Page 11 of 12 FirstFirst ... 9101112 LastLast
Results 101 to 110 of 112

Thread: TuxGuardian - application based firewall

  1. #101
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by scruffyeagle View Post
    I just finished carefully reading every single post in this thread, and have a couple of things to say:

    *) Using the term "Windows mindset" or repeating "this isn't Windows" is a cop out - a way of avoiding discussing the details, by lumping dissenting voices into a generic stereotyping.

    *) Phone home software in drivers IS an issue, and it's unavoidable. It has absolutely no connection with questions re. repositories vs. other sources. It's the consequence of equipment manufacturers working hard to dig deeper into the pockets of their customers, and working hard to leverage their sales/transactions into further profit regardless of the ethics of their methods. Use of those drivers is a necessity; the equipment is designed from scratch to insist on it. This problem won't go away just because this is Linux, and the time-honored traditional methods & tools in Linux are insufficient to obstructing this new threat to privacy. Therefore, new tools & methods are required.

    Based on what I've read in this thread, process #'s are insufficient for this task, as are port #'s. The problem in limiting outgoing connections on a per-application basis, is that the Linux environment doesn't maintain a comprehensive table of program I.D. #'s. (Please correct me, if I'm wrong about that.) In the absence of a comprehensive table of program I.D. #'s, it's not possible to maintain a table of which programs own which current connections - or, to block programs from making connections. Such a table of program I.D. #'s would have to be updated & maintained during every instance of program installation, including assigning separate I.D. #'s for each & every driver. Given such a table to reference, it would be easy to implement per-program internet access privileges. The registration table would have 3 columns: Text of program name, numeric program I.D. # assigned at installation time, and numeric value indicating privileges.

    If such a table existed, then establishing a connection could be allowed or refused based on the value of the privileges info in the table. A request for an outgoing connection would require the requesting program to provide a valid I.D. #. Administrators would be able to review &/or edit the privileges in the table on an as-needed basis. A session log would be maintained of programs owning current outgoing connections, with start & end times. The drawback to this framework, is the possibility of programs accessing the table's values for the purpose of spoofing I.D. #'s & associated privileges. I'm not proposing that this would be a replacement for IPtables - it would be an associated accesory, plugging a gap in the security measures.

    I don't know the details of operation, re. TuxGuardian, so I don't know if it does what I've proposed here. All I'm really sure of, is that software to do what I've written in the previous 2 paragraphs is needed.

    But, please don't tell me that if I want such a feature in the OS then I should write it myself. My programming activities were limited to BASIC - however, my experience in flowcharting, principles of program design, and complex systems analysis are still valid & useful. Of course, if you think it would be right & proper for the entire Linux community to wait until I somehow manage to master writing software in a new language like C++ or Python...?

    To sum up: A new problem exists, and traditional methods are insufficient for dealing with it. A method for controlling this problem exists - all that's required is for the community of Linux developers to recognize & acknowledge the problem, then create software that applies the remedy.

    First iptables is not now nor has it EVER been an application firewall. If you want application based firewalling and containment you need to check out things like SELinux or Apparmor, many applications have their own application (for instance mod-security) for Apache.

    As far as applications becoming a server or creating connections -- there are methods around this without reinventing the wheel. Iptables can and does provide the functionality to prevent this. Granted -- this is not in the default UFW configuration, that does not mean it does not exist.

    For Windows mindset I think that might be the case here : it seems like you are looking for something like Zone Alarm to pop up a warning that something is trying to access the network. While there may be front ends for this, Linux largely assumes you know what you are doing -- and most Linux users find functionality like this inconvenient to say the least.

    When it comes to pid's and connection tracking, again the functionality is there (not in default configuration) , and in my opinion regardless of the platform, and regardless of the method of controlling it application inventories have ALWAYS been a personal responsibility. While creating an application to automate this task might be beneficial to some I doubt it. The reason being, most users who would need something like this are "clickers" they click yes to everything, with the hopes that whatever task they are trying to complete is successful.

    Bottom line , I think there is quite enough of this functionality for users who really want it. While it is there it remains un-intrusive for those who do not wish to deal with an operating system that looks and feels like Windows.

    As far as writing your own functionality -- if you want a niche application request filled you may have to pony up and write it for yourself. When writing something like an operating system you have a very wide and diverse range of needs and wants. You can't meet them all. So it's not unreasonable to say if you want something that the majority doesn't want go ahead and learn C and create it.
    Last edited by Dangertux; August 25th, 2011 at 05:20 PM.

