Results 1 to 9 of 9
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Nov 2007
is there such a thing: security ?
There will always be a different attack vector, once it was passing floppies around. Then it was internet worms and infected emails. These days it's social engineering.
If you lose personal data these days more than likely it will be you as the user who handed it over willingly. the thing with computer security is that it's not as much about anti-virus and firewalls as much as it is about your frame of mind. You can use a locked down Windows desktop and be safer than Linux because you run Linux as root with all sorts of services running and no firewall.
The trick is to get the basics down like passwords and firewalls and then the rest is about being careful in your own habits: not giving out details online, only dealing with reputable sites etc.
- Join Date
- Nov 2007
yeh, I know Tom, and social engineering is the least of my worries, I'm as comp-aranoid as it gets, it's just, at some point, I'd like to just get down to doing some work on my computer, after reading all that last night, I have given up my notebook for dead...the one running windows ( which i only use because of my i.s.p. on my linux mahcines, next step is to learn what all the stuff in TOP cammand is, so i can recognize something wrong. . Last year i ran that shields up thing on a windows machine, and it came back. " this computer is very secure....almost to the point of being unusable". so my paranoia is in check, it's just the technical stuff i have to start learning.
Ah cool then
Just wanted to scare you up with that first. On the computer security side I'd disable any services you don't want for starters. I know from my Windows security days that passwords should have been at least 14 characters with upper/lowercase and numbers...symbols desirable. Now the 14 limit there came from two 7 character hashes in the SAM file so I'm not sure how it should work in Linux. For me, I just always use complicated passwords (that's not a challenge ).
A key point is to avoid drawing attention to yourself on the network. In a lot of ways you're already ahead of the curve by running Linux. If you want to run ssh make sure you don't run it on port 22 - pick a random higher port well into the thousands. If you decide to run a webserver or database make sure that they run as a dedicated user (usually www-data and mysql for apache and mysql respectively). You can also rename your root account but remember that your root account will still have a UID of zero though if you have nothing better to do except breaking your system you can have a go at changing that too
I would also run a rootkit hunter when you can. Just remember there's not much point in installing it because if your machine gets compromised then it's no use, it is a target itself. Best run it from CD or flashdrive.
These are all just general recommendations and I'm sure the other members will be able to expand on and add to these ideas. Good luck
- Join Date
- Aug 2008
The 7 and 7 characters are coming from symetric hashing that is the method Windows is using to secure passwords within SAM file. With the new windows versions hashes for passwords longer than 15 characters are no longer stored in the SAM; therefore unlikely to be cracked. Now, Unix traditionaly is using salting which translates through prepending characters to your password which makes cracking much harder if not impossible.
To ensure that your passwords are secure I would recommend using long easy to remember passwords that are made of upper lower characters as well as special signs ( a good idea would be to get a phrase and use every second letter from each word adding numbers and special signs e.g. instead of a use @ instead of i use 1 and so on). Further, on the Linux, *NIX side you should enable password shadowing. On windows side is a bit harder to focus on password protection so since SAM is locked by the OS the only way to secure it a bit more would be to keep your box sanitized.
"A key point is to avoid drawing attention to yourself on the network. In a lot of ways you're already ahead of the curve by running Linux. If you want to run ssh make sure you don't run it on port 22 - pick a random higher port well into the thousands. If you decide to run a webserver or database make sure that they run as a dedicated user (usually www-data and mysql for apache and mysql respectively). You can also rename your root account but remember that your root account will still have a UID of zero though if you have nothing better to do except breaking your system you can have a go at changing that too "
Running Linux is not a way of obfuscating the OS nor increasing security for a long time now. Most hackers would be happy to find a unsecured/not updated Linux box that they can take over.
Running ssh on nonstandard ports is fine but I do not see a problem with running it on standard port as long as your openssh pack is up to date and not vulnerable.
Renaming root account is a (sort of, kind of) "form" of security, but I would not recommend it; however, you should restrict root login via ssh which is a much better idea since most apps should require root access to various directories... You can also restrict root login all together and just allow sudo from one of your users part of the sudoers list...
"I would also run a rootkit hunter when you can. Just remember there's not much point in installing it because if your machine gets compromised then it's no use, it is a target itself. Best run it from CD or flashdrive.
These are all just general recommendations and I'm sure the other members will be able to expand on and add to these ideas. Good luck "
No comments here as you are correct....
Moreover, since you already suggested disabling daemons that are not required, and I said that password shadowing should be part of the hardening process, I would further suggest looking at file permission and adjusting them according to servers' function, change default passwords within the config. file of each application you are using.
