[Firehol-support] Key loggers and others that communicate back to a base

Tsaousis, Costa costa at tsaousis.gr
Wed Sep 3 13:23:26 CEST 2014 

Rick, I think interface and router statements in firehol define zones. In
fact firehol is very flexible in this area. Using the 'group with'
statement you can have any number of subzones, even subzones within
subzones in any depth.

What control would you like to have at the zone level, that firehol does
not already provide in interfaces and routers?

Costa



On Wed, Sep 3, 2014 at 4:09 AM, Rick Marshall <rjm at zenucom.com> wrote:

> Hi Costa
>
> Question.
>
> We are about to do the engineering so we can support firehol 2 through our
> networks.
>
> One thing I have noticed about firewalld (used in Fedora at least) is that
> it now uses “zones”. Many of the commercial firewall devices do this too. I
> can sort of see how this helps in that it does give another level of access
> control.
>
> Are you planning to add an extra command to firehol - zone - to define
> zones and their characteristics?
>
>   *Rick Marshall*
> Technical Director
> Zenucom Pty Ltd
> 0411 287 530  http://www.zenucom.com
> Help Desk | 1300 752 172
> PO Box 1465, Port Macquarie NSW 2444
> ------------------------------
>  *IMPORTANT NOTICE:*
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended
> recipient you are notified that disclosing, copying, distributing or taking
> any action in reliance on the contents of this information is strictly
> prohibited.
>
> On 3 Sep 2014, at 10:04 am, Tsaousis, Costa <costa at tsaousis.gr> wrote:
>
> Also, since in your setup I don't see windows machines or linux servers
> accessible from the internet, I don't really see the risk.
> Linux does not suffer from malware to the extend the windows world does. I
> believe you are ok the way you are now.
>
> Of course, if you just want to learn, Rick's suggestion is perfect...
>
> Costa
>
>
>
>
>
> On Wed, Sep 3, 2014 at 2:46 AM, Rick Marshall <rjm at zenucom.com> wrote:
>
>> You need to have your main machine act as the firewall - ie all traffic
>> routed to it and then it routes to the modem/router.
>>
>> {home network}  <->  {ubuntu firewall} <-> {ADSL modem}
>>
>> ie the ADSL modem should only work as a switch and the default route for
>> all machines should be via your firewall. Then you can be happy.
>>
>> NB your firewall will work best with 2 interfaces, but this is not
>> essential. The home network can use the ADSL modem as a switch, but again a
>> separate switch would be better.
>>
>>   *Rick Marshall*
>> Technical Director
>> Zenucom Pty Ltd
>> 0411 287 530 <z4.png> http://www.zenucom.com
>> Help Desk | 1300 752 172
>> PO Box 1465, Port Macquarie NSW 2444
>>  ------------------------------
>>  *IMPORTANT NOTICE:*
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they are
>> addressed. If you have received this email in error please notify
>> the system manager. This message contains confidential information and is
>> intended only for the individual named. If you are not the named addressee
>> you should not disseminate, distribute or copy this e-mail. Please notify
>> the sender immediately by e-mail if you have received this e-mail by
>> mistake and delete this e-mail from your system. If you are not the
>> intended recipient you are notified that disclosing, copying, distributing
>> or taking any action in reliance on the contents of this information is
>> strictly prohibited.
>>
>> On 3 Sep 2014, at 9:25 am, Robin <rgs at creasehuggett.co.uk> wrote:
>>
>>  My setup is that I have a main desktop Ubuntu machine, and a second
>> ubuntu machine that I use as a media center that is attached to my TV and
>> accesses the internet via the same ADSL router.  I also have a dvr that is
>> directly connected to the router, and that is used to access videos stored
>> on the main desktop machine. I use rygel as the DLNA controller.  I also
>> use VPN occasionally. Then there is the suggestion from Costa, which I
>> would like to incorporate into the setup.
>>
>> Has anyone done something similar in Firehol that I could copy or at
>> least use as a starter or am I being over ambitious in what I would like to
>> do with Firehol?
>>
>> Robin
>>
>>  Tsaousis, Costa wrote on 03/09/14 00:04:
>>
>>
>>  Firehol will do just fine allowing very specific services from your LAN
>> machines to the internet.
>> For HTTP/HTTPS I suggest to install a proxy and control the allowed URLs
>> there. So, direct layer 3 HTTP/HTTPS should not be allowed. Only through
>> the proxy. Firehol can also setup a transparent HTTP proxy for you (but not
>> HTTPS - HTTPS cannot be intercepted - the clients will have to be
>> configured to use the proxy for HTTPS).
>>
>>  Costa
>>
>>
>>
>> On Wed, Sep 3, 2014 at 1:35 AM, Whit Blauvelt <whit at transpect.com> wrote:
>>
>>> To the degree it can set what types of services you can be a client of,
>>> yes.
>>> But if the key logger or whatever is using an HTTP(S) POST or GET to send
>>> your data across, and you allow HTTP(S) clients out over the firewall,
>>> you've still got trouble.
>>>
>>> You could allow only HTTP(S) clients to connect to specific IPs. For
>>> most of
>>> us, that would be a nonstarter. But if you wanted to have a system that
>>> could only connect to your bank, and your bank's at a fixed IP, you could
>>> easily do that.
>>>
>>> Whit
>>>
>>> On Tue, Sep 02, 2014 at 08:45:14PM +0100, Robin wrote:
>>> > I feel I need to install a firewall and ubuntu comes with a very
>>> simple one,
>>> > but I noticed it did not stop outgoing comms, or provide for a white
>>> list,
>>> > dealing with communications going from  key loggers, zombie machines,
>>> etc.
>>> > Does firehol help in this regard?
>>> >
>>> >
>>>
>>>  > _______________________________________________
>>> > Firehol-support mailing list
>>> > Firehol-support at lists.firehol.org
>>> > http://lists.firehol.org/mailman/listinfo/firehol-support
>>>
>>> _______________________________________________
>>> Firehol-support mailing list
>>> Firehol-support at lists.firehol.org
>>> http://lists.firehol.org/mailman/listinfo/firehol-support
>>>
>>
>>
>>  _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.firehol.org
>> http://lists.firehol.org/mailman/listinfo/firehol-support
>>
>>
>>
>> _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.firehol.org
>> http://lists.firehol.org/mailman/listinfo/firehol-support
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20140903/ff01987c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: z4.png
Type: image/png
Size: 3389 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20140903/ff01987c/attachment.png>

More information about the Firehol-support mailing list