LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-05-2009, 02:17 AM   #1
sittykitty
Member
 
Registered: Mar 2009
Distribution: Ubuntu 8.10
Posts: 35

Rep: Reputation: 15
Online Security Help


I'm running a dual partition Vista/Ubuntu 8.10 on an HP laptop, and I have a few questions about online security/privacy.

The laptop is currently connected via ethernet as I can't figure out how to use wifi while running Ubuntu. However, I have AT&T Uverse w/ a wireless box, so its wireless router is always on.

I cannot figure out how to use mac addressing and get a wifi connection on this laptop, but turned mac addressing back on since I can't use wifi with Ubuntu yet. In addition to mac addressing, my SSID isn't broadcasting, I'm using WPA2 & AES settings, and password protection.

From what I understand, this should keep me safe from someone looking for a random open connection. My issue, however, is with keeping myself safe should my network be intentionally targeted again. The computers aren't networked to share files or devices (that I know of) and the laptop and one of the TV boxes would be the only things not to use ethernet.

1. What can I do to create a more privacy/security? If by chance someone did manage to get in again, what would they be able to see or have access to, assuming that Linux is keep me safe from malware and software vulnerabilities?


2. What are the privacy/security risks when connected by ethernet? If the network is hacked would only information sent through the air be vulnerable?
 
Old 04-05-2009, 03:06 AM   #2
Mr-Bisquit
Member
 
Registered: Feb 2009
Distribution: FreeBSD, OpenBSD, NetBSD, Debian, Fedora
Posts: 770
Blog Entries: 52

Rep: Reputation: 68
Do a google search on securing X.
Encrypt your partitions.
Be sure all unnecessary services are disabled.
Etc, etc.
Limit the browser, turn off the mail client, run p2p clients in jailed environments, don't let the initial user have any root privileges, make all files and directories unreadable to all except the users and root of the machine, etc, etc.
 
Old 04-05-2009, 09:53 AM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
My issue, however, is with keeping myself safe should my network be intentionally targeted again.
This suggests that you were targeted at least once before. If you share some details, we might be able to point you in some directions.

A few other suggestions:

- Make sure your WPA passphrase is complex (include letters, nubmers, random capitalizations, etc.) since most WPA cracks are brute force dictionary attacks

-If your router supports it, move your wireless network to a different subnet from your wired network
Quote:
What are the privacy/security risks when connected by ethernet? If the network is hacked would only information sent through the air be vulnerable?
If your network is cracked, all methods of passing TCP/IP packets are vulnerable. The method of transmission is a secondary issue.

By the way, there is a good selection of articles in a sticky thread in the Security forum. It is a good way to educate yourself about security.

-Install a software monitor like Aide, Samhain or Tripwire on all of your networked computers. These won't stop an attack, but they will help you diagnose what happened if you do get cracked.
 
Old 04-07-2009, 09:06 AM   #4
sittykitty
Member
 
Registered: Mar 2009
Distribution: Ubuntu 8.10
Posts: 35

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Hangdog42 View Post
This suggests that you were targeted at least once before. If you share some details, we might be able to point you in some directions.
Credit card info was used twice, I would be unable to log in here and there, kicked off the internet at ironic times, all of my anti-virus and anti-spyware programs were disabled, surfing habits and computer contents were anonymously mentioned to me. (I know it could only be from those two places because no one else would know such things.) That's all I can think of off hand. One of my online accounts was hacked. This was all while running XP. I'm pretty careful about going to suspicious websites, opening forwards/mail from unknown senders, etc.

All of the computers in the house crashed, two of which were new.

Security settings over that period varied. At one point, all the computers were networked together to share some files,etc. Eventually, I took down the router altogether, right up until I got Uverse.

A very persistent bugger with a lot of time and... I imagine some sort of grudge.

Quote:
A few other suggestions:

- Make sure your WPA passphrase is complex (include letters, nubmers, random capitalizations, etc.) since most WPA cracks are brute force dictionary attacks

-If your router supports it, move your wireless network to a different subnet from your wired network
I just saw a video on the brute force dictionaries a little while ago. I've been trying to figure out how what is done so I know what to do or what not to do. (Now I'm paranoid about all of my bluetooth lol.)

I'm not sure if I can use letters and numbers for the passphrase. I've tried letters before and it didn't work. I'll try it again with a combination of the two. There also seems to be a number max of as well. I've read that 16 is recommended.


