Internet Security with Linux

[RCuber]

Ok guys here is my question.
Why do I require a Firewall if Linux is so secure. I dont have to worry about virus thats ok.

And what about Firefox? does the security bugs in Firefox affect my OS? Can any bugs in firefox or Linux itself create a backdoor? I want frank answer

 

[praka123]

do u want to have ur critical data accessible to any person?a firewall is needed to protect!although i know by default ubuntu comes with ports closed.also do u believe every binary formats esp proprietory one in elf format?elf injection thing is there where a s/w in elf format can be used to attain root permissions through its vulnerabilities.that is why Debian Etch(stable) got security fixes! .though all these comes into use in only in serve scenario.

with cross platform lang like java you are vulnerable with stealing data for eg,the passwd cheat demo done by heisse security shows that!

as frank as i can though my knowledge reg network is little.

 

[a_k_s_h_a_y]

yes .. certainly.. that's what i think !!
but after back door is created... and say some is trying to mess up with system then it can't ... coz you know permissions and all !!

stealing ur webdate is very much possible
coz its between browser and hacker..!

 

[RCuber]

a firewall is needed to protect!

personal data going out? or someone hacking into my system ??? ..

.also do u believe every binary formats esp proprietory one in elf format?
elf injection thing is there where a s/w in elf format can be used to attain root permissions through its vulnerabilities.that is why Debian Etch(stable) got security fixes! .though all these comes into use in only in serve scenario.

can you provide me some more info on the vulnerability?

with cross platform lang like java you are vulnerable with stealing data for eg,the passwd cheat demo done by heisse security shows that!

As a java browser applet or a application?

 

[The_Devil_Himself]

@charan:Chances of Virus attack is very few if not non-existent.

And what about Firefox? does the security bugs in Firefox affect my OS? Can any bugs in firefox or Linux itself create a backdoor? I want frank answer

No OS is perfect.And yea security bug in firefox can affect your Linux installation but common sense goes a long way in avoiding these.That is why they keep releasing updates.SO In my opinion having a firewall is always recommended but not at all necessary in linux while I found life without a firewall in Windows not at all possible.

So,to be frank,Yes you can be compromised even if you use Linux but it all boils down to chances which are close to zero.

 

[praka123]

personal data going out? or someone hacking into my system ??? ..

hehe! first of all ur asking a n00b in networking these ques?

I think it can be possible for a hacker(rare chance) to attach to ur system via http port or any open port via telnet.ofcourse mostly read only one.but may be some worms which can exploit vulnerability in suid etc systems or elf binary linking format,it can harm as it gets admin(root) privilages.although very rare.another plot is someone who get privilages can install a custom rootkit which can work for the hacker as a server!it is ofcourse more or less the same for all operating systems?

can you provide me some more info on the vulnerability?

elf=xyz.so format (use "readelf -a xyz.so" to get info about elf file)
*en.wikipedia.org/wiki/Executable_and_Linking_Format
*www.ibm.com/developerworks/power/library/pa-spec12/?ca=dgr-lnxw16ELFHero
kernel bug?suid?sgid?sudo?<==reliability
*lwn.net/Articles/136516/
Denial Of Service vulni(obsolete info maybe),privilage escalation?:
*marc.info/?l=bugtraq&m=110010551907076&w=2
*www.securityfocus.com/bid/12101
a good read:
*www.linuxconsultingteam.com/articles/tag/backdoors

As a java browser applet or a application?

AFAIK browser applet can be!

 

[RCuber]

@prakash thanks for those links .. really good to read .. Must read more on elf and SUID/SGID