blocking access to ntfs drives while surfing under linux
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
blocking access to ntfs drives while surfing under linux
If I boot from a linux usb stick and connect to the internet how can I block access to the ntfs drives on the internal HDD? I do not want my windows drives exposed to the internet. Is my only option to physically disconnect the internal HDD? Thanks for any help with this https://lqo-thequestionsnetw.netdna-...s_lq/icon7.gif
Do you want to prevent yourself from accidentally accessing the NTFS volumes, or malware from messing with them? Remove the NTFS kernel modules from the USB stick. You will find them somewhere under /lib/modules.
This solution is not watertight. Somebody could break into your computer and either use NTFS tools or reinstall the drivers to access the drives. Or simply download the entire drives and analyse them on their computer. Anything you disconnect via software can be reconnected via software. For 100% security, physically disconnect the drives.
Thank you sygOO and berndbausch for your help and advice. My concern is to protect my internal HDD (ntfs partitions) from any harm from the internet i.e installation of any unsolicited s/w (malware, virus etc.) and also unauthorised access ie "breaking in". From your advice I'm thinking that my understanding of the how these undesirable intrusions could be prevented is not all it should be.
I have now learnt that I can get Linux to have the drive partitions unmounted and hidden. I presume that this would prevent any program from knowing of the existence of these partitions, while linux was operating. A windows exe file downloaded, under linux, to say my home directory couldn't run anyway? A linux executable file could run but what changes could it make without first having to provide my admin password or that of root?
In the same vein, how can someone break in to my computer (while linux was running) without having to supply either my password or that of root? Your advice wil be much appreciated.
To answer your last question first, neither Linux nor Windows computers are immune to breaking in. On both platforms, crackers take advantage of bugs in programs that run under a privileged user. Red Hat and its clones Centos, Scientific Linux and Oracle Linux minimize this by closing all network ports by default and through SELinux, a framework that prevents "owned" programs to cause damage beyond the files that these programs are supposed to access.
Quote:
I presume that this would prevent any program from knowing of the existence of these partitions, while linux was operating
Not really. Once someone has access to your system, a look at /proc/partitions reveals what disks are there. Use a tool like fdisk, which is bound to be on your system, to find out what partition types there are. Then use NTFS utilities on your USB stick or install them. Access the NTFS partition and install your virus.
While it's an unlikely scenario (or perhaps not that unlikely? I am certainly not an expert in these matters), it's not at all impossible.
So in practical terms, for maximum protection of the contents on my HDD I should quarantine the drive by physically disconnecting it. Thanks for this specific solution and thank you also for helping me see the need for me to develop a much better understanding of how a computer can be controlled /made to do things. I need to do a lot more reading/research.
Cheers,
You could create a real install on a usb where you could remove your user from being able to mount ntfs.
I'd not sure that most distro's mount all drives at boot but maybe I'll check that in a few. At one time it was very difficult to access ntfs, then we got read support. Took a while to get read/write support but you used to have to manually tell the mount to mount it as ntfs-3g.
I have learnt that adding an appropriate line in fstab for each ntfs drive, each drive can be hidden and not automounted at boot up. So being unmounted and hidden I would have thought that any one logged on, but not as root, could not access the ntfs drives. If I configure linux to have no users except me and root (guest disabled) with robust passwords, then I would be the only one who knows the passwords and so the only one able to logon and use my linux system. However, going on Berndbausch's reply it's possible for a hacker to gain access to my system by somehow bypassing the password security, as a "privileged user". I need to do more reading to learn more about what alternative access routes there are to my system other than the normal logon procedure. I suspect this will take me to learning about open communication ports as "backdoors".
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.