Online Security Help
 

I'm running a dual partition Vista/Ubuntu 8.10 on an HP laptop, and I have a few questions about online security/privacy.

The laptop is currently connected via ethernet as I can't figure out how to use wifi while running Ubuntu. However, I have AT&T Uverse w/ a wireless box, so its wireless router is always on.

I cannot figure out how to use mac addressing and get a wifi connection on this laptop, but turned mac addressing back on since I can't use wifi with Ubuntu yet. In addition to mac addressing, my SSID isn't broadcasting, I'm using WPA2 & AES settings, and password protection.

From what I understand, this should keep me safe from someone looking for a random open connection. My issue, however, is with keeping myself safe should my network be intentionally targeted again. The computers aren't networked to share files or devices (that I know of) and the laptop and one of the TV boxes would be the only things not to use ethernet.

1. What can I do to create a more privacy/security? If by chance someone did manage to get in again, what would they be able to see or have access to, assuming that Linux is keep me safe from malware and software vulnerabilities?


2. What are the privacy/security risks when connected by ethernet? If the network is hacked would only information sent through the air be vulnerable?

Do a google search on securing X.
Encrypt your partitions.
Be sure all unnecessary services are disabled.
Etc, etc.
Limit the browser, turn off the mail client, run p2p clients in jailed environments, don't let the initial user have any root privileges, make all files and directories unreadable to all except the users and root of the machine, etc, etc.

This suggests that you were targeted at least once before. If you share some details, we might be able to point you in some directions.

A few other suggestions:

- Make sure your WPA passphrase is complex (include letters, nubmers, random capitalizations, etc.) since most WPA cracks are brute force dictionary attacks

-If your router supports it, move your wireless network to a different subnet from your wired network
If your network is cracked, all methods of passing TCP/IP packets are vulnerable. The method of transmission is a secondary issue.

By the way, there is a good selection of articles in a sticky thread in the Security forum. It is a good way to educate yourself about security.

-Install a software monitor like Aide, Samhain or Tripwire on all of your networked computers. These won't stop an attack, but they will help you diagnose what happened if you do get cracked.

Credit card info was used twice, I would be unable to log in here and there, kicked off the internet at ironic times, all of my anti-virus and anti-spyware programs were disabled, surfing habits and computer contents were anonymously mentioned to me. (I know it could only be from those two places because no one else would know such things.) That's all I can think of off hand. One of my online accounts was hacked. This was all while running XP. I'm pretty careful about going to suspicious websites, opening forwards/mail from unknown senders, etc.

All of the computers in the house crashed, two of which were new.

Security settings over that period varied. At one point, all the computers were networked together to share some files,etc. Eventually, I took down the router altogether, right up until I got Uverse.

A very persistent bugger with a lot of time and... I imagine some sort of grudge.

I just saw a video on the brute force dictionaries a little while ago. I've been trying to figure out how what is done so I know what to do or what not to do. (Now I'm paranoid about all of my bluetooth lol.)

I'm not sure if I can use letters and numbers for the passphrase. I've tried letters before and it didn't work. I'll try it again with a combination of the two. There also seems to be a number max of as well. I've read that 16 is recommended.


In other words, anything sent over the internet can be more easily seen? Or, someone can obtain direct access to the computers this way? I looked into this jailing thing and chroot, but I'm... not really understanding what I need to do for that.

OK... I'll have to look into the subnet thing; I don't know anything about that at all.

I've looked at the sticky in the security forum, and half the links I tried were no longer in use, etc.

I tried to get a little tech support to configure my at&t router to no avail. (what to allow and what to block) I seemed to know more about config than the lady on the other end, which was extremely disappointing. She insisted "your router has a firewall, you don't have to worry about these things." That's great and all, but the router comes with the different setting for a reason.

I know I should be pretty safe from someone randomly fishing for an opening, but my previous experience was something deliberate.

That is actually pretty spooky. You have my condolences.

Moving to Linux is a good idea here. Most malware is OS specific, and the stuff for Windows won't run on Linux.

To be safe from a dictionary attack, all you need to do is use passwords that you wouldn't find in a dictionary. So something like "tHisiiisAsoRtofS3curepASSWord". The whole point of these kinds of defenses is that brute force takes an ENORMOUS level of resources even for simple passwords, so pushing outside a dictionary means that they would have to be a government to afford the compute power. And if you change it on a regular basis (like weekly) you'll also put a crimp in any attempts to crack it via mathematical means. Cracking passwords this way usually requires an awful lot of packets and changing means they have to go gather them all over again.

As for bluetooth, just don't let it accept unauthorized connections.

What I meant was that TCP/IP is TCP/IP regarless of whether it is wired or wireless. It is certainly easier to see and interact with a wireless network, but if they crack a wireless network, they can see all the traffic on that network, whether it is on a wire or wireless.

Using a chroot jail can be a real pain because of the need to install all of the needed libraries. It would probably be easier to install virtual machine and use that. If you save a snapshot of the virtual machine once you have it set up, you can easily blow away a cracked version and reinstall the shapshot. That would force them to crack the VM all over again which may (or may not) be easy depending on how they cracked it originally.


Actually she wasn't all that far off. There are really two things to look for (at least in my opinion). First, make VERY sure that none of the router control software is accessible from the WAN (internet) side of the router. This is almost always an option and it should be disabled. This does mean that you have to be on your LAN side to administer things, but that isn't that big a sacrifice. Second, make sure all port forwarding or port triggering is off. Unless you're running some sort of server behind your router, you don't need it.

By the way, none of this is worth beans if you have infected machines inside your LAN. You gotta have clean machines on your side if security is going to work.