Re: Various suggestions.

[Warren Young <tangent cyberport com>]

David Moles wrote:
> 
> So unless you're one of those people that's so rich you pay other people
> to read your email for you, you'd better start learning -- even if it *is*
> more than you ever wanted to know.

That's a grim view, but it takes too much of the present state of
affairs into account.  Some better ways exist, and some we can invent.

Since installing and configuring Linux's ipchains firewalling facility,
I've come to a fairly simple realization: every user whose OS allows
this sort of thing should have it set up.  But more importantly, the
OS's install routine should set it up automatically.

Initially, it should lock out everything inbound (except obvious stuff,
like DNS server replies), including nearly all ICMP traffic, especially
"ping" echo requests.  Then you're effectively invisible.  If the user
then wants to set up, say, an FTP server, it seems to me that they
should _then_ take on the burden of learning how to poke holes in the
firewall, and what the consequences are.  This is where GUI firewall
admin tools come in.

There is an important user segment that's currently overlooked by
security people: to them, it's either "no network security" or "user
behind a firewall managed by professionals".  With a simple ipchains
firewall set up, it really doesn't matter if I leave root shells logged
in all the time: I then have a physical security problem, not a network
security problem.  Since my machine is at home, physical security is
already taken care of.

Naturally, I'm talking about home users here, not corporate ones, but
that's because corporations already have the policies and personnel to
take care of these things.  It's the home-user scenario we need to work
on, to decide what kind of security measures make sense.

In fact, I think the widespread adoption of Linux depends on a friendly
way to selectively disable security.  (Or to put it another way, a
controlled way to elevate normal users to be able to do rootly things,
perhaps only temporarily.)

Imagine a family machine: dad and mom know the root account password,
and dad has his login set up to be able to do some maintenance tasks,
for convenience.  The kids are able to bring the network link up and
down, and to mount removable media.  The older sister, Jane, has also
been given the ability to run the backup program, because that's one of
her chores.

All of this is presently possible with the right setup.  It's just a
question of deciding what GNOME's role in this is: it's probably a GUI
tool -- a la linuxconf -- designed to selectively poke holes in the
system's security.  It's a tool for the casual user, who doesn't want to
be tripped up in local security measures that are meaningless for a home
machine.
-- 
= Warren Young, maintainer of the Winsock Programmer's FAQ at:
=     http://www.cyberport.com/~tangent/programming/winsock/
=
= ICBM Address: 36.8274040 N, 108.0204086 W, alt. 1714m