[Gllug] how safe is linux against identity thief
Harry Rickards
hrickards at l33tmyst.com
Tue Mar 24 15:17:05 UTC 2009
Quoting Joel Bernstein <joel at fysh.org>:
> On 24 Mar 2009, at 13:28, Harry Rickards wrote:
>
>>
>> Quoting Joel Bernstein <joel at fysh.org>:
>>
>>> On 24 Mar 2009, at 11:30, Harry Rickards wrote:
>>>
>>>> Are you using iptables for the firewall? (I'm not familiar with
>>>> Ubuntu
>>>> Firewall.)
>>>
>>> What do you suggest that Lucy would have solved by doing so?
>>>
>>> Please don't top-post.
>
>> Sorry about the top posting, just forgot. If Lucy had accidently
>> installed a piece of malicious software that was running a server on
>> the machine, then I believe iptables (if set up correctly) would stop
>> remov=te machines connecting to the server.
>
> Whereas another firewall wouldn't? What is "properly"? I'm not clear
> what purpose a packet filter will serve in preventing the kind of
> problems Lucy is seeing. It sounds like you're suggesting a solution
> based on the assumption that the attackers are able to launch a server
> on Lucy's machine, accepting inbound network connections from the
> Internet, and that they will be prevented from doing so by setting a
> default firewall policy to deny/drop new connections from the external
> interface? This might be correct, although if they can launch servers
> on low ports they presumably already have root and can fiddle with
> iptables anyway. I think it's a false premise to assume that a
> firewall would protect against social engineering, or indeed against
> DNS poisoning/hijacking, MITM attacks, etc. But maybe you can explain
> it differently for a little-braned bear such as me to understand.
>
> /joel
>
>
> --
> Gllug mailing list - Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
I wasn't trying to suggest that iptables would stop the identity
thief, but if Lucy were to accidentally install a malicious piece of
software that were to setup a server on the machine, then a firewall
may stop it. I used iptables as an example, as as far as I can tell
(I'm not a security expert, as you can probably tell) it seems to be
the industry standard.
Harry
--
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list