LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-17-2016, 03:45 PM   #1
mark000
LQ Newbie
 
Registered: Dec 2016
Posts: 5

Rep: Reputation: Disabled
Unhappy how to protect myself from a kali linux user?


hi guys....

sorry if this is not the correct place to ask this question

i know this an unusual question ,

my problem is... i have someone on my network who is using Kali Linux, is there away to protect myself from him??
he is still in the beginner phase .

my router is an old school netgear dg384g


he does have the password of the internet and i have to give it to him he is family and we live together,

will wireless isolation keep him of the router ?
will he be able to see the web history of everybody on the network as he claims??
is there away to block him?


thank you in advance and sorry if this question against forum policy.
 
Old 12-17-2016, 05:01 PM   #2
TheEzekielProject
Member
 
Registered: Dec 2016
Distribution: Devuan+lxde
Posts: 658

Rep: Reputation: 190Reputation: 190
What do you mean by wireless isolation?
 
Old 12-17-2016, 05:44 PM   #3
dlb101010
Member
 
Registered: Dec 2016
Posts: 61

Rep: Reputation: 18
Hey Mark,

The best defense against any online attack is a fully updated OS with a firewall blocking any port you're not using. If your computer is running Windows, keep the anti-malware software (whatever it's called on Windows 7) active and also updated.

Sounds like a sibling deal going on here? My take on your situation is: if this family member isn't an eager learner and lacks perseverance, you probably have nothing to worry about. There's nothing magical about Kali Linux. It does come with certain testing software that can be used in some cases to "hack", but the software has a steep learning curve, and isn't likely to work against a maintained machine.

Dave
 
1 members found this post helpful.
Old 12-17-2016, 06:23 PM   #4
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,583
Blog Entries: 11

Rep: Reputation: 3605Reputation: 3605Reputation: 3605Reputation: 3605Reputation: 3605Reputation: 3605Reputation: 3605Reputation: 3605Reputation: 3605Reputation: 3605Reputation: 3605
Welcome to LQ!

There is nothing magical about Kali Linux, and as mentioned already the best technical defense is the same as defense aginst any online attack.

The fact that your "attacker" has access to your router and LAN makes it more important to configure and monitor your own computer for best security, but the fact that they live in the same house means they probably have physical access to your computer at times... there is no software defense for that!

But the best defense might not be software or configuration. The best defense may be to sit down with them and discuss some aspects of this situation that they (and you) may not have considered.

Breaking into your computer system is no different than breaking into your bedroom, or sifting through your wallet - except that it is more cowardly as there is less risk to themselves. The real problem is not how they do these things, whether they use a crowbar or Kali Linux, but rather that the person who will do either simply has no respect for you as a person. Confronting them with that realization might give them pause and make it seem less kewl in their own eyes, and solve their problem and yours.

How you express that will obviously depend on their age, and yours, and your relationship to each other - but that is the source of this problem and many others that will inevitably follow. We must learn to respect each other as we want respect for ourselves - when we reach that point, all other problems disappear.
 
2 members found this post helpful.
Old 12-17-2016, 08:54 PM   #5
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Rep: Reputation: Disabled
1)Use a VPN so your traffic is encrypted 2)Modify all setuid programs (programs that can run as root) to read only for groups/others (besides /bin/su) 3)Uninstall all services that are listening for outside connections from which he may be able to gain entry from.. You can find such services by using netstat -tap | grep LISTEN.. 4)Setup a dedicated hardware based firewall on another computer using a firewall distro like pfSense... 5)Put his computer in a DMZ 6)Put your computer in a VLAN 7)Use a VM to host your services (aka VPS) so the ports for your running services are not visible on your phsyical machine. 8)Disable USB/DVD drives and set a BIOS password

Last edited by linux4evr5581; 12-17-2016 at 09:13 PM.
 
1 members found this post helpful.
Old 12-17-2016, 09:17 PM   #6
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 17,229
Blog Entries: 27

Rep: Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332
A couple of questions:

Is this a home network or a business network? If it's a business network (or perhaps a network at an educational institution), would the IT Department be interested in knowing about this? If it's a home network, I get the impression that you are not in a position to remonstrate with this person.