If anyone has any specific questions or needs more details about how to harden a *nix server you can ping me me at bogdan at rosecurit.eu and I would be more than happy to help you.
- Join Date
- Nov 2007
- Córdoba (Spain)
As bigtomrodney said, most times the problem is the human factor. Social engineering produces more victims than any almighty super hacker could ever produce. It's way easier to convince a person than to convince a machine (well, in fact you can't convince a machine, you can only tell it to do what it's programmed to do).
However, I don't think that social engineering is something new. It has always been the main vulnerability on any automatic system. It's just that nowadays every home has a couple of PC's connected to the net, so today it's a massive phenomenon.
Even on the old DOS days, it was usually some "friend" who knowingly infected you by using a couple of floppies, promising you that you would find a wonderful surprise on them. Amazingly, this always worked very well, and it still works, to a bigger scale because it's easier to communicate nowadays.
Greed has always been the mother of many problems. People see an advertisement promising a 400% faster pc, and they click. People see an advertisement promising to lose 10 kg of body weight on one week, and they click. People hear someone screaming that s/he will give away 10million dollars aways and they click.
Weird, but that's the way humans are.
Leaving the philosophical aspect on one side, the basics are covered very well on most linux distros. However, there's always room for improvement. It's a very long thing to explain it in one thread, however, there's some things that can be said so you can later search for more and read on the issue.
Security through obscurity is a good complement, like said above: don't use standard ports for your servers, that will make the life of sniffers and casual attackers a bit harder. In ssh things like fail2ban can help. Also, disabling PAM authentication can be useful. Just setup dsa key pairs and disable the normal login. Along with fail2ban, logn keys and custom ports, that will make any ssh remote attack attempt virtually impossible to achieve. For extra security, allow only login from certain ip ranges, and change your keys weekly if you feel paranoid.
There are some other funnier things. For example, you might be interested in reading about chrooting a server, and about honey pots.
I just started working for an internet security company. They produce systems that issue smart-cards based on key-based security models. I've learned quite a bit in just a couple of weeks, but there's little to worry about security wise:
- Private Key Cryptography is so good these days that criminals are finding that social engineering is so much better when trying to break into systems or steal data.
- If you have files that you don't want people to get, don't leave them lying around. Use cryptography to seal the files, use high security keys, keep backups of the files, and dont store 'em in the same place as your keys.
- If your data is not confidential, then there'll be little value in stealing it. Most compromise attacks would be to steal your cpu time or bandwidth. These are not unique to your systems so protecting yourself is easier. It's a bit like going into the jungle with your mate - you don't need to to be able to outrun the cheetah, you just need to outrun the guy you're with. Make it harder to break in than the guy down the street running Windows, and the skript kiddies will look elsewhere (of course, if you make it very hard to get in, some crackers may see your systems as a challenge).
- For the utterly paranoid, you can use an encrypted filesystem for your private data space. You can carry the private key with you, making it virtually impossible to break in and steal stuff.
Linux user #126863 - see http://linuxcounter.net/
is there such a thing: security ?oz
- Join Date
- May 2004
- arch linux
- Join Date
- Aug 2008
- Seattle, WA
if you're just a basic home user, I'd say a bigger threat to you is hardware failure. back up your data regularly. do it now!
beyond that, there's only a handful of security issues average users need to be aware of (these are cross-platform!!)
1) RUN A FIREWALL! most consumer routers have one built in. dont open up ports unless you know what you're doing and take steps to secure your services. odds are, you're not running any services. as long as there's a firewall between you and the internet, malicious traffic (DoS attacks, remote exploits, etc) will have a ton of trouble reaching you.
2) stay up to date. software updates often fix security issues and its imperitive that you stay on top of them.
3) dont run ANYTHING that you dont trust. you can disguise 'rm -rf /' in tons of interesting ways.
beyond that, if you're not running *NIX, run anti-virus and a semi-intelligent web browser. ActiveX gets exploited like crazy and unfortunately, its required to deal with almost anything at Microsoft.com... but thats why we use Linux, right?
[edit: this one's only partially relevant to home users but dont let anyone you dont trust NEAR your computer. I'm not sure why they'd be in your house, but having physical access to a computer is like having root access.
another thing: if you're running wireless, use WPA2. if you have hardware issues, like a legacy device, at LEAST use WEP. WEP is weak, but 90% of malicious users wont bother cracking it when they can find another open access point 20ft away. having an open wireless network allows people to sniff all your traffic, bypass your firewall and suck your resources. probably not things you want.]