Broadband Security - Mandriva

This is a discussion on Broadband Security - Mandriva ; On Mon, 02 Jul 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article , Adam wrote: >Moe Trin wrote: >> All to many popular distributions create these non-standard solutions >> (with each distribution doing it differently), set them up with what ...

+ Reply to Thread
Page 7 of 7 FirstFirst ... 5 6 7
Results 121 to 130 of 130

Thread: Broadband Security

  1. Re: Broadband Security

    On Mon, 02 Jul 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Adam wrote:

    >Moe Trin wrote:


    >> All to many popular distributions create these non-standard solutions
    >> (with each distribution doing it differently), set them up with what
    >> they consider to be standard jobs, and leave it at that.

    >
    >My only significant Linux experience is with Mandrake/Mandriva, so by
    >default their way of doing things seems to me to be either the
    >"standard" way, or a deliberate improvement. I'm sure there are
    >numerous features in Mandr* that are either nonstandard or better in
    >another distro, but I wouldn't (yet) know what they are.


    Well, variety is the spice of life and all that, but there are some
    standards. Start at "Linux Standard Base" http://www.linuxbase.org/spec/
    and work your way down through the Filesystem Hierarchy Standard from
    http://www.pathname.com/fhs/. There is a Linux Filesystem Hierarchy from
    the LDP at http://tldp.org/guides.html that helps explain the later.

    Each distribution tries to follow their interpretation of those standards,
    but that is just the starting point. For example, you can't drop a SuSE
    or Red Hat kernel into your Mandriva install, because every d4mn one of
    the distributors knows how to make the kernel "better". Still, if you
    can use the command line to follow what is happening, nothing is totally
    unknown. Once the kernel is loaded and starts, the world begins at
    /etc/inittab (except in those few distributions that have decided to use
    the new "upstart" package in place of init), and MOST of it is just
    fancy shell scripting - some of it exotic, because the guys who created
    the scripts know their shell, and are absolutely _flaunting_ it, but it
    is still readable and even understandable if you have the man pages to
    see what in the Foggy Blue Morning they're trying to do here.

    >> "standard ports" meaning

    >
    >well, my DSL router's idea of "standard" outgoing ports is:
    >
    >pass to port 80 >> done
    >pass to port 20 >> done
    >pass to port 21 >> done
    >pass to port 23 >> done
    >pass to port 110 >> done
    >pass to port 119 >> done
    >pass to port 143 >> done
    >pass to port 220 >> done
    >pass to port 25 >> done
    >pass to port 443 >> done
    >pass to port 500 >> done


    So, you're not supposed to use DNS (53/udp and maybe 53/tcp) directly?
    This also looks like it would kill traceroute, and using a web proxy on
    8080/tcp. Oh, well.

    >Okay, I was wondering why they'd use some other port. I can now access
    >the LUG mailing list archives. I get a few "security certificate is
    >outdated" popups, but I know /those/ aren't my doing.


    Yeah, but they should be corrected by kicking the appropriate admin in
    the soft bits to get his attention.

    Old guy

  2. Re: Broadband Security

    Moe Trin wrote:
    > Well, variety is the spice of life and all that, but there are some
    > standards. Start at "Linux Standard Base" http://www.linuxbase.org/spec/
    > and work your way down through the Filesystem Hierarchy Standard from
    > http://www.pathname.com/fhs/. There is a Linux Filesystem Hierarchy from
    > the LDP at http://tldp.org/guides.html that helps explain the later.


    I've read the last one, and will look at the others. I like following
    standards.

    >> well, my DSL router's idea of "standard" outgoing ports is:
    [list snipped]
    >
    > So, you're not supposed to use DNS (53/udp and maybe 53/tcp) directly?
    > This also looks like it would kill traceroute, and using a web proxy on
    > 8080/tcp. Oh, well.


    Well, my router has the following choices for security, among others.

    High Blocks all outgoing traffic except Mail, News, Web, FTP, and IPSEC

    Medium Same as high, end user can set custom rules through NAT
    configuration.

    There's also Low and None. I suppose that High would keep someone who
    has no idea what all that means out of trouble. I picked Medium, but as
    soon as I added "allow port 444 outbound" it became Custom.

    Adam

  3. Re: Broadband Security

    On Wed, 04 Jul 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <46Dii.4020$wu5.2348@trndny03>, Adam wrote:

    >I like following standards.