In any case, I would second Astrogeek's advice. Take the same defensive steps you should be taking already to keep yourself secure against dishonorable persons in the Big Wide World.

I will add this: I've done some stuff with Kali based on this Linux Voice tutorial out of curiosity (my Kali was not public-facing, per the instructions in the tutorial). The only thing special about Kali is that it already includes a number of penetration tools that are readily available to anyone who would like to install and use them. It's not magic, and doing actual penetration is boring, time intensive, and not all romantic; it's mostly command-line drudgery, not the flashing windows and fancy graphics you see on your television. Unless this person is highly motivated to be a cracker or a white-hat hacker, I'll wager that he will soon lose interest in Kali.

Last edited by frankbell; 12-17-2016 at 09:20 PM.
 
1 members found this post helpful.
Old 12-17-2016, 09:44 PM   #7
cwizardone
LQ Veteran
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 6,479
Blog Entries: 1

Rep: Reputation: 3819Reputation: 3819Reputation: 3819Reputation: 3819Reputation: 3819Reputation: 3819Reputation: 3819Reputation: 3819Reputation: 3819Reputation: 3819Reputation: 3819
Can't you password protect the router? He doesn't need to know the router password to use the Internet.
 
Old 12-18-2016, 02:28 AM   #8
mark000
LQ Newbie
 
Registered: Dec 2016
Posts: 5

Original Poster
Rep: Reputation: Disabled
thanks a lot everyone for answering ..


yes it is a home network,
and he is a relative.
but he is just a kid (14) but persistent , and youtube is full with tutorials .
in his mind this is the first step for being a hacker,
the problem with him that he doesn't have the sense of right and wrong whatsoever .


Quote:
Originally Posted by linux4evr5581 View Post
1)Use a VPN so your traffic is encrypted 2)Modify all setuid programs (programs that can run as root) to read only for groups/others (besides /bin/su) 3)Uninstall all services that are listening for outside connections from which he may be able to gain entry from.. You can find such services by using netstat -tap | grep LISTEN.. 4)Setup a dedicated hardware based firewall on another computer using a firewall distro like pfSense... 5)Put his computer in a DMZ 6)Put your computer in a VLAN 7)Use a VM to host your services (aka VPS) so the ports for your running services are not visible on your phsyical machine. 8)Disable USB/DVD drives and set a BIOS password
thank you sir you helped me so much , and i learned lots of things i didn't know.


...

but what about the cellphones and tablets on the network are they exposed ?

he is using kali linux on a "virtual machine on" winnows8/dell inspiron 15
is there anyway to completely keeping him of the router ? or maybe scare him off kali linux ?

can i put him in a guest network in my current router and would that stop him?
what about the Facebook hacking and such stuff is it doable with kali linux?

and there anyway to stop him from Sniffing Traffic , not just by using https and tunnel vpn but altogether .

i used to be such a fan of linux , and i can't believe they made a system
which is that easy to be used without making a defense mechanism against it.
i know it should be used to test the security vulnerabilities on the network . but still they should've made a way in case it wasn't used by an ethical hacker

Last edited by mark000; 12-18-2016 at 03:17 AM.
 
Old 12-18-2016, 07:20 AM   #9
yancek
LQ Guru
 
Registered: Apr 2008
Distribution: PCLinux, Slackware
Posts: 9,307

Rep: Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056
If you are the network administrator, change the router password. As pointed out above, there is absolutely no reason for users to know it.

I'd agree with the post above by frankbell. The tools available on Kali are available to be used on almost any Linux system. Using Kali isn't that 'easy' to use as there is a lot to learn before you can even begin to use it and I suspect your relative will get bored with it soon and that s/he is exaggerating what is being done.

Anyone with the willingness to learn and the time can 'sniff' other computers/networks and I'm sure attempts are made on almost all computers on a regular basis. You need to secure your own system to prevent that.

