On Thu, 2008-10-30 at 08:48 -0400, James Carlson wrote: > Bill Sommerfeld writes: > > On Wed, 2008-10-29 at 18:55 -0400, Peter Memishian wrote: > > > > > But that's just it -- the admin isn't explicitly misconfiguring the > > > system, he's just not familiar with the internal policy decisions that > > > NWAM will make -- and I think it's unrealistic to expect that he can be. > > > > I disagree that it's unrealistic. we need to make the (higher-level) > > policy and policy decisions made by NWAM more observable. > > (the GUI present in build 99 is a big step forward for desktop/laptop > > users). > > I certainly agree with making things more observable -- it's hard to > disagree with that -- but I think meem has a point here. > > If the administrator himself were somehow invoking DHCP knowingly, > then you could reasonably charge him with "misconfiguration" (or > worse) if he did that while having a filter in place that blocks DHCP. > > However, NWAM is different, because it's going to invoke DHCP on its > own. The administrator never really asked. It's likely that as NWAM > matures, it'll invoke many other things on its own.
That's very worrying. The administrator who cares about security will need either: a) to understand what NWAM is doing or b) be able to disable it. > There's probably a fair argument to be made to punch holes in the > default firewall policy for explicitly configured services, but that > argument is much harder to make for services run by some intermediary > and where the firewall policies are explicit and from an administrator > rather than some pre-packaged "default" set. The set of enabled-by-default services needs to be small enough that an administrator capable of composing a packet filtering policy can be expected to understand the ramifications of them being enabled by default.
