[maemo-developers] Security Guidance for N800 OS development

[From: Acadia Secure Networks]

Daniel,


by way of example, my PC has a firewall (Symantec) that does outbound 
filtering. I appreciate the fact that when I  launch an application  for 
which I have not previously provided authorization to access the 
Internet (defined here as an IP range beyond my LAN subnet), the 
firewall warns me before allowing the connection to take place and lets 
me decide whether to block, allow this one time, or allow permanently 
the access.  With this kind of protection  on devices such as the N800, 
it is more likely that the outbound filter will also catch a silent 
rogue app that, by some means, has gotten installed on the device.(these 
days typically by a user being socially engineered to do something that 
they should not do).

One of the challenges of any software developer group like this is to 
perceive the product like the average end user and not a developer. With 
respect to device security services, as opposed to, say a collaboration, 
communications, or entertainment app, it is hard for an experienced 
clueful developer to put him or herself into the "shoes" of the average, 
not highly clueful, end user. Security is, whether we like it or not, an 
essential part of the software/device/product usability mix even though 
it is, for most developers, a boring aspect of computer systems/science. 

Today's responsible sw/product companies and their software engineers 
work hard to establish the right balance of security and useability. 
Microsoft has been a major miscreant in this respect for many years, and 
they have, painfully, learned their lesson and are now working hard to 
correct past mistakes. Nokia clearly has the opportunity to do better 
with its products of the class of the 770/N800 and set a standard for 
others to follow.

Best Regards,

 

John Holmblad

 



Daniel Stone wrote:
> On Tue, Feb 20, 2007 at 04:34:21PM -0600, ext Paul Klapperich wrote:
>   
>> Nokia really doesn't have to do anything to "guarantee" that 3rd party apps
>> are safe, but I would certainly trust the integrity an official iptables
>> compiled by Nokia. They certainly have something to loose by somehow
>> subverting it, so I would trust it. And as it really wouldn't take anything
>> more than a checking the option in the kernel config before building, I
>> really don't think this is any additional burden to them.
>>     
>
> Okay, so what are you going to do with this iptables package?  As far as
> I can tell, there are two options:
>   a) nothing;
>   b) iptables -P INPUT DROP; iptables -A INPUT -m state --state
>      ESTABLISHED,RELATED -j ACCEPT
>
> a) provides no change over the status quo.
> b) provides no change over the status quo, except that it encourages
> people to have open ports.  It would mean that people who wanted to
> listen to the outside world have to explicitly punch a hole in the
> firewall.  Right now, people who want to listen to the outside world
> have to explicitly open a socket on that interface, which to me is a
> pretty clear statement of intentions.
>
> I just don't see why you would want it.  How would it make things more
> secure, at all, except for the warm fuzzies that come from having a
> firewall?  It provides no practical benefit in any case which isn't
> hopelessly contrived.
>
> Cheers,
> Daniel (not responsible for this decision, not speaking for N, etc etc)
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> maemo-developers mailing list
> maemo-developers at maemo.org
> https://maemo.org/mailman/listinfo/maemo-developers
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.maemo.org/pipermail/maemo-developers/attachments/20070221/6f7c9384/attachment.htm