RFE: FireKit

Björn Persson bjorn at xn--rombobjrn-67a.se
Fri Jul 24 17:21:51 UTC 2009


Colin Walters wrote:
> If for
> example I enable desktop sharing before leaving work, then head to the
> airport, and log on there to WiFi, you really don't want the desktop
> sharing still enabled.  Nor likely do you want sshd.

 – Internal tech support, Randy Hacker speaking.
 – Hi Randy, Joe Salesman here. I'm at the airport. Something's wrong with my 
laptop. The screen just goes black when I try to start Open Office Impress. It 
worked fine yesterday. If I can't get it to work before I get to the customer's 
site I won't be able to show the presentation.
 – OK Joe, I'll SSH into your laptop and look at the logs. What's your current 
IP address?

> Which leads me to think that rather than being based on individual
> ports and time, we just need a nice way to globally toggle the
> firewall.  And that could come down to marking networks as explicitly
> trusted in NetworkManager, say.

That sounds like a really bad idea, because:

> 1) Joe is a salesperson who is visiting another company and connected
> to their public WiFi.  He wants to enable desktop sharing so people
> not in the conference room can easily see his presentation.  He goes
> into vino and selects sharing.  Vino sends a dbus message to
> NetworkManager which says it's requesting a service.  NetworkManager
> knows this network isn't yet trusted, and sends a message to nm-applet
> asking whether to make the network trusted or not.  If the network
> transitions from untrusted to trusted, the firewall is disabled for
> the time he is connected to that network.  This is a transient state -
> if Joe suspends his computer, shuts down, or connects to another
> network, the firewall goes back up.

Joe might have file sharing enabled to share his documents with his colleagues 
in his own company, but just because Joe wants to let people see the 
presentation, that doesn't mean he wants anyone who might be connected to the 
customer's network to read all his documents. Should he evaluate the 
trustworthiness of all the customer's employees as well as the security of 
their network before he starts Vino?

In one known attack against the concept of trusted networks, an attacker 
configures his laptop to present itself as a WiFi access point and broadcast a 
large number of strategically chosen SSIDs. Then he sits down in a public 
place and waits for unsuspecting laptops to recognize the SSID of their home 
network and connect automatically.

Björn Persson

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20090724/d7c99a19/attachment.bin 


More information about the devel mailing list