Quote:
I'll make you a deal... you define "Reasonable Security" and I'll define "Extra Security". |
Quote:
Reasonable security to me is: 1) Use strong passwords (not anything in a dictionary or a name). 2) Firewall (can be on a router, although usually not as configurable, or regular netfilter/iptables). 3) Disable any service that uses a port that you don't need, especially remote login. 4) Scan with rkhunter, chkrootkit, and maybe clamav. 5) If you use sudo, make sure you configure it in a sane manner, unlike Ubuntu. 6) Checksum packages (probably automatic). I would think that on a non-Ubuntu desktop, this is reasonable security. Now, on a server, you can and should do more than this. P.S. I also know the motto of the Security forum: Too much security is never enough. This is also why I seldom reply to anything here. |
Being a security freak, here is my setup, from power on:
bios password (bootloader password when i need to edit or change something) LUKS password default boots to init 3 log in using standard user, then to root to init 5 if needed (most of the time I do) log in standard user for gui as far as scanning my system, I have cron scripts set up for both clamav and rkhunter for firefox, I have noscript, redirect remover, adblock plus, ghostery, betterprivacy, user agent switcher, plus a few other tools and dev tools I use. there is a lot more to my system, including my IDS (snort), and real-time alerting on my desktop via conky, as well as system stats through conky. I have screenshots in the "post your desktop" thread. I have a lot going on, and I love it. But once again, I am a security freak. also to add - i am running a custom kernel, and custom iptables setup which drops everything that I don't initiate. |
I'll share a quick story with you all...
I've been hacked once. It was years ago when the scripts for password guessing were first getting hot on the Internet. I used to have an account on my system called "guest" and the password was "guest" so visitors could get on and use my computer. It was guessed (imagine that?) and the person tried to install a spam relay with a PHP script. The visit was short and he didn't get anywhere. The IP was from Romania. I was compromised but the damage was minimal because I was generally doing other things that were quite effective. Strong passwords for other accounts, the file system was reasonably locked down, I was running a firewall, services I didn't need were not running, etc. I know more now than I did then. But even in that case I had enough security for my system. Clean up didn't take very long. So I learned not to keep that guest account anymore. I keep learning. There are even a few ideas I've gleaned from people's responses here. I love Luks to protect my mobile file systems. It's awesome and it works well. IP tables, awesome. I was able to write scripts to minimize and block those repeated attacks from script kiddies. 10 years ago things were not as good as they are now. We have tons of tools and things to help us out and make it easier. In addition, distros are generally doing better default installs than they used to. Nowadays it's easier for users to follow a few good guidelines and have a fairly secure system. It's really hard to exploit a Linux system. And even if that's successful, it's often not very useful to do so. Compare that to Windows. Our lives are way better than the common computer user. |
Quote:
As Bruce Schneier said, monitoring is the first thing you should do to determine what attacks you face, so you know what countermeasures to implement. It also lets you trust your computer by verifying your preventative controls are working. |
Quote:
I guess I'm sometimes disgusted with people just shooting their mouths off. I quit Slashdot years ago because of this. I mean this in all sincerity, go back there. We simply don't do that to people here. I agree with the statement that there is something wrong with ignoring detection. I guess that's why I maintain that Samhain build. Did you really mean to direct it towards me? I'm really sorry to pounce on someone if it was simple misspoken language. |
Quote:
|
Quote:
From H_TeXMeX_H: Quote:
No hard feelings OlRoy. |
Quote:
Edit: Plus it is fun to learn about security. There is so much it never gets dull. |
Quote:
|
Quote:
Here are a couple of things. The fact so much user data/profiles/browsing history/etc is stored online by various companies and others alone is reason enough. And with Cloud computing it will get much worse (I have never been a fan of Cloud Computing anyways.) Not to mention the lack of concern many have about sharing personal information or clicking anything (flash games, Java Games and so on.) Facebook, MySpace are perfect examples of this. And some companies not caring about user privacy and even selling user information or having it "Accidentally Exposed," somehow. |
Privacy is not the same thing as security, so if you're concerned about privacy, may want to start a new thread. For privacy, you mostly have to customize firefox to block all the BS they throw at you. I don't have flash installed, I download the mp4 instead from youtube.
For FF I have the very much needed Adblock, NoScript, Greasemonkey. I also stay far away from Google and the Cloud (of doom). |
Quote:
Edit: My FF list is: NoScript (a must,) Redirect Remover, Adblock Plus, Better Privacy and Ghostery. |
I can't speak for all "Cloud" (I hate buzzwords) solutions, but I use the Amazon Cloud in a business and it absolutely rocks! For those who don't know this latest, mindless technology cliche, Clouds are just virtualized instances for sale, at least as Amazon is provisioning it. There are other interpretations. Let's not fret over a word that is meant to be intentionally vague.
I would think the people here would generally embrace the cloud because they are generally provisioned as Linux instances and their default security preferences are better than most distros out of the box. Amazon has the majority of the Cloud market right now and the majority of those are running Linux. It's cheap and it can scale. I also have a Slack box I've colocated for years, but that was before the Cloud was available. I still have it and I'll keep it out there for now, but cost wise, it is making less and less sense. I wouldn't go out and buy the hardware now. But that was then and now there are other options. When it dies, I'm going cloud with that box too. If guys like the paranoid schizophrenics on this forum are administering it, I'd think it would be a pretty safe option. Cloud or not, companies misuse and mistreat customers. From a technology standpoint, the Cloud is awesome. You just get don't get to get out of doing the admin work that always goes a long with managing any Linux system. You get a free pass on hardware, initial investment, scaling, network infrastructure, and you get some handy dandy extra tools provided by Right Scale. You should try it before you knock it. For the most part, it's just same Linux we have come to know and love. It's a really cheap way to run a server on the Internet. |
Well, that's where I draw the line with privacy. I'm never using any cloud apps, I want my data to stay on my HDD. I'm not quite as paranoid about privacy as many on here, but I do know that they plan on turning computers into terminals, with your data being stored on their servers.
I also don't think the Cloud is anything but vaporware being marketed as a wonder of technology, with a diabolical scheme in the background. I have no use for the cloud. I've also had enough of this thread. |
All times are GMT -5. The time now is 01:01 PM. |