    The good thing about standards is that there are so many to choose
    from." -- Andrew S. Tanenbaum

    Standards are wonderful thing;
    everyone should have one of his very own

    A few years ago, Friday, October 14 was World Standards Day -- in
    *some* countries. In America, it was observed on October 11th. In
    Finland, it was marked on October 13th. Italy planned a separate
    conference on standards for October 18th. - after Shakib Otaqui

    >Well, my router has the following choices for security, among others.
    >
    >High Blocks all outgoing traffic except Mail, News, Web, FTP, and IPSEC
    >
    >Medium Same as high, end user can set custom rules through NAT
    >configuration.
    >
    >There's also Low and None.


    Well, I suppose that "radio buttons" are more informative than "sliders"
    but I'll stick with the simple shell scripts.

    >I suppose that High would keep someone who has no idea what all that
    >means out of trouble.


    I think the clueless will still manage to get into trouble - but that's
    usually a result of using a b0rken tool like Internot Exploiter as the
    only tool for Internet use, and clicking OK to get those annoying popup
    messages out of the way.

    >I picked Medium, but as soon as I added "allow port 444 outbound" it
    >became Custom.


    That makes sense, as it's no longer some "standard" configuration. I'm
    still not used to the "Mother, May I" type of filter on outbound. I
    know that my ISPs are doing some blocking (example port 25 only goes to
    their mail servers - everywhere else is blocked for zombie-control)
    and are happy with that.

    Old guy

  4. Re: Broadband Security

    Moe Trin wrote:
    > The good thing about standards is that there are so many to choose
    > from." -- Andrew S. Tanenbaum


    I believe he was the author of the textbook that we used when I took a
    course in computer networking around 1990. I don't think I have the
    book any more and don't think much of it would be useful today anyway.
    Remember Telenet (the network) and Tymnet?

    >> Well, my router has the following choices for security, among others.

    [snip]
    >> I picked Medium, but as soon as I added "allow port 444 outbound" it
    >> became Custom.

    >
    > That makes sense, as it's no longer some "standard" configuration. I'm
    > still not used to the "Mother, May I" type of filter on outbound. I
    > know that my ISPs are doing some blocking (example port 25 only goes to
    > their mail servers - everywhere else is blocked for zombie-control)
    > and are happy with that.


    At least I now know what to do if I come across another website that has
    to be accessed using some obscure port. Oh, and I figured out how to
    use /usr/bin/fax to send a fax, so my dialup modem is still good for
    something.

    Adam

  5. Re: Broadband Security

    Followup-To:

    On Fri, 06 Jul 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Adam wrote:

    >Moe Trin wrote:


    >> The good thing about standards is that there are so many to choose
    >> from." -- Andrew S. Tanenbaum

    >
    >I believe he was the author of the textbook that we used when I took a
    >course in computer networking around 1990. I don't think I have the
    >book any more and don't think much of it would be useful today anyway.


    Operating Systems, Design and Implementation, Andrew S. Tanenbaum, 1987,
    ISBN 0-13-638677-6, 940pp., Prentice-Hall.

    From http://www.cs.vu.nl/~ast/minix.html :

    WHAT IS MINIX 2.0

    MINIX is a free UNIX clone that is available with all the source code.
    Due to its small size, microkernel-based design, and ample documentation,
    it is well suited to people who want to run a UNIX-like system on their
    personal computer and learn about how such systems work inside. It is
    quite feasible for a person unfamiliar with operating system internals to
    understand nearly the entire system with a few months of use and study.

    MINIX has been written from scratch, and therefore does not contain any
    AT&T code--not in the kernel, the compiler, the utilities, or the
    libraries. For this reason the complete source can be made available (by
    FTP or via the WWW).

    MINIX has evolved over the years, so several versions exist. Two of these
    are still current. The rest are obsolete. The current versions are:
    MINIX 2.0 (Intel CPUs from 8088 to Pentium)
    MINIX 1.5 (Intel, Macintosh, Amiga, Atari, SPARC)

    Note that the last-modification date of that webpage was 1999. It's not GPL
    but is free (both speech- and beer-wise) for education and research purposes.

