RFE: FireKit
Björn Persson
bjorn at xn--rombobjrn-67a.se
Fri Jul 24 17:21:51 UTC 2009
Colin Walters wrote:
> If for
> example I enable desktop sharing before leaving work, then head to the
> airport, and log on there to WiFi, you really don't want the desktop
> sharing still enabled. Nor likely do you want sshd.
– Internal tech support, Randy Hacker speaking.
– Hi Randy, Joe Salesman here. I'm at the airport. Something's wrong with my
laptop. The screen just goes black when I try to start Open Office Impress. It
worked fine yesterday. If I can't get it to work before I get to the customer's
site I won't be able to show the presentation.
– OK Joe, I'll SSH into your laptop and look at the logs. What's your current
IP address?
> Which leads me to think that rather than being based on individual
> ports and time, we just need a nice way to globally toggle the
> firewall. And that could come down to marking networks as explicitly
> trusted in NetworkManager, say.
That sounds like a really bad idea, because:
> 1) Joe is a salesperson who is visiting another company and connected
> to their public WiFi. He wants to enable desktop sharing so people
> not in the conference room can easily see his presentation. He goes
> into vino and selects sharing. Vino sends a dbus message to
> NetworkManager which says it's requesting a service. NetworkManager
> knows this network isn't yet trusted, and sends a message to nm-applet
> asking whether to make the network trusted or not. If the network
> transitions from untrusted to trusted, the firewall is disabled for
> the time he is connected to that network. This is a transient state -
> if Joe suspends his computer, shuts down, or connects to another
> network, the firewall goes back up.
Joe might have file sharing enabled to share his documents with his colleagues
in his own company, but just because Joe wants to let people see the
presentation, that doesn't mean he wants anyone who might be connected to the
customer's network to read all his documents. Should he evaluate the
trustworthiness of all the customer's employees as well as the security of
their network before he starts Vino?
In one known attack against the concept of trusted networks, an attacker
configures his laptop to present itself as a WiFi access point and broadcast a
large number of strategically chosen SSIDs. Then he sits down in a public
place and waits for unsuspecting laptops to recognize the SSID of their home
network and connect automatically.
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20090724/d7c99a19/attachment.bin
More information about the devel
mailing list