LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   I wish to make a comp. to do on-line banking with high security; will the below work? (https://www.linuxquestions.org/questions/linux-security-4/i-wish-to-make-a-comp-to-do-on-line-banking-with-high-security%3B-will-the-below-work-782540/)

artistnatural 01-16-2010 01:33 AM

I wish to make a comp. to do on-line banking with high security; will the below work?
 
I want to do the following in order to do on-line banking.
I wish to make it very difficult for a hack to corrupt my computer devoted only to on-line banking

Below is my plan:

Buy a used computer off of Craigslist
At least 500 mhz and at least 10 G HD space
Format the computer drive to errase previous contents
Make sure the computer is set to read from the CD Rom first
Do NOT install a operating system on the 10 G HD
Insert LIVE Kubuntu 8.04 install disk in CD tray and boot into the internet.

To me this seems like it will access the net. But if not -why not?

Thank you
Will
Swartz Creek Michigan

lupusarcanus 01-16-2010 02:10 AM

Running strictly from a Live CD would not be recommended.

The reason is because on a Live CD, your change go unsaved. Thats a really big problem. You want to be safe? Then you want to plug up holes, stop service, run less services, close ports and stuff. A Live CD can not have patches applied. So if you're using FF 3.x and a huge vunerability is found, you are at risk.

The slower the computer, the longer it will take to do mundane tasks. This can result in security holes.

Old computers can also have problems booting from the CD-ROM drive, so ensure this works before buying. Buying of craigslist can have complications too, as someone can put a hardware keylogger and track you. make sure to carefully inspect it before using.

SSD's are much less vunerable to things like hex-editors, so if you decide to use that, that may help.

It's physically impossible to make a computer unhackable unless you never connect to the internet. But plugging security holes and having an actual HDD to put a firewall on is good.

Personally, I would make a Live USB with persistent changes of Ubuntu 9.10 (something that updates security holes) and carry it around with me.

Web31337 01-16-2010 02:23 AM

is that for home purposes? i mean you are making a secure comp for your own usage, not a server?
quite good solution, but you can use a fresher release of kubuntu. just in case.
actually it's better to set up a good system yourself, but if you don't have enough skills on securing linux boxes, you can use this way.

artistnatural 01-16-2010 08:14 AM

Yes it is for home use. And it is not for server use. And I do not yet have access to regular updated CDs of Kubuntu.

It is clear I a newbe. But this seems like a start to some level of security

artistnatural 01-16-2010 08:46 AM

I wish to make a comp. to do on-line banking with high security; will below work?
 
Leopard,

Thank you -I liked the USB idea and will try it out after I make the LIVE CD work.

As a side note: At least one bank notes if I change computes to access on-line banking. And your USB sort of implies this. That creates a lot of phone chatter with the bank -something I wish to avoid.

I understand you comment about the unchangeability of my idea. However, is not that something I am trying to achieve?

Regarding no firewall with a live CD: yes that bothers me a lot.

Re: your comment about keylogging -if I format the used computer first -does not that eliminate the kelogger prob?


Will

Web31337 01-16-2010 12:45 PM

there should be a firewall with ubuntu livecd: it's iptables.
the best solution will be USB image i guess, once you tweak it and then will regularly update it, when some patches coming out, backing up previous image, that worked: just in case. but if you don't have access to latest updates: you probably better not use it at all: because if there will be some critical security issue, say, with browser(firefox) you may be in danger.

lupusarcanus 01-16-2010 02:45 PM

Quote:

Originally Posted by artistnatural (Post 3828650)
Leopard,

Thank you -I liked the USB idea and will try it out after I make the LIVE CD work.

As a side note: At least one bank notes if I change computes to access on-line banking. And your USB sort of implies this. That creates a lot of phone chatter with the bank -something I wish to avoid.

I understand you comment about the unchangeability of my idea. However, is not that something I am trying to achieve?

Regarding no firewall with a live CD: yes that bothers me a lot.