The blame is not with the developers of Kali or the tools available on it because they are needed and useful but with your relative for abusing them.

Does your 14 year old relative not have a 'parental unit'? That would be the person to speak to.
 
2 members found this post helpful.
Old 12-18-2016, 12:41 PM   #10
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 16,897
Blog Entries: 10

Rep: Reputation: 5026Reputation: 5026Reputation: 5026Reputation: 5026Reputation: 5026Reputation: 5026Reputation: 5026Reputation: 5026Reputation: 5026Reputation: 5026Reputation: 5026
well if he's a minor, and you're the adult who actually owns the router, and if he's admitted to threatening to hacking into family member's computers - i'd change the router passwords and not let him use it anymore, simple.

supposing we're talking about wireless: of course everyone should use WPA encryption, and not WEP!!!

but, as was said before, kali linux is not magic in any way.

however, i wouldn't underestimate the creative potential of a teenager, either...
 
1 members found this post helpful.
Old 12-19-2016, 03:33 AM   #11
mark000
LQ Newbie
 
Registered: Dec 2016
Posts: 5

Original Poster
Rep: Reputation: Disabled
would changing the administrator password of the router while having the wifi password prevent him from sniffing browsing history or logging somehow into the router with kali linux ?

also would changing the default getaway to the router help or not?

Last edited by mark000; 12-19-2016 at 03:34 AM.
 
Old 12-19-2016, 04:07 AM   #12
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,511
Blog Entries: 3

Rep: Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773
Not any more than with any other distro. All the "tricks" they can do with Kali can also be done with Mint or Ubuntu or just about any other distro. Yes you could raise the bar by using OpenVPN and taking the other advice offered already. However, really you have a social problem on you hands more so than a technical problem.
 
Old 12-19-2016, 11:40 AM   #13
mark000
LQ Newbie
 
Registered: Dec 2016
Posts: 5

Original Poster
Rep: Reputation: Disabled
guys i have an important update on the matter

his mother scared him a bit, and gave me the laptop to format and install a new system on it ..
can i do some tweaking to control future things ?
or put restriction somehow ?


he have netcut ,selfishnet, wireshark and kali on vm , and using Hydra heavily that what i did see .



i have his laptop now and i'm going to format it , do you guys recommend anything ?

Last edited by mark000; 12-19-2016 at 11:45 AM.
 
Old 12-19-2016, 11:54 AM   #14
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1656Reputation: 1656Reputation: 1656Reputation: 1656Reputation: 1656Reputation: 1656Reputation: 1656Reputation: 1656Reputation: 1656Reputation: 1656Reputation: 1656
You could use a Kiosk distribution to only allow them to use Firefox or whatever. Lock down the BIOS to remove the ability to boot to USB/CD. Put a password on single user mode and grub might help.
 
Old 12-19-2016, 11:59 AM   #15
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,511
Blog Entries: 3

Rep: Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773
Quote:
Originally Posted by szboardstretcher View Post
You could use a Kiosk distribution to only allow them to use Firefox or whatever. Lock down the BIOS to remove the ability to boot to USB/CD. Put a password on single user mode and grub might help.
If the host system is Linux, then also make sure that to create an extra, unprivileged user for them to use for their main account so they're not logging in with an account that can escalate privileges. Leave the admin account for yourself. Set it so it does at least security updates automatically without intervention.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to make Kali Linux look like Parrot OS (Configuring how Kali Linux looks) John1243 Linux - Distributions 1 03-21-2016 02:48 AM
LXer: Migrating from Kali Linux 2 to Kali Linux 2016.1 LXer Syndicated Linux News 0 02-01-2016 07:50 AM
Failed to fetch http://http.kali.org/kali/dists/kali/Release.gpg aymeric75 Linux - General 2 07-11-2015 05:10 AM
(Kali Linux User Only) .bashrc file is messed up. ehdunf67 Linux - Newbie 1 04-18-2015 10:11 PM
Postfix: how to protect root user tommybrick Linux - Server 3 08-25-2007 10:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration