Critical Defense Daemon

Jeff Spaleta jspaleta at gmail.com
Wed Sep 22 15:33:16 UTC 2004 

On Tue, 21 Sep 2004 19:15:52 -0400, DALive Editor <dalive at flashmail.com> wrote:
> Such a system have the following properties:
>     - be installed by default, but could be disabled during Anaconda
> installer
>     - kick into action as soon as the presence of Internet connectivity
> is detected
>     - reference a central server (group of servers) sending it's distro
> version
>     - accept of packages vulnerable to attack over the Internet
>     - check this list against installed package list
>     - request iptable rules to block such an attack(s) if any installed
> packages are vulnerable

OR we could just have very secure default configurations where no
outside accessible services are turned on by default AND a default
firewall that blocks all incoming service requests.  Which is very
close to what we have right now. Doing a default install of fedora
core.. using the default firewall settings...and default configuration
choices what services are exposed? What you describe makes sense in a
windows world where incoming services are enabled by default..but it
seems a huge waste of effort to me to implement this for fedora, when
reasonably secure default configuration is used that limits the
exposure to malicious attack by default.
http://www.advogato.org/person/mjcox/diary.html?start=126
http://blogs.redhat.com/people/archive/000133.html


>     - alert the user that said rules were about to be entered into their
> firewall, giving the user an opportunity to Cancel
>     - implement said rules
>     - if rule implementation failed alert user of failure and give user
> option to block all packets except packets outgoing to port 80
>     - forward user to a detailed or simplified advisory online which
> would, among other things give instructions on how to prevent attack, etc.
>     - would reverse rules once package version has been upgrade to a non
> affected version, or user requests that rules be reversed

This complicated scheme sounds fragile and prone to its own
vulnerabilities. Imagine if someone was able to spoof a dns server
response and point you to the wrong list of packages..and that list
encouraged you to create iptables rules that users dont understand how
to review... sounds like a recipe for a problem to me.

>     - check for update advisories at user defined intervals for users
> permanently connected to the Internet, and for dial up users do check on
> Internet connection

Well rhn-applet checks for updates...or it should. And when connected
to rhn up2date is able to give advisory text as well. I will agree
with you that finding a way to get update advisory text into the ui
again for fedora core updates is something worth doing.

> The reason I propose such a system is because over the past up I've
> installed a few fresh installs of Windows, and without service packs
> installed from cdrom, the machines last approx 20 mins on the net before
> they are bogged down my malaware.  Such a system would serve as a simple
> preemptive move that would protect a Linux desktop from such problems
> now, and in the future.

I counter that secure default firewall settings and default
configuration settings where inbound services are not exposed by
default is more than enough to prevent a linux distribution from
experiencing the problem windows experiences and what you want would
be a drain on development resources for very little actual gain.  If
there is a problem with the default configuration and the default
firewall rules that should be dealt with directly.

I would say however, that it might be useful to think about how to
have the ui for the system ask the user if they want to check for
updates very soon after installationa is complete. Maybe firstboot
could be taught to prompt the user about what updates are available,
maybe something else.

-jef

More information about the desktop mailing list