  2. #102
    Join Date
    Jun 2011
    Beans
    5

    Re: TuxGuardian - application based firewall


  3. #103
    Join Date
    Jul 2011
    Beans
    206

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by Dangertux View Post
    First iptables is not now nor has it EVER been an application firewall. If you want application based firewalling and containment you need to check out things like SELinux or Apparmor, many applications have their own application (for instance mod-security) for Apache.

    As far as applications becoming a server or creating connections -- there are methods around this without reinventing the wheel. Iptables can and does provide the functionality to prevent this. Granted -- this is not in the default UFW configuration, that does not mean it does not exist.

    For Windows mindset I think that might be the case here : it seems like you are looking for something like Zone Alarm to pop up a warning that something is trying to access the network. While there may be front ends for this, Linux largely assumes you know what you are doing -- and most Linux users find functionality like this inconvenient to say the least.

    When it comes to pid's and connection tracking, again the functionality is there (not in default configuration) , and in my opinion regardless of the platform, and regardless of the method of controlling it application inventories have ALWAYS been a personal responsibility. While creating an application to automate this task might be beneficial to some I doubt it. The reason being, most users who would need something like this are "clickers" they click yes to everything, with the hopes that whatever task they are trying to complete is successful.

    Bottom line , I think there is quite enough of this functionality for users who really want it. While it is there it remains un-intrusive for those who do not wish to deal with an operating system that looks and feels like Windows.

    As far as writing your own functionality -- if you want a niche application request filled you may have to pony up and write it for yourself. When writing something like an operating system you have a very wide and diverse range of needs and wants. You can't meet them all. So it's not unreasonable to say if you want something that the majority doesn't want go ahead and learn C and create it.
    *) Yes, I'll be checking out SElinux & AppArmor - but that takes time. Dealing with the new problem of secret connections from drivers shouldn't need to wait for a new user to spend 3 months studying before being able to stop those connections.

    *) Please elaborate on how iptables can stop outgoing connections from drivers.

    *) Yes, ZoneAlarm is the model of what's needed - but, I'm not suggestion a ported app to do that task. Who cares about notifications? Not me. Instead, I'm suggesting an iptables-style utility within Linux to provide an extra layer of security. I have the feeling that many long-time users of Linux bend over backwards to avoid doing anything similar to Windows, as if they think that if Windows does it then it can't be beneficial. That's self-defeating, because being close-minded to good ideas will result in lost opportunity for improvement. There's an old saying: "Emulate success."

    *) "Clickers"? My, how condescending and demeaning. Haven't you noticed the many posts in this thread, with people saying they believe this functionality has become necessary, and they wish it existed? Those aren't "clickers". Some of those may not be experts, but as a group those are people who study the OS & programs, and the internet access environment. They aren't lax or lazy.

    *) I actually did take a step toward getting back into programming, earlier this evening. I downloaded "Gambas2". Now, I'll need to learn to use it.
    .
    "That's my motto - a place for everything, and everything all over the place!"
    -- From an old comic I once saw.--

  4. #104
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: TuxGuardian - application based firewall

    I have to ask some off why are you using Ubuntu? What was it that made you start using it?

    If it was because of problems you had with Windows, did you ever think that it may be the reliance on tools that do things automatically for you?

    I use a Linux variant for the freedom it gives me to do what I want with my system, without having to rely on tools that don't work that well in the Windows world.

  5. #105
    Join Date
    Jul 2011
    Beans
    206

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by cariboo907 View Post
    I have to ask some off why are you using Ubuntu? What was it that made you start using it?

    If it was because of problems you had with Windows, did you ever think that it may be the reliance on tools that do things automatically for you?

    I use a Linux variant for the freedom it gives me to do what I want with my system, without having to rely on tools that don't work that well in the Windows world.
    I can't answer for other people, but I can tell you why I've spent the last 2 months trying to master Linux in general, and Ubuntu in particular:

    *) The 3 primary options for personal computing are
    a) Microsoft Windows,
    b) Apple comuters & OS's, and
    c) Linux

    Microsoft Windows has been defective from the start. I've read how Gates was selling Windows at a trade fair before even a single line of code was written; that, all he had was a graphical shell program illustrating what the OS would do when created. It was rushed to market to meet the delivery deadlines, and they've been trying to compensate for its shortcomings ever since. The one thing they do most expertly, is digging into the public's pockets and extracting money. If I was wealthy, I could afford to go along with it indefinitely, purchasing the "Pro" versions of each new OS... But, I'm poor, so that's a unfavorable option for me.

