mobility and firewall
Ivan Krstic
krstic at hcs.harvard.edu
Fri Jun 3 21:39:33 CDT 2005
Lance Lassetter wrote:
> Something as simple as this could help tremendously IMHO.
Please elaborate.
What is your threat model? The only thing that the ruleset you provide
will do differently from a current Ubuntu install (without a firewall)
is drop packets that are not part of known connections or that are
malformed. In your threat model, what does this defend you against? How
is defending against it helping security "tremendously"? How many of the
last 1000 exploits published on BugTraq would you have stopped with this
ruleset?
Having that ruleset in place would defend you against a set of extremely
rare, obscure vulnerabilities while leaving you completely open to
virtually every common exploit that you can find. You're trying to fit a
square peg in a round hole: firewalls are a solution to a specific set
of problems, and the ones you're trying to address do not seem to me to
be in that set.
-IK
More information about the ubuntu-devel
mailing list