[SOLVED] How to Prevent Data Exfiltration?
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
[SOLVED] How to Prevent Data Exfiltration?
How can I easily allow or deny apps the ability to send data out of my computer?
In Windows, there are programs like Zonealarm that make this easy. They list by name all the programs that attempt outbound internet access. Then you simply select DENY for any app you don't want to send out data.
The only way I've found to do this in Linux is to deny outbound access by ports, editing iptables, or other non-user-friendly techniques.
Is there any Linux firewall that specifies apps requesting outbound internet access by name? So that I can easily block the ones I don't want to allow this access for?
Thank you for your advice.
In Windows, there are programs like Zonealarm that make this easy. They list by name all the programs that attempt outbound internet access. Then you simply select DENY for any app you don't want to send out data.
The only way I've found to do this in Linux is to deny outbound access by ports, editing iptables, or other non-user-friendly techniques.
Is there any Linux firewall that specifies apps requesting outbound internet access by name? So that I can easily block the ones I don't want to allow this access for?
Thank you for your advice.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: How to Prevent Data Exfiltration?
Let me be the first to disappoint you: viewtopic.php?f=90&t=345560
Please do not use animated GIFs in avatars because many of us find them distracting and obnoxious. Thank you.
Re: How to Prevent Data Exfiltration?
While it is entirely possible that someone somewhere will go about writing a Linux-based layer7 firewall akin to zonealarm at some point; the fact of the matter is that there is no real push for it, as enough of the admins/networking types either (1) handle this elsewhere on their network (e.g. edge router plus DNS filtering and proxy, etc) OR (2) are of the mind that the current iptables/nftables/namespace/etc. options are sufficient on the individual machines. (Though that being said, "per machine" gets tiresome, and "on the edge" is usually considered the right place)
Basically, you're seeing a difference of the paradigms between not only the general use-cases of linux and windows; but also in the general thinking of those people who deploy them. For example, I just don't care on my workstation (although I do log everything at the edge, and review it every now and again -- but I have to keep in mind that the family needs to be kept happy ), and the servers all have various levels of "don't allow outbound" ... which are a bit excessive, since they're mostly barren, save for the applications mandatory to them performing their tasks. Inbound firewalls are the same. Workstation doesn't care, servers are only listening on a handful of ports. And then there's the edge firewall blocking everything except the few services I run anyway (well, excluding any derpy ports open by the ISP on their gateway thing ... but that's stuck outside of "my edge" for hopefully obvious reasons).
Basically, you're seeing a difference of the paradigms between not only the general use-cases of linux and windows; but also in the general thinking of those people who deploy them. For example, I just don't care on my workstation (although I do log everything at the edge, and review it every now and again -- but I have to keep in mind that the family needs to be kept happy ), and the servers all have various levels of "don't allow outbound" ... which are a bit excessive, since they're mostly barren, save for the applications mandatory to them performing their tasks. Inbound firewalls are the same. Workstation doesn't care, servers are only listening on a handful of ports. And then there's the edge firewall blocking everything except the few services I run anyway (well, excluding any derpy ports open by the ISP on their gateway thing ... but that's stuck outside of "my edge" for hopefully obvious reasons).
-
- Level 5
- Posts: 563
- Joined: Sat Jan 02, 2021 4:44 pm
Re: How to Prevent Data Exfiltration?
Yes, you can, actually, with OpenSnitch (https://github.com/evilsocket/opensnitch).
See: viewtopic.php?p=1990551#p1990551
It's not exactly ZoneAlarm, but it does what you requested.
Can take a bit of getting used to, and some people don't like the UI, but it works great for some of us.
See: viewtopic.php?p=1990551#p1990551
It's not exactly ZoneAlarm, but it does what you requested.
Can take a bit of getting used to, and some people don't like the UI, but it works great for some of us.
Re: How to Prevent Data Exfiltration?
oh hey, someone did make a L7 firewallnewlyminted7 wrote: ⤴Tue Apr 13, 2021 2:54 pm Yes, you can, actually, with OpenSnitch (https://github.com/evilsocket/opensnitch).
Re: How to Prevent Data Exfiltration?
Thanks for your advice. I'll look into Opensnitch. Sounds like it might work for me.
I also found a FOSS app called Douane that has a really nice UI and does exactly what I want. It traps outbound sends, and allows you then to ALLOW or DENY such activity by program.
However, the Douane homepage tells you -- Warning: unfortunately the project is suffering of a kernel freeze bug that can break your machine!
When that issue gets fixed, it could be perfect for this role (see https://douaneapp.com/ ).
In the US, corporations aggressively take user data without permission, so a user-friendly tool like this is really needed.
Thanks again.
I also found a FOSS app called Douane that has a really nice UI and does exactly what I want. It traps outbound sends, and allows you then to ALLOW or DENY such activity by program.
However, the Douane homepage tells you -- Warning: unfortunately the project is suffering of a kernel freeze bug that can break your machine!
When that issue gets fixed, it could be perfect for this role (see https://douaneapp.com/ ).
In the US, corporations aggressively take user data without permission, so a user-friendly tool like this is really needed.
Thanks again.
Re: How to Prevent Data Exfiltration?
Not really so much in Linux ... mostly because the people writing the software are the same people who hate un-necessary phoning home ...
-
- Level 5
- Posts: 563
- Joined: Sat Jan 02, 2021 4:44 pm
Re: How to Prevent Data Exfiltration?
An additional option is to run your applications in a sandbox with
firejail
, so the applications have limited visibility of your data (e.g. firefox and thunderbird essentially limited to your Downloads folder, music players to music files, etc). This aids with "defence in depth". Don't rely solely on one means of protection.Re: How to Prevent Data Exfiltration?
That is not, in any practical sense, a replacement for a firewall.dave0808 wrote: ⤴Thu Apr 15, 2021 10:19 am An additional option is to run your applications in a sandbox withfirejail
, so the applications have limited visibility of your data (e.g. firefox and thunderbird essentially limited to your Downloads folder, music players to music files, etc). This aids with "defence in depth". Don't rely solely on one means of protection.
Please do not use animated GIFs in avatars because many of us find them distracting and obnoxious. Thank you.
Re: [SOLVED] How to Prevent Data Exfiltration?
Hey everyone, thanks for all the ideas in this discussion.
Short-term, I'll learn Opensnitch. It looks like it'll take a little effort but it should do what I need.
Long-term, I'm keeping track of Douane for when it's ready for prime-time. It should be ideal once it works without any issues.
Firejail looks like a fantastic tool I need to learn about. It looks really useful, though it's not quite what I was seeking in terms of this specific need.
Short-term, I'll learn Opensnitch. It looks like it'll take a little effort but it should do what I need.
Long-term, I'm keeping track of Douane for when it's ready for prime-time. It should be ideal once it works without any issues.
Firejail looks like a fantastic tool I need to learn about. It looks really useful, though it's not quite what I was seeking in terms of this specific need.