On Tue, 2014-04-22 at 15:04 -0400, Simo Sorce wrote: > On Tue, 2014-04-22 at 14:41 -0400, Russell Doty wrote: > > On Tue, 2014-04-22 at 14:23 -0400, Simo Sorce wrote: > > > On Tue, 2014-04-22 at 13:22 -0400, Russell Doty wrote: > > > > On Tue, 2014-04-22 at 19:01 +0200, Miloslav Trmač wrote: > > > > > 2014-04-22 13:40 GMT+02:00 Stephen Gallagher <sgallagh@xxxxxxxxxx>: > > > > > 3) Recovery and auditing are more important than prevention. > > > > > > > > > > This is only true for large managed enterprises, where recovery is > > > > > possible in the first place (how many people don't have good > > > > > backups?), and prevention is bordering on impossible (with the high > > > > > number of systems and administrators). For individual users auditing > > > > > is completely pointless, recovery is either impossible or a huge > > > > > hassle, and prevention the only option. > > > > Well, the presentation was focused on enterprise systems... > > > > > > > > But there were some underlying themes: > > > > > > > > * Users will work around anything, including security features, that > > > > interfere with them doing their job. > > > > > > > > * It is impossible to completely secure a system. A prevention only > > > > approach doesn't work well. > > > > > > > > * An effective security model is built around Deter, Detect, Delay, > > > > Respond, Remediate. > > > > > > > > * Security is one of multiple threats to system integrity. > > > > > > All very true, but you do not remove the Deterrent, just because you > > > have the other 4 layers (which we do *not* have very much in Fedora when > > > it is used as a simple workstation). > > Absolutely true - the foundation of the stack is Deter. The point is > > that we can't harden a system enough for Deter alone to be fully > > effective, so we need to have the complete security model. > > > > And you are right. We have a real opportunity to look at an overall > > "people centric" approach to security in Fedora. Look at the traditional > > threat models, look at the people issues, and look at an overall > > approach to maintaining system integrity. > > > > I'd like to see us exploring system integrity in greater depth. > > > > > > This is why people say we need to improve the Firewall experience not > > > raise white flag and disable it. > > Agree. Unfortunately, the easy way out is to punch so many holes in the > > default firewall that it doesn't offer much protection... > > not really true, having the default one allow access only from the local > lan at most is a huge improvement rather than no firewall. > > All you need is a button that lets you select between 3 zones when you > join a new network and you have a much better system already, nothing > fancy, and the 3 zones correspond to the concepts of: > open to everyone (effectively disables any protection) > open to the local lan only (what you would select at home/work/trusted > network) > closed (what you would select in a public place on an untrusted network) This sounds a lot like the Network Manager model. Could this basic firewall configuration be integrated with the Network Manager interface? So that a user sets their "security profile" one place, and all related system settings and configurations are updated? > > It is quite simple to describe even to a non expert user what these > means in general terms. > > Of course it won't be perfect, but much better than nothing, and much, > much friendlier than what we have now. A combination of this and having all commonly used applications configure the firewall when installed/uninstalled looks like a good start, especially from a usability perspective. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
