LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-16-2010, 02:33 AM   #1
artistnatural
LQ Newbie
 
Registered: Jan 2010
Posts: 4

Rep: Reputation: 0
Talking I wish to make a comp. to do on-line banking with high security; will the below work?


I want to do the following in order to do on-line banking.
I wish to make it very difficult for a hack to corrupt my computer devoted only to on-line banking

Below is my plan:

Buy a used computer off of Craigslist
At least 500 mhz and at least 10 G HD space
Format the computer drive to errase previous contents
Make sure the computer is set to read from the CD Rom first
Do NOT install a operating system on the 10 G HD
Insert LIVE Kubuntu 8.04 install disk in CD tray and boot into the internet.

To me this seems like it will access the net. But if not -why not?

Thank you
Will
Swartz Creek Michigan

Last edited by win32sux; 01-16-2010 at 06:44 PM. Reason: Removed bold font tags.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 01-16-2010, 03:10 AM   #2
lupusarcanus
Senior Member
 
Registered: Mar 2009
Location: USA
Distribution: Arch
Posts: 1,022
Blog Entries: 19

Rep: Reputation: 146Reputation: 146
Running strictly from a Live CD would not be recommended.

The reason is because on a Live CD, your change go unsaved. Thats a really big problem. You want to be safe? Then you want to plug up holes, stop service, run less services, close ports and stuff. A Live CD can not have patches applied. So if you're using FF 3.x and a huge vunerability is found, you are at risk.

The slower the computer, the longer it will take to do mundane tasks. This can result in security holes.

Old computers can also have problems booting from the CD-ROM drive, so ensure this works before buying. Buying of craigslist can have complications too, as someone can put a hardware keylogger and track you. make sure to carefully inspect it before using.

SSD's are much less vunerable to things like hex-editors, so if you decide to use that, that may help.

It's physically impossible to make a computer unhackable unless you never connect to the internet. But plugging security holes and having an actual HDD to put a firewall on is good.

Personally, I would make a Live USB with persistent changes of Ubuntu 9.10 (something that updates security holes) and carry it around with me.
 
2 members found this post helpful.
Old 01-16-2010, 03:23 AM   #3
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
is that for home purposes? i mean you are making a secure comp for your own usage, not a server?
quite good solution, but you can use a fresher release of kubuntu. just in case.
actually it's better to set up a good system yourself, but if you don't have enough skills on securing linux boxes, you can use this way.

Last edited by Web31337; 01-16-2010 at 03:25 AM.
 
1 members found this post helpful.
Old 01-16-2010, 09:14 AM   #4
artistnatural
LQ Newbie
 
Registered: Jan 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Yes it is for home use. And it is not for server use. And I do not yet have access to regular updated CDs of Kubuntu.

It is clear I a newbe. But this seems like a start to some level of security
 
Old 01-16-2010, 09:46 AM   #5
artistnatural
LQ Newbie
 
Registered: Jan 2010
Posts: 4

Original Poster
Rep: Reputation: 0
I wish to make a comp. to do on-line banking with high security; will below work?

Leopard,

Thank you -I liked the USB idea and will try it out after I make the LIVE CD work.

As a side note: At least one bank notes if I change computes to access on-line banking. And your USB sort of implies this. That creates a lot of phone chatter with the bank -something I wish to avoid.

I understand you comment about the unchangeability of my idea. However, is not that something I am trying to achieve?

Regarding no firewall with a live CD: yes that bothers me a lot.

Re: your comment about keylogging -if I format the used computer first -does not that eliminate the kelogger prob?


Will
 
Old 01-16-2010, 01:45 PM   #6
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
there should be a firewall with ubuntu livecd: it's iptables.
the best solution will be USB image i guess, once you tweak it and then will regularly update it, when some patches coming out, backing up previous image, that worked: just in case. but if you don't have access to latest updates: you probably better not use it at all: because if there will be some critical security issue, say, with browser(firefox) you may be in danger.
 
1 members found this post helpful.
Old 01-16-2010, 03:45 PM   #7
lupusarcanus
Senior Member
 
Registered: Mar 2009
Location: USA
Distribution: Arch
Posts: 1,022
Blog Entries: 19

Rep: Reputation: 146Reputation: 146
Quote:
Originally Posted by artistnatural View Post
Leopard,

Thank you -I liked the USB idea and will try it out after I make the LIVE CD work.

As a side note: At least one bank notes if I change computes to access on-line banking. And your USB sort of implies this. That creates a lot of phone chatter with the bank -something I wish to avoid.

I understand you comment about the unchangeability of my idea. However, is not that something I am trying to achieve?

Regarding no firewall with a live CD: yes that bothers me a lot.