Quote:
If your network is cracked, all methods of passing TCP/IP packets are vulnerable. The method of transmission is a secondary issue.
In other words, anything sent over the internet can be more easily seen? Or, someone can obtain direct access to the computers this way? I looked into this jailing thing and chroot, but I'm... not really understanding what I need to do for that.

Quote:
By the way, there is a good selection of articles in a sticky thread in the Security forum. It is a good way to educate yourself about security.

-Install a software monitor like Aide, Samhain or Tripwire on all of your networked computers. These won't stop an attack, but they will help you diagnose what happened if you do get cracked.
OK... I'll have to look into the subnet thing; I don't know anything about that at all.

I've looked at the sticky in the security forum, and half the links I tried were no longer in use, etc.

I tried to get a little tech support to configure my at&t router to no avail. (what to allow and what to block) I seemed to know more about config than the lady on the other end, which was extremely disappointing. She insisted "your router has a firewall, you don't have to worry about these things." That's great and all, but the router comes with the different setting for a reason.

I know I should be pretty safe from someone randomly fishing for an opening, but my previous experience was something deliberate.
 
Old 04-07-2009, 12:02 PM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
Credit card info was used twice, I would be unable to log in here and there, kicked off the internet at ironic times, all of my anti-virus and anti-spyware programs were disabled, surfing habits and computer contents were anonymously mentioned to me.
That is actually pretty spooky. You have my condolences.

Quote:
This was all while running XP. I'm pretty careful about going to suspicious websites, opening forwards/mail from unknown senders, etc.
Moving to Linux is a good idea here. Most malware is OS specific, and the stuff for Windows won't run on Linux.

Quote:
I just saw a video on the brute force dictionaries a little while ago. I've been trying to figure out how what is done so I know what to do or what not to do. (Now I'm paranoid about all of my bluetooth lol.)
To be safe from a dictionary attack, all you need to do is use passwords that you wouldn't find in a dictionary. So something like "tHisiiisAsoRtofS3curepASSWord". The whole point of these kinds of defenses is that brute force takes an ENORMOUS level of resources even for simple passwords, so pushing outside a dictionary means that they would have to be a government to afford the compute power. And if you change it on a regular basis (like weekly) you'll also put a crimp in any attempts to crack it via mathematical means. Cracking passwords this way usually requires an awful lot of packets and changing means they have to go gather them all over again.

As for bluetooth, just don't let it accept unauthorized connections.

Quote:
In other words, anything sent over the internet can be more easily seen? Or, someone can obtain direct access to the computers this way?
What I meant was that TCP/IP is TCP/IP regarless of whether it is wired or wireless. It is certainly easier to see and interact with a wireless network, but if they crack a wireless network, they can see all the traffic on that network, whether it is on a wire or wireless.

Quote:
I looked into this jailing thing and chroot, but I'm... not really understanding what I need to do for that.
Using a chroot jail can be a real pain because of the need to install all of the needed libraries. It would probably be easier to install virtual machine and use that. If you save a snapshot of the virtual machine once you have it set up, you can easily blow away a cracked version and reinstall the shapshot. That would force them to crack the VM all over again which may (or may not) be easy depending on how they cracked it originally.


Quote:
I tried to get a little tech support to configure my at&t router to no avail. (what to allow and what to block) I seemed to know more about config than the lady on the other end, which was extremely disappointing. She insisted "your router has a firewall, you don't have to worry about these things." That's great and all, but the router comes with the different setting for a reason.
Actually she wasn't all that far off. There are really two things to look for (at least in my opinion). First, make VERY sure that none of the router control software is accessible from the WAN (internet) side of the router. This is almost always an option and it should be disabled. This does mean that you have to be on your LAN side to administer things, but that isn't that big a sacrifice. Second, make sure all port forwarding or port triggering is off. Unless you're running some sort of server behind your router, you don't need it.

By the way, none of this is worth beans if you have infected machines inside your LAN. You gotta have clean machines on your side if security is going to work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Computer Security and Privacy While Watching Online Videos Woodsman Slackware 5 04-03-2009 03:40 PM
Online security dcmdev Linux - Security 9 09-11-2007 09:27 PM
[SOLVED] Virtualization and Routers for Online Security MBA Whore Linux - Security 5 12-13-2006 02:01 PM
Online banking security issues Cogar Linux - Security 1 11-03-2005 12:50 PM
PHLAK Security Documentation Online? zsejk Linux - Security 6 06-01-2004 01:14 AM


All times are GMT -5. The time now is 08:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration