[Firehol-support] Key loggers and others that communicate back to a base
Whit Blauvelt
whit at transpect.com
Wed Sep 3 00:43:53 BST 2014
Firehol's proxy support depends on also running squid. See:
http://firehol.org/firehol-manual/firehol-proxy/
There's nothing wrong with squid, but it's moderately complex to set up,
will suck up some CPU cycles, and adds latency to your connections.
To get squid to let you connect to HTTPS sites, as Costa mentions, would
require HTTP to the proxy, with the proxy doing HTTPS out from there with
your credentials. It would also result in your HTTPS traffic getting cached
on the proxy in the clear. So anyone who compromises your proxy server has a
rich store of stuff that's not going to be available on your workstation if
you do HTTPS straight outward from it. There's a security argument against
ever using a proxy for HTTPS. A major use of that scheme is by employers who
want to spy on their workers.
That said, there aren't a lot of keyloggers and such that will comromise
Linux systems. If you also have Windows boxen on your LAN, or phones and
tablets doing wifi, there's a serious chance of trouble. If it's just Linux
boxes (not counting Android, for which there are many compromised apps),
there's not nearly as much reason to worry.
Whit
On Wed, Sep 03, 2014 at 12:25:01AM +0100, Robin wrote:
> My setup is that I have a main desktop Ubuntu machine, and a second ubuntu
> machine that I use as a media center that is attached to my TV and accesses the
> internet via the same ADSL router. I also have a dvr that is directly
> connected to the router, and that is used to access videos stored on the main
> desktop machine. I use rygel as the DLNA controller. I also use VPN
> occasionally. Then there is the suggestion from Costa, which I would like to
> incorporate into the setup.
>
> Has anyone done something similar in Firehol that I could copy or at least use
> as a starter or am I being over ambitious in what I would like to do with
> Firehol?
>
> Robin
>
>
> Tsaousis, Costa wrote on 03/09/14 00:04:
>
>
> Firehol will do just fine allowing very specific services from your LAN
> machines to the internet.
> For HTTP/HTTPS I suggest to install a proxy and control the allowed URLs
> there. So, direct layer 3 HTTP/HTTPS should not be allowed. Only through
> the proxy. Firehol can also setup a transparent HTTP proxy for you (but not
> HTTPS - HTTPS cannot be intercepted - the clients will have to be
> configured to use the proxy for HTTPS).
>
> Costa
>
>
>
> On Wed, Sep 3, 2014 at 1:35 AM, Whit Blauvelt <whit at transpect.com> wrote:
>
> To the degree it can set what types of services you can be a client of,
> yes.
> But if the key logger or whatever is using an HTTP(S) POST or GET to
> send
> your data across, and you allow HTTP(S) clients out over the firewall,
> you've still got trouble.
>
> You could allow only HTTP(S) clients to connect to specific IPs. For
> most of
> us, that would be a nonstarter. But if you wanted to have a system that
> could only connect to your bank, and your bank's at a fixed IP, you
> could
> easily do that.
>
> Whit
>
> On Tue, Sep 02, 2014 at 08:45:14PM +0100, Robin wrote:
> > I feel I need to install a firewall and ubuntu comes with a very
> simple one,
> > but I noticed it did not stop outgoing comms, or provide for a white
> list,
> > dealing with communications going from key loggers, zombie
> machines, etc.
> > Does firehol help in this regard?
> >
> >
>
> > _______________________________________________
> > Firehol-support mailing list
> > Firehol-support at lists.firehol.org
> > http://lists.firehol.org/mailman/listinfo/firehol-support
>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>
>
>
>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list