    Apple Computers are (I'm told) excellent machines w/ excellent OS's - but, as a general rule, higher quality comes at a premium price. And, price was very much an issue for me.

    I've been increasingly aware of how much extra cost was being added to my electric bill by using my old Dell tower machine w/ old tube monitor as vs. using a laptop w/ LED or LCD display. I decided that although I couldn't really afford a new machine, the savings of a more energy efficient computer would eventually pay for itself. It took a while to find a deal I could cover the cost of, but I managed to purchase a used laptop w/o OS recently. Now that I had a more energy efficient machine, I had to obtain & install an OS - and what choices did I have for getting it running? I decided to buckle down, and invest the time & effort to learn the free OS, Linux. I'd been researching and reading about the various types of Linux, and settled on Ubuntu as the best option for a beginner like myself.

    Now, I've made the plunge. I've invested money into a machine that needed Ubuntu. I've invested a huge amount of time & effort during the past couple of months, learning about Linux in general, and Ubuntu in particular. Linux is and always has been a community endeavor. And, this community is where I now find myself. Here is where I've arrived, and the best paths for how to proceed are all within the environment of Ubuntu. So I'm doing my best to become an upstanding member of this community, learning all I can from the people I meet who know more than me, sharing what I've learned with those I might be able to help, and doing my best to contribute in a beneficial manner toward the improvement of Ubuntu.

    With that, I've answered your question re. why I'm using Ubuntu.
    .
    "That's my motto - a place for everything, and everything all over the place!"
    -- From an old comic I once saw.--

  6. #106
    Join Date
    Sep 2008
    Location
    Pacific Northwest, USA
    Beans
    164
    Distro
    Kubuntu 10.04 Lucid Lynx

    Re: TuxGuardian - application based firewall

    Hi,

    Honestly, I'm a little disappointed at the attitude of the ubuntu forums staff members, and their complete obstinance regarding this issue - even to the extent that they WILL NOT allow, in the remotest sense, that an application based firewall MIGHT be useful for some people, and in some situations. It makes me wonder if there's an agenda of some kind at work behind the scenes...

    I admit to feeling pretty secure on my linux box, but I also admit to wishing I had some application level control over what comes in and goes out of my machine - even if I never really need to use it.

    I read with interest LucasAdams post with the link to the brainstorm thread about LittleSnitch, a Mac firewall applet that appears to look and act just like a windows application-based firewall. It seems to me if apple can do it, so can linux.

    AppArmour is a great program, but it's hopelessly complex. What I, and the others here, are looking for is something that doesn't require an hour of coding, or memorization of a syntax in order to block or allow anything we want, at any time we want, in a few seconds - especially if we don't know what it is ahead of time - while continuing to go about our normal routine. That's not too much to ask, is it?

    While it's true that most of my software is from the repositories, I do have some from outside. I consider them to be "reliable", but you never really know, do you? I would be very surprised if anyone reading this could say that they have never installed something from outside. In fact, I would be surprised if most of us here did not have at least one program installed right now that at least began life outside the repositories (installed it before it was in there).

    Then there's the problem of zero day vulnerabilities. These can affect any program - even the kernel. If (when) linux malware becomes more prevalent, even mousing-over an invisible link on an otherwise innocuous webpage can begin an infection. Yes, I admit it will be harder to infect a linux box, and even more difficult to affect anything beyond the user's own files and folders, but not impossible.

    Application-based firewalls appear to me to have one big advantage over port-based ones, and that is the ability to monitor and affect what goes in and comes out (albeit in crude fashion) in real time. They combine the virtues of a net monitor, with the ability to actually stop the transfer of data with a click of the mouse. That may not seem important to you, and if it's not, well, okay. I would like to be able to do it.

    I admit to being pretty much in the dark when it comes to the experience of a malware attack on a linux system. I have no idea what one would be like. I have heard of people's home folders being trashed. Linux systems are very secure, but they do get hacked on occasion - a friend's linux server was hacked a while ago, and they are not invulneralble. Imagine if someone installed a backdoor to your system, or installed a keylogger, without your knowledge. Perhaps you might only discover it, or at least you might first discover it, when it tried to connect to its master (and a little alert popped-up).

    To those who say that application-based firewalls turn users into "clickers", I would say that in combination with a port-based configuration, "allowing" everything would be as secure as a port-based configuration alone. I don't see the problem...