Re: your comment about keylogging -if I format the used computer first -does not that eliminate the kelogger prob?


Will
You're welcome

And, yes; I see what you are trying to achieve; not having any changes written so no possibility of someone getting your info through your hardware. The problem is not having your changes written and not having security patches applied, no firewall implemented and no services shut off every time you want to do your banking ~ well that makes the software part at risk.

If you want to be really secure, you can look into something like this, where not only do you have the security of being in control where your data goes in the form of the USB stick, but also can have that hardware lock so if you lose it, your still very safe.

It's fairly easy to create a Live USB stick with persistent changes;
http://www.pendrivelinux.com/ has a wealth of information on how to do this.

As an added bonus, the USB stick can enable you to do your banking anywhere you deem to be safe.

About the keylogger; erasing the HDD (I would zero the drive with the dd command) would eliminate the threat of a software keylogger, but someone can take a keyboard and make a hardware keylogger that transmits what your typing afar, without needing any software, or computer for that matter, provided the keyboard has power and it's being typed upon. So what I meant, was to be sure if you buy a computer off of a place such as craigslist, that you make sure you carefully inspect the keyboard. Upon careful inspection, you will be able to tell if has been rigged or not. Chances are it isn't, but in todays world you can never be too sure.

Anyways, you need to consider plugging software holes up first before thinking about hardware; remember, you can control who and where your hardware goes and does, but you can't control if there's a cracker out there, waiting for a security hole to open up.

I think a persistent USB allowing you to patch the software up while allowing you full control of your physical USB drive is a good way to go.

I didn't quite understand what you meant with the "phone chatter", but if you're implying the info sent to and fro the banks website, you can secure that by adding firewall and good encryption to your router, and a proxy can help secure the information from the router to the website.

I think after that the best way to protect yourself is make the internet browser you use on the USB stick isn't collecting information and history (e.g. Private Browsing"), and edit the options in the browser to not allow a website to probe your computers' operating system and browser information.

Hope that helps.

Last edited by lupusarcanus; 01-16-2010 at 03:57 PM.
 
1 members found this post helpful.
Old 01-16-2010, 03:46 PM   #8
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,919

Rep: Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779
Quote:
Originally Posted by artistnatural View Post
I wish to make a comp. to do on-line banking with high security; will the below work?
My first reaction to this is to say that if you want high security, don't do online banking. My second is to question what you mean by 'work.'

If, by work, you mean can you set up a computer like this and get the access that you need, the answer is mostly. Some banks are, err, idiosyncratic in what they allow for access, disallowing, eg, some browsers, so you need to check what your bank does or does not allow before shelling out any money.

OTOH, if by 'work' you mean will taking this approach render you invulnerable to any and all internet security issues, then the answer is quite clearly no. Assuming that you make it impossible for outsiders to write to you OS disk, that will rule out a whole class of attacks, but that is only one class of attacks and you could still have problems with all of the others.

Quote:
I wish to make it impossible for a hack to corrupt my computer devoted only to on-line banking
Impossible sets the bar rather too high for your scheme, as an overall security solution, although you may be able to protect your boot disk.

While there may be ways, using the internet, to make it very, very unlikely for a hack to be executed against you, I know of no possibility of making it impossible. You may keep your CD secure, but that does not mean that your money will also be secure. For a start, your bank has to be completely secure, and while banks manage to behave in a paranoid fashion, that isn't the same as security...

Quote:
Buy a used computer off of Craigslist
At least 500 mhz and at least 10 G HD space
Format the computer drive to errase previous contents
Make sure the computer is set to read from the CD Rom first
Do NOT install a operating system on the 10 G HD
Insert LIVE Kubuntu 8.04 install disk in CD tray and boot into the internet.
As stated, you make it impossible to updated to get security fixes, unless you write a complete new CD.

You do not say whether you intend to use a CD-R or a CD-RW, but if you want to be sure that no one else can write to it, it would probably have to be a CD-R. Of course that will also be an irritant to you, too, when you get security fixes twice a week, but that may be tolerable to you.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"make" does not work with command line arguements %$hfydt%$ Linux - General 7 04-01-2008 11:59 AM
LXer: Performance Technologies Announces Availability of AMC121 High-Performance Comp LXer Syndicated Linux News 0 09-18-2007 11:30 AM
Why is my load average so high when comp. is idle? BrianK Linux - General 1 11-18-2005 01:25 AM
Online banking security issues Cogar Linux - Security 1 11-03-2005 01:50 PM
Which distro for a High Tek Comp? KnuckleHead Linux - Hardware 2 09-05-2003 01:21 AM


All times are GMT -5. The time now is 10:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration