Firewalls

Status

• Created: Date(2005-04-25T02:44:58Z) by JaneW

• Priority: LowPriority

• People: ThomMayLead, AnthonyBaxterSecond

• Contributors: JaneW

• Interested: JeffBailey

• Status: DraftSpec, DistroSpecification, NewSpec

• Branch:
• Malone Bug:
• Packages:
• Depends:
• Dependents:

  FullSearch(Firewalls)

• UduSessions: 1, 4, 8, etc

Introduction

Firewalls & Security are important to end-users. Also, when users migrate from other operating systems (and even Linux distributions), there is a sense of wanting a Firewall Management tool. An example of this is how the nice utility that is shipped in Mac OS X, where settings can be turned on and off with the click of the button.

Rationale

Ubuntu should be as secure as possible whilst remaining usable and featureful. To combine these two goals, we require a functional firewall admin tool. We should enable users to effectively and simply enable and disable services such as web or file serving, and allow peer-to-peer services such as BitTorrent.

Scope and Use Cases

1. Charles wishes to protect his machine, which is directly on the internet, from attackers. He wishes to be able to continue to use his peer-to-peer clients.
2. William wishes to enable his machine, which is directly conected to the internet, to serve web pages to his friends, whilst remaining protected otherwise.
3. Harry wishes to share the connection on his computer to the rest of his family.

Implementation Plan

• Design and implement a reasonable set of levels of security
• Design and implement a graphical tool to allow the user to switch between these levels
• Add functionality to debhelper to allow packages to add descriptions of which ports they require to the graphical tool
• Add functionality to both Network Admin and the firewall tool to allow internet connection sharing.

The user should be presented with a simple tool that allows them to select various levels of security. These would be:

1. Paranoid - lock everything down to only allow outgoing connections
2. High - allow outgoing connections and certain incoming high ports for p2p apps
3. Medium - allow outgoing connections, incoming ports for selected applications, and incoming ports for p2p apps.
4. Low - "get out of my face" mode.

Packages which provide daemons that should be listening

Data Preservation and Migration

Packages Affected

• Many packages that provide daemons

• gnome-system-tools

• debhelper

User Interface Requirements

• simple graphical tool that enables the user to change security level
• interface for sharing a connection trivially.