    You nay-sayers may be right. There likely isn't enough interest at the developer level to support this right now. Linux is very safe - especially if you're careful and at least a little bit educated. But I predict that a time will come when malware for linux will become more prevalent and at that time an application-based firewall will finally be developed and maintained. It's not a panacea, and no one's suggesting it is (in point of fact, it's a pain in the ***). It's just one more tool for the security conscious person (okay, the excessively paranoid) to monitor and control their system. It fits very nicely between the port-based firewall and a packet analyzer.
    Last edited by Laysan_A; December 5th, 2011 at 07:17 AM.
    MB:ASUS M3A78-EM AM2+/AM2 780G HDMI, Proc: Athlon 64 X2 5000+ Brisbane 2.6 GHz 2x512KB L2 Cache, Graph: Int. ATI Radeon HD 3200, Aud: Int. Realtek ALC1200 8 channels, Ram: 2GB Corsair XMS2 DDR2 800 SDRAM, Monitor: Dell SE198WFP 19" Wide FPM

  7. #107
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by Laysan_A View Post
    Hi,

    Honestly, I'm a little disappointed at the attitude of the ubuntu forums staff members, and their complete obstinance regarding this issue - even to the extent that they WILL NOT allow, in the remotest sense, that an application based firewall MIGHT be useful for some people, and in some situations. It makes me wonder if there's an agenda of some kind at work behind the scenes...
    Staff members are just volunteers like normal members. What sort of agenda would there be "behind the scenes" ? Keep in mind that there have been security professionals posting in this thread as well.

    I admit to feeling pretty secure on my linux box, but I also admit to wishing I had some application level control over what comes in and goes out of my machine - even if I never really need to use it.
    Why not just configure a default outbound policy to deny all and then only allow traffic you want? A firewall isn't really a "catch-all" but you can strengthen it with strong outbound rules.

    AppArmour is a great program, but it's hopelessly complex. What I, and the others here, are looking for is something that doesn't require an hour of coding, or memorization of a syntax in order to block or allow anything we want, at any time we want, in a few seconds - especially if we don't know what it is ahead of time - while continuing to go about our normal routine. That's not too much to ask, is it?
    The thing about AppArmour is that you need to tailor each profile to your needs. There is no "end all, be all" profile to something like firefox since everyone's needs are different. There are quite a few howto's on it around the forum. It might be a pain in the butt when you first start, but once you have the profiles that are suitable to you, then you are golden.

    While it's true that most of my software is from the repositories, I do have some from outside. I consider them to be "reliable", but you never really know, do you? I would be very surprised if anyone reading this could say that they have never installed something from outside. In fact, I would be surprised if most of us here did not have at least one program installed right now that at least began life outside the repositories (installed it before it was in there).
    Security involves different levels of trust. I don't trust a random website as much as I would trust a known website.

    If you trust something enough to install it, then you potentially open yourself up to security issues, if any are discovered (and patched). If you don't trust an application, then don't install it. I stick to the repos as much as I can but for some things (RAID card) I need to compile a third-party driver, which I get from the manufacturer's site. Could that be used in an exploit? Maybe, but to what benefit?

    Then there's the problem of zero day vulnerabilities. These can affect any program - even the kernel. If (when) linux malware becomes more prevalent, even mousing-over an invisible link on an otherwise innocuous webpage can begin an infection. Yes, I admit it will be harder to infect a linux box, and even more difficult to affect anything beyond the user's own files and folders, but not impossible.
    The only way I can see getting an "infection" by mousing over a link is to have a malicious script run on mouseover which pokes a hole in your defenses. That would not happen if you are running something like Apparmour or NoScript (preferably both).

    Application-based firewalls appear to me to have one big advantage over port-based ones, and that is the ability to monitor and affect what goes in and comes out (albeit in crude fashion) in real time. They combine the virtues of a net monitor, with the ability to actually stop the transfer of data with a click of the mouse. That may not seem important to you, and if it's not, well, okay. I would like to be able to do it.
    That is still the bit of "Windows" mentality. If you do not install dubious programs, you wouldn't have to worry if something has compromised your box. The number one thing that causes machines to be cracked is SSH and VNC, both of which are disabled on the default install of Ubuntu. What would an application level firewall do for a program that is running as a daemon (service) ?

    I admit to being pretty much in the dark when it comes to the experience of a malware attack on a linux system. I have no idea what one would be like. I have heard of people's home folders being trashed. Linux systems are very secure, but they do get hacked on occasion - a friend's linux server was hacked a while ago, and they are not invulneralble. Imagine if someone installed a backdoor to your system, or installed a keylogger, without your knowledge. Perhaps you might only discover it, or at least you might first discover it, when it tried to connect to its master (and a little alert popped-up).
    A good user checks log files every now and then for suspicious activity. If someone got into your box without you knowing it, it would be hard to tell if it was accessed since the attacker would more likely then not sanitize any evidence they were there by wiping log files and whatnot.

    You nay-sayers may be right. There likely isn't enough interest at the developer level to support this right now. Linux is very safe - especially if you're careful and at least a little bit educated. But I predict that a time will come when malware for linux will become more prevalent and at that time an application-based firewall will finally be developed and maintained. It's not a panacea, and no one's suggesting it is (in point of fact, it's a pain in the ***). It's just one more tool for the security conscious person (okay, the excessively paranoid) to monitor and control their system. It fits very nicely between the port-based firewall and a packet analyzer.
    An application based firewall won't protect you from malware. That is still the Windows mindset. Linux has Apparmor/SELinux, iptables/netfilter built into the kernel among other things to keep you safe.

    Have a read on the thread here and the wiki page (which is based on that thread) here.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  8. #108
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: TuxGuardian - application based firewall


    Honestly, I'm a little disappointed at the attitude of the ubuntu forums staff members, and their complete obstinance regarding this issue - even to the extent that they WILL NOT allow, in the remotest sense, that an application based firewall MIGHT be useful for some people, and in some situations. It makes me wonder if there's an agenda of some kind at work behind the scenes...
    As Charles said , this is silly.

    I admit to feeling pretty secure on my linux box, but I also admit to wishing I had some application level control over what comes in and goes out of my machine - even if I never really need to use it
    You have a ton of options for this -- we'll get into that in a moment...

    I read with interest LucasAdams post with the link to the brainstorm thread about LittleSnitch, a Mac firewall applet that appears to look and act just like a windows application-based firewall. It seems to me if apple can do it, so can linux.
    Linux can do it -- it wouldn't be that hard to make a Python front end for the tools already available to give you the GUI you want. That being said there are essentially two large crowds in the Linux community. The Linux is safe and nothing can hurt us anyway so we do nothing group. Also there is the I've been using Linux since Torvalds dreamed it up and I can edit apparmor profiles using nothing but stream editor crowd. There is a small group in between that realizes they want more but won't get it without embracing the learning curve.

    AppArmour is a great program, but it's hopelessly complex. What I, and the others here, are looking for is something that doesn't require an hour of coding, or memorization of a syntax in order to block or allow anything we want, at any time we want, in a few seconds - especially if we don't know what it is ahead of time - while continuing to go about our normal routine. That's not too much to ask, is it?
    Apparmor -- it's a proper noun, a product by Novell, you shouldn't change the spelling to be dialect specific. Again -- it's not that complicated, and there are MANY pre-made profiles available in repos for you to use. The syntax (though intimidating) is actually pretty easy, maybe a 2 -3 hour learning curve for most intermediate users.

    Is it too much to ask? Maybe... It might be -- I'm going to tell you why. The tools you have available to you give you a LOT of control , more than a silly little GUI. Those silly little GUI's are often ineffective. They sit there, on your desktop giving you a false sense of security, when in reality they are trivial to bypass most of the time. Mandatory Access Controls, are not by any stretch of the imagination trivial to bypass if configured properly.

    While it's true that most of my software is from the repositories, I do have some from outside. I consider them to be "reliable", but you never really know, do you? I would be very surprised if anyone reading this could say that they have never installed something from outside. In fact, I would be surprised if most of us here did not have at least one program installed right now that at least began life outside the repositories (installed it before it was in there).
    Neither is reliable beyond a shadow of a doubt -- what is your point?

    Then there's the problem of zero day vulnerabilities. These can affect any program - even the kernel. If (when) linux malware becomes more prevalent, even mousing-over an invisible link on an otherwise innocuous webpage can begin an infection. Yes, I admit it will be harder to infect a linux box, and even more difficult to affect anything beyond the user's own files and folders, but not impossible.
    If you want any sort of mitigation from OH-DAY you're going to need MAC, and even then that's not fool proof. Anything else is a gimmick. Bottom line 99% of the time 0 day will own you and there is nothing you can do about it. By the way, browser based exploits do exist for Linux, though they are not widely in use by malware developers, they are developed much the same way windows browser exploits are. I've demo'ed them multiple times recently. Use something like NoScript (if you want the demo check my blog, no you won't get XSS'ed). Also it's not easier or more difficult to "infect" a Linux box then a Windows box.