Re: your comment about keylogging -if I format the used computer first -does not that eliminate the kelogger prob?


Will

You're welcome

And, yes; I see what you are trying to achieve; not having any changes written so no possibility of someone getting your info through your hardware. The problem is not having your changes written and not having security patches applied, no firewall implemented and no services shut off every time you want to do your banking ~ well that makes the software part at risk.

If you want to be really secure, you can look into something like this, where not only do you have the security of being in control where your data goes in the form of the USB stick, but also can have that hardware lock so if you lose it, your still very safe.

It's fairly easy to create a Live USB stick with persistent changes;
http://www.pendrivelinux.com/ has a wealth of information on how to do this.

As an added bonus, the USB stick can enable you to do your banking anywhere you deem to be safe.

About the keylogger; erasing the HDD (I would zero the drive with the dd command) would eliminate the threat of a software keylogger, but someone can take a keyboard and make a hardware keylogger that transmits what your typing afar, without needing any software, or computer for that matter, provided the keyboard has power and it's being typed upon. So what I meant, was to be sure if you buy a computer off of a place such as craigslist, that you make sure you carefully inspect the keyboard. Upon careful inspection, you will be able to tell if has been rigged or not. Chances are it isn't, but in todays world you can never be too sure.

Anyways, you need to consider plugging software holes up first before thinking about hardware; remember, you can control who and where your hardware goes and does, but you can't control if there's a cracker out there, waiting for a security hole to open up.

I think a persistent USB allowing you to patch the software up while allowing you full control of your physical USB drive is a good way to go.

I didn't quite understand what you meant with the "phone chatter", but if you're implying the info sent to and fro the banks website, you can secure that by adding firewall and good encryption to your router, and a proxy can help secure the information from the router to the website.

I think after that the best way to protect yourself is make the internet browser you use on the USB stick isn't collecting information and history (e.g. Private Browsing"), and edit the options in the browser to not allow a website to probe your computers' operating system and browser information.

Hope that helps.

salasi 01-16-2010 02:46 PM

Quote:

Originally Posted by artistnatural (Post 3828361)
I wish to make a comp. to do on-line banking with high security; will the below work?

My first reaction to this is to say that if you want high security, don't do online banking. My second is to question what you mean by 'work.'

If, by work, you mean can you set up a computer like this and get the access that you need, the answer is mostly. Some banks are, err, idiosyncratic in what they allow for access, disallowing, eg, some browsers, so you need to check what your bank does or does not allow before shelling out any money.

OTOH, if by 'work' you mean will taking this approach render you invulnerable to any and all internet security issues, then the answer is quite clearly no. Assuming that you make it impossible for outsiders to write to you OS disk, that will rule out a whole class of attacks, but that is only one class of attacks and you could still have problems with all of the others.

Quote:

I wish to make it impossible for a hack to corrupt my computer devoted only to on-line banking
Impossible sets the bar rather too high for your scheme, as an overall security solution, although you may be able to protect your boot disk.

While there may be ways, using the internet, to make it very, very unlikely for a hack to be executed against you, I know of no possibility of making it impossible. You may keep your CD secure, but that does not mean that your money will also be secure. For a start, your bank has to be completely secure, and while banks manage to behave in a paranoid fashion, that isn't the same as security...

Quote:

Buy a used computer off of Craigslist
At least 500 mhz and at least 10 G HD space
Format the computer drive to errase previous contents
Make sure the computer is set to read from the CD Rom first
Do NOT install a operating system on the 10 G HD
Insert LIVE Kubuntu 8.04 install disk in CD tray and boot into the internet.
As stated, you make it impossible to updated to get security fixes, unless you write a complete new CD.

You do not say whether you intend to use a CD-R or a CD-RW, but if you want to be sure that no one else can write to it, it would probably have to be a CD-R. Of course that will also be an irritant to you, too, when you get security fixes twice a week, but that may be tolerable to you.


All times are GMT -5. The time now is 08:59 AM.