    Tanenbaum was/is an instructor at a university in .nl, and he created
    Minux as a teaching aide. Linus based his original designs on Minux.
    See his historic posting dated 25 Aug 91 20:57:08 GMT in the newsgroup
    comp.os.minix,

    Old guy

  6. Re: Broadband Security

    Moe Trin wrote:
    >>> The good thing about standards is that there are so many to choose
    >>> from." -- Andrew S. Tanenbaum

    >> I believe he was the author of the textbook that we used when I took a
    >> course in computer networking around 1990. I don't think I have the
    >> book any more and don't think much of it would be useful today anyway.

    >
    > Operating Systems, Design and Implementation, Andrew S. Tanenbaum, 1987,
    > ISBN 0-13-638677-6, 940pp., Prentice-Hall.


    No, his book "Computer Networking" was the one we used for networking
    class. For Operating Systems class we used a different book, possibly
    "Logical Design of Operating Systems" by Shaw and somebody, 2nd ed. Our
    big project in OS class was taken from the appendix of the 1st ed.,
    simulate a multiprocessing batch OS in a HLL, with swapping pages in and
    out, busy waits, interrupts, etc. That project was notable for two
    things: one, it was about the only group project that came out better
    than if I'd done it alone, and two, it was one of those rare times when
    I *knew* that we deserved an A on the project. Our OS even "billed"
    users for their batch jobs... at about ten times the going rate!

    Adam

  7. Re: Broadband Security

    Adam wrote:
    > it was about the only group project that came out better than if
    > I'd done it alone


    I like that attitude from those who deserve it.

  8. Re: Broadband Security

    On Sun, 08 Jul 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <_7Xji.376$CJ4.193@trndny08>, Adam wrote:

    >Moe Trin wrote:


    >> Operating Systems, Design and Implementation, Andrew S. Tanenbaum, 1987,
    >> ISBN 0-13-638677-6, 940pp., Prentice-Hall.

    >
    >No, his book "Computer Networking" was the one we used for networking
    >class. For Operating Systems class we used a different book, possibly
    >"Logical Design of Operating Systems" by Shaw and somebody, 2nd ed.


    Neither of those ring a bell. I've had several networking classes,
    and the textbook was usually TCP/IP Illustrated by W. Richard Stevens
    or something crappy written mainly by the instructor.

    >Our big project in OS class was taken from the appendix of the 1st ed.,
    >simulate a multiprocessing batch OS in a HLL, with swapping pages in
    >and out, busy waits, interrupts, etc.


    Somehow, I managed to never take an O/S basics course. I got conned into
    taking O/S specific classes - Novell 3.12 and 4.0, and one on NT 3.51,
    but thankfully never had to work with those O/S.

    >That project was notable for two things: one, it was about the only
    >group project that came out better than if I'd done it alone, and two,
    >it was one of those rare times when I *knew* that we deserved an A on
    >the project. Our OS even "billed" users for their batch jobs... at
    >about ten times the going rate!


    Why not? We've got all these expenses we've incurred to give you
    this sterling time-share... Sorta like GE used to gouge us during
    the mid-sixties.

    Old guy

  9. Re: Broadband Security

    Scott B. wrote:
    > Adam wrote:
    >> it was about the only group project that came out better than if
    >> I'd done it alone

    >
    > I like that attitude from those who deserve it.


    Is that an insult or a compliment? :-)

    Adam

  10. Re: Broadband Security

    Moe Trin wrote:
    > I've had several networking classes,
    > and the textbook was usually TCP/IP Illustrated by W. Richard Stevens
    > or something crappy written mainly by the instructor.

    [snip]
    > Somehow, I managed to never take an O/S basics course.


    Our classes emphasized theory, not how to set up or use any particular
    network or OS. All the requirements of our simulated multiprocessing
    batch OS came as a shock to those students whose idea of an "operating
    system" was PC DOS 3.3.

    >> Our OS even "billed" users for their batch jobs... at
    >> about ten times the going rate!

    >
    > Why not? We've got all these expenses we've incurred to give you
    > this sterling time-share... Sorta like GE used to gouge us during
    > the mid-sixties.


    The whole program was academic, not practical, and I didn't even think
    it was a terribly good program at the time (this was NOT at U-M). Most
    of it I've forgotten since then, if I even knew it at the time. One
    advantage of academia is that having completed a course in something is
    nearly as good as actually knowing it.

    Adam

+ Reply to Thread
Page 7 of 7 FirstFirst ... 5 6 7