    Application-based firewalls appear to me to have one big advantage over port-based ones, and that is the ability to monitor and affect what goes in and comes out (albeit in crude fashion) in real time. They combine the virtues of a net monitor, with the ability to actually stop the transfer of data with a click of the mouse. That may not seem important to you, and if it's not, well, okay. I would like to be able to do it.
    That's called host based IDS, check the security stickies -- even application based firewalls like the one you linked above aren't doing that, they are simply monitoring connections made by each application. Think netstat+some iptables rules. Also if this were made on Linux it would no doubt use netfilter's conntrack so it wouldn't be in real time.

    I admit to being pretty much in the dark when it comes to the experience of a malware attack on a linux system. I have no idea what one would be like. I have heard of people's home folders being trashed. Linux systems are very secure, but they do get hacked on occasion - a friend's linux server was hacked a while ago, and they are not invulneralble. Imagine if someone installed a backdoor to your system, or installed a keylogger, without your knowledge. Perhaps you might only discover it, or at least you might first discover it, when it tried to connect to its master (and a little alert popped-up).
    You can hide processes and sockets from applications not running in kernel space, additionally you can hook another application -- so if I were goign to do this and make a return connection you can bet it would look like firefox to port 80 or 53 (how are you going to choose to block that? Exactly you won't).

    To those who say that application-based firewalls turn users into "clickers", I would say that in combination with a port-based configuration, "allowing" everything would be as secure as a port-based configuration alone. I don't see the problem...
    Umm no.

    You nay-sayers may be right. There likely isn't enough interest at the developer level to support this right now. Linux is very safe - especially if you're careful and at least a little bit educated. But I predict that a time will come when malware for linux will become more prevalent and at that time an application-based firewall will finally be developed and maintained. It's not a panacea, and no one's suggesting it is (in point of fact, it's a pain in the ***). It's just one more tool for the security conscious person (okay, the excessively paranoid) to monitor and control their system. It fits very nicely between the port-based firewall and a packet analyzer.
    Again IDS/IPS...It sounds like what you want.

    Hope this helps.

  9. #109
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by Laysan_A View Post
    Honestly, I'm a little disappointed at the attitude of the ubuntu forums staff members, and their complete obstinance regarding this issue - even to the extent that they WILL NOT allow, in the remotest sense, that an application based firewall MIGHT be useful for some people, and in some situations.
    What the staff, and others, are trying to tell you boils down to 3 issues:

    1. It is not as simple as you envision. You might think it is trivial to write some kind of graphical front end to do this, but the technology you envision as an "application firewall" is equally trivial to circumvent.

    2. Superior tools already exist. Apparmor, selinux, iptables, snort, wireshark, etc. Yes there is going to be a learning curve, but no more or less then a graphical interface to these tools would offer.

    For example, SUSE has a graphical interface for writing apparmor profiles, you still need to understand apparmor before you can write a profile.

    This is what it looks like



    And this is a demo:

    http://searchenterpriselinux.techtar...ion-in-FireFox

    So if you look, you will see that there is a learning curve and customization required even with a graphical interface.

    The advantage of apparmor is it is easier to learn then selinux. The disadvantage it requires you to maintain it more then selinux.

    I highly suggest you look at Fedora / Selinux. selinux on Fedora is much more mature then apparmor.

    I have to disagree with Dangertux on this. I would agree selinux is not perfect, but it has been shown, as has apparmor, to help stop would be zero day exploits.

    3. Interest in developing such a tool, buy developers, is low. You will either need to learn to code yourself or learn to communicate with the developers in a way that motivates them to code for you. It is not the responsibility of the forums staff to take your demands to the developers and force them to code for you, neither the forums staff nor the open source community works that way.

    Now the staff, and others, may be willing to help you, but your posting style does not motivate me to help you.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #110
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: TuxGuardian - application based firewall

    To clarify I meant the 99% statement to be without MAC -- so you probably do agree with me just not the way I worded it lol.

    I would certainly hope mandatory access controls do something in terms of 0 day since that's pretty much the only reason people use them. Though when you start talking about browser exploitation and other client side attack vectors the game changes considerably, as most client side apps need access to whatever is the target in the first place. So 0day still has a good chance of owning you.
    Last edited by Dangertux; December 5th, 2011 at 07:38 PM.

Page 11 of 12 FirstFirst ... 9101112 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •