[SOLVED] How to Prevent Data Exfiltration?

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
benali72
Level 4
Level 4
Posts: 278
Joined: Sat Mar 23, 2013 11:49 am

[SOLVED] How to Prevent Data Exfiltration?

Post by benali72 »

How can I easily allow or deny apps the ability to send data out of my computer?

In Windows, there are programs like Zonealarm that make this easy. They list by name all the programs that attempt outbound internet access. Then you simply select DENY for any app you don't want to send out data.

The only way I've found to do this in Linux is to deny outbound access by ports, editing iptables, or other non-user-friendly techniques.

Is there any Linux firewall that specifies apps requesting outbound internet access by name? So that I can easily block the ones I don't want to allow this access for?

Thank you for your advice.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
GS3
Level 8
Level 8
Posts: 2385
Joined: Fri Jan 06, 2017 7:51 am

Re: How to Prevent Data Exfiltration?

Post by GS3 »

Let me be the first to disappoint you: viewtopic.php?f=90&t=345560
Please do not use animated GIFs in avatars because many of us find them distracting and obnoxious. Thank you.
djph
Level 7
Level 7
Posts: 1882
Joined: Thu Jun 27, 2019 5:43 am
Location: ::1

Re: How to Prevent Data Exfiltration?

Post by djph »

While it is entirely possible that someone somewhere will go about writing a Linux-based layer7 firewall akin to zonealarm at some point; the fact of the matter is that there is no real push for it, as enough of the admins/networking types either (1) handle this elsewhere on their network (e.g. edge router plus DNS filtering and proxy, etc) OR (2) are of the mind that the current iptables/nftables/namespace/etc. options are sufficient on the individual machines. (Though that being said, "per machine" gets tiresome, and "on the edge" is usually considered the right place)

Basically, you're seeing a difference of the paradigms between not only the general use-cases of linux and windows; but also in the general thinking of those people who deploy them. For example, I just don't care on my workstation (although I do log everything at the edge, and review it every now and again -- but I have to keep in mind that the family needs to be kept happy :wink:), and the servers all have various levels of "don't allow outbound" ... which are a bit excessive, since they're mostly barren, save for the applications mandatory to them performing their tasks. Inbound firewalls are the same. Workstation doesn't care, servers are only listening on a handful of ports. And then there's the edge firewall blocking everything except the few services I run anyway (well, excluding any derpy ports open by the ISP on their gateway thing ... but that's stuck outside of "my edge" for hopefully obvious reasons).
newlyminted7
Level 5
Level 5
Posts: 563
Joined: Sat Jan 02, 2021 4:44 pm

Re: How to Prevent Data Exfiltration?

Post by newlyminted7 »

Yes, you can, actually, with OpenSnitch (https://github.com/evilsocket/opensnitch).
See: viewtopic.php?p=1990551#p1990551
It's not exactly ZoneAlarm, but it does what you requested.
Can take a bit of getting used to, and some people don't like the UI, but it works great for some of us.
djph
Level 7
Level 7
Posts: 1882
Joined: Thu Jun 27, 2019 5:43 am
Location: ::1

Re: How to Prevent Data Exfiltration?

Post by djph »

newlyminted7 wrote: Tue Apr 13, 2021 2:54 pm Yes, you can, actually, with OpenSnitch (https://github.com/evilsocket/opensnitch).
oh hey, someone did make a L7 firewall :shock:
benali72
Level 4
Level 4
Posts: 278
Joined: Sat Mar 23, 2013 11:49 am

Re: How to Prevent Data Exfiltration?

Post by benali72 »

Thanks for your advice. I'll look into Opensnitch. Sounds like it might work for me.

I also found a FOSS app called Douane that has a really nice UI and does exactly what I want. It traps outbound sends, and allows you then to ALLOW or DENY such activity by program.

However, the Douane homepage tells you -- Warning: unfortunately the project is suffering of a kernel freeze bug that can break your machine!

When that issue gets fixed, it could be perfect for this role (see https://douaneapp.com/ ).

In the US, corporations aggressively take user data without permission, so a user-friendly tool like this is really needed.

Thanks again.
djph
Level 7
Level 7
Posts: 1882
Joined: Thu Jun 27, 2019 5:43 am
Location: ::1

Re: How to Prevent Data Exfiltration?

Post by djph »

benali72 wrote: Wed Apr 14, 2021 2:21 pm In the US, corporations aggressively take user data without permission, so a user-friendly tool like this is really needed.
Not really so much in Linux ... mostly because the people writing the software are the same people who hate un-necessary phoning home ...
newlyminted7
Level 5
Level 5
Posts: 563
Joined: Sat Jan 02, 2021 4:44 pm

Re: How to Prevent Data Exfiltration?

Post by newlyminted7 »

benali72 wrote: Wed Apr 14, 2021 2:21 pm In the US, corporations aggressively take user data without permission, so a user-friendly tool like this is really needed.
It's definitely not just the US.
dave0808
Level 5
Level 5
Posts: 971
Joined: Sat May 16, 2015 1:02 pm

Re: How to Prevent Data Exfiltration?

Post by dave0808 »

An additional option is to run your applications in a sandbox with firejail, so the applications have limited visibility of your data (e.g. firefox and thunderbird essentially limited to your Downloads folder, music players to music files, etc). This aids with "defence in depth". Don't rely solely on one means of protection.
User avatar
GS3
Level 8
Level 8
Posts: 2385
Joined: Fri Jan 06, 2017 7:51 am

Re: How to Prevent Data Exfiltration?

Post by GS3 »

dave0808 wrote: Thu Apr 15, 2021 10:19 am An additional option is to run your applications in a sandbox with firejail, so the applications have limited visibility of your data (e.g. firefox and thunderbird essentially limited to your Downloads folder, music players to music files, etc). This aids with "defence in depth". Don't rely solely on one means of protection.
That is not, in any practical sense, a replacement for a firewall.
Please do not use animated GIFs in avatars because many of us find them distracting and obnoxious. Thank you.
dave0808
Level 5
Level 5
Posts: 971
Joined: Sat May 16, 2015 1:02 pm

Re: How to Prevent Data Exfiltration?

Post by dave0808 »

GS3 wrote: Thu Apr 15, 2021 12:24 pm That is not, in any practical sense, a replacement for a firewall.
I never said that it was...
dave0808 wrote: Thu Apr 15, 2021 10:19 am An additional option ...
Don't rely solely on one means of protection.
benali72
Level 4
Level 4
Posts: 278
Joined: Sat Mar 23, 2013 11:49 am

Re: [SOLVED] How to Prevent Data Exfiltration?

Post by benali72 »

Hey everyone, thanks for all the ideas in this discussion.

Short-term, I'll learn Opensnitch. It looks like it'll take a little effort but it should do what I need.

Long-term, I'm keeping track of Douane for when it's ready for prime-time. It should be ideal once it works without any issues.

Firejail looks like a fantastic tool I need to learn about. It looks really useful, though it's not quite what I was seeking in terms of this specific need.
Locked

Return to “Beginner Questions”