Gentoo Archives: gentoo-desktop

From: Roman Zilka <zilka@×××××××.cz>
To: gentoo-desktop@l.g.o
Subject: Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box.
Date: Wed, 23 Mar 2011 09:47:10
In Reply to: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box. by Lindsay Haisley
Lindsay Haisley (Mon, 21 Mar 2011 11:11:52 -0500):
> I'm putting this in a separate thread because IMHO it has nothing to do > with any problems I'm having, but with desktop security in general. > > On Mon, 2011-03-21 at 09:57 +0100, Roman Zilka wrote: > > The third suggestion is probably the most important one: being NAT'd > > and being behind any iptables configuration (that allows for operations > > such as sending mail and browsing the web) doesn't make your PC > > invulnerable or anything near that. In other words, active break-in > > attempts via open ports is by far not the only option hackers have. > > So give me an example, Roman, assuming one's firewall is intact and > functioning as designed. The only such class of possible exploits I can > think of is the possibility of importing a virus, trojan, worm, etc. via > email, or possibly via a web script. Linux viruses propagated via email > are scarcer than hen's teeth, and an exploit imported thusly which would > leverage a vulnerability in a specific problem kernel is almost > certainly rare enough to be considered nonexistent in the wild as a > practical matter. Please cite specific viruses/trojans, and if you can, > reported cases of such exploits. In other words, don't blow smoke at me > or throw out generalized assertions without citing evidence to support > them.
Yes, the firewall being 95% of all the defense necessary is an outdated story (ignoring social engineering now). Take a web browser: it's so complex with so many things in it that could be abused by a malicious website (that perhaps didn't even want to do bad stuff, but got hacked yesterday)... Donnie Berkholz mentioned a few. The most common browser plugins - Flash and Acrobat - and their security holes are considered one of the greatest threats to a desktop user. As long as you browse the web, you're exposed and the firewall will let it all through, of course, because you do want to browse the web. As a result of a security hole abuse, your PC may get infected with a well-hidden keylogger and/or backdoor which doesn't have to wait for a connection from the outside (because the firewall would prevent that). Apart from that, you may once in a while get tempted to open a piece of spam which just happens to look so legitimate. And this item happened to contain a 1x1 pixel white image which abused a hole in libmng which you'd always ignored, because you just never view mng files. Of course, it's not just the browser and mail client that deals with something coming from the Internet. DNSSEC is also on the table nowadays. No firewall will protect you from spoofed DNS replies that will lead your browser to a malicious site. Also, you mentioned earlier that you access various VPNs. I don't know much about VPNs, and topologies and configurations may clearly vary broadly, but I suppose there can be a setting such that your PC will get exposed to direct traffic from the VPN peers. NAT or not NAT. There's a gargantuan mass of data on these and more issues lying around the web. Google will give you more reading on the topic. -rz


Subject Author
Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box. Lindsay Haisley <fmouse-gentoo@×××.com>