[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RFE: FireKit



2009/7/24 Björn Persson <bjorn xn--rombobjrn-67a se>:
> Colin Walters wrote:
>> If for
>> example I enable desktop sharing before leaving work, then head to the
>> airport, and log on there to WiFi, you really don't want the desktop
>> sharing still enabled.  Nor likely do you want sshd.
>
>  – Internal tech support, Randy Hacker speaking.
>  – Hi Randy, Joe Salesman here. I'm at the airport. Something's wrong with my
> laptop. The screen just goes black when I try to start Open Office Impress. It
> worked fine yesterday. If I can't get it to work before I get to the customer's
> site I won't be able to show the presentation.
>  – OK Joe, I'll SSH into your laptop and look at the logs. What's your current
> IP address?

In this case, when the firewall is re-enabled, it would be enabled to
whatever the system administrator has configured it to do.  In other
words if they added an explicit passthrough for port 22, that would
continue to work.

> Joe might have file sharing enabled to share his documents with his colleagues
> in his own company, but just because Joe wants to let people see the
> presentation, that doesn't mean he wants anyone who might be connected to the
> customer's network to read all his documents.

Hmm?  How would they be able to read all his documents?

> In one known attack against the concept of trusted networks, an attacker
> configures his laptop to present itself as a WiFi access point and broadcast a
> large number of strategically chosen SSIDs. Then he sits down in a public
> place and waits for unsuspecting laptops to recognize the SSID of their home
> network and connect automatically.

I believe NetworkManager's connection list is based on the pair of MAC
address + SSID, not just SSID.

Now yes, of course someone could discover the MAC and SSID of a
particular access point at a company, then when a mobile worker goes
to a coffee shop, fake being that network.  But at this point we're
getting into very targeted attacks.  And I would argue that accepting
this is a valid tradeoff versus the even more serious problem of
people who disable the firewall to get things to work and then never
re-enable it.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]