someone would peek his nose in it and find the glitch if there is some.
After all publishing a security or privacy threat is one of the fastest way to reach celebrity
 
Old 08-05-2006, 09:45 PM   #22
sabit
Member
 
Registered: Dec 2004
Distribution: Gentoo
Posts: 44

Rep: Reputation: 15
  • Systrace - Interactive Policy Generation for System Calls
  • Program Guard - Specify which applications are allowed TCP/IP connections to the Internet
 
Old 08-06-2006, 09:44 AM   #23
Emmanuel_uk
Senior Member
 
Registered: Nov 2004
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,605

Rep: Reputation: 53
Thanks sabit for that,
I was also going to post about Suse AppArmor
because there are now ports to other distributions

http://en.opensuse.org/Apparmor
Quote:
AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies, called "profiles", completely define what system resources individual applications can access, and with what privileges.
Using SUSE AppArmor to profile a workstation application in FireFox
http://searchopensource.techtarget.c...206789,00.html

I like trojanscan as well; it is small but it is good for paranoia
http://www.derks.it/tools.html

And also, in mandriva 2006, I think the firewall kind of "notify you of attacks interactively"
(there is some/tools options).
 
Old 08-06-2006, 03:47 PM   #24
sabit
Member
 
Registered: Dec 2004
Distribution: Gentoo
Posts: 44

Rep: Reputation: 15
AppArmor looks very polished, hope they port it to Gentoo (or has it already been done?).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
blocking specific websites, but allowing internet access poiuytrewq Linux - General 6 09-01-2006 12:45 AM
Blocking access to specific Websites and IP Ports fieldyweb Linux - Newbie 3 12-02-2005 06:32 AM
Allowing specific programs access to needed ports The MCP Linux - Security 5 03-31-2005 06:21 PM
how to block selected programs from access to network red11 Linux - Software 0 03-28-2004 10:08 PM
Blocking ports for a specific IP Shrimpy Linux - Networking 1 12-23-2002 12:48 PM


All times are GMT -5. The time now is 11:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration