Re: Is my system secure? What else should I do?
From: BearItAll (bearitall_at_rassler.co.uk)
Date: 09/02/05
- Next message: Thor: "Re: How do I use tripwire?"
- Previous message: Proteus: "Re: Is my system secure? What else should I do?"
- In reply to: Proteus: "Is my system secure? What else should I do?"
- Next in thread: matt_left_coast: "Re: Is my system secure? What else should I do?"
- Reply: matt_left_coast: "Re: Is my system secure? What else should I do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 02 Sep 2005 13:07:22 +0100
On Thu, 01 Sep 2005 20:42:05 -0500, Proteus wrote:
> I value advice from you security experts. Any tips appreciated. I want to
> make my home desktop linux pc secure, but at the same time allow
> network functionality for my computing activities (browsing, ftp
> downloads/uploads with ftp client, reading newsgroups, email).
>
> Mandriva (Mandrake) LE2005 linux distro, updated security and bug patches
> with update feature in Mandriva control center, did urpmi install of
> bastille and ran bastille to tune security, did urpmi install of guarddog
> firewall and have it running (still need to learn more how to configure
> it), have changed my passwords to what I consider strong passwords,
> limiting sites that can store cookies with Firefox browser, have LinkSys
> router with wireless normally turned off (also use WEP encryption and
> limiti wifi access to specific MAC addresses), have ClamAV antivirus
> installed (no viruses detected on a scan), installed chkrootkit and ran
> it-- nothing nefarious detected, turned off what I think are unneeded
> services. Changed passwords on all internet accounts and made them
> different and strong. Oh yeah, I deleted my PayPal account, just sick of
> seeing phishing emails from PayPal lookalikes.
>
> What more should I do, could I do? Am I taking correct precautions? Where
> is the weak link in the chain on my system?
I have never believed that we should lose functionality because of the
weaknesses of other peoples OS's. Yet I have absolute confidence that my
systems are safe from hacking and virii.
My network shows No presence to the outside world, unless you already know
the IP address. But even then it doesn't give out a response unless the
caller is known.
First area is how open to the outside world is your system. Ports that are
not used should be closed. They was a period in UNIX/Linux world where we
all were a bit lax in that area. In fact MDK once shipped with a services
file that was largely wrong, but it went unnoticed for quite some time (I
think it was one of the 9.x's as far as I remember).
Of cause it you do not have anything responding to a port request, then it
is effectively closed anyway, but it is much better to ensure nothing is
going to respond to a request you have no use for.
For PCs that have the Internet connection on a separate input to the
local network, it is very easy to set yourself up to be fully functional
without being open. For most home users that would be open on general
browsing and open for secure browsing. You might have secure tunnels for
other purposes, but because they are for a specific reason, you have set a
specific responder to requests.
For those that use the same communications connection for both local
network and external networks (Internet), then you have to allow, or set
as trusted, local traffic. Of cause that sort of set up means that your
Linux is no longer protecting the other computers/devices on your local
network, so you have to either arrange for them to protect themselves or
use one of the routers designed for that purpose. Plus they is the
question of 'how trusted should the local traffic actually be'. For that
you have to go into greater depth with your particular firewall, or in the
chains.
Despite putting ourselves into a position where no one can get to us
unless we allow it, we then go further with the setup of the Linux
itself.
Never do silly things with user rights. Users should have access to their
own files and those that they are specifically given group access to. Some
distros make an assumption that home users trust each other so can have
browse rights. But lets face it, after your mother lied to you
about the boggieman hiding in the closet waiting to eat you if you should
get out of bed, are you really going to trust her with browse rights to
your files? So I don't put all of my users into a single 'user' type group
or give them xx4 rights to anywhere that I don't want them to go.
Your security logs will come up with 'world writable files' warnings.
Always keep an eye out, not all are dangerous, but generally not required.
Plus it is worth watching simply because this is sometimes caused by a
setup of some application/utility being incorrect, perhaps you missed a
step in the setup and didn't create the applications required user, or you
created it but forgot that guest accounts must be password protected too.
But generally I would say, rest easy. The security warnings that come
through are very rarely disastrous (for us at least <<embarrassed glance
at the MS chaps>>. Nearly all are in the form 'If {this unusual but
possible thing} happens, then they might be a risk, but we haven't
actually had one yet'.
Of cause Linux wouldn't be Linux if we didn't then update from our
particular update site/s, but never let worry prevent you from just
enjoying what ever it is that you enjoy doing with your Linux computer.
Straight out of it's box you are already on a very safe and secure
operating system.
- Next message: Thor: "Re: How do I use tripwire?"
- Previous message: Proteus: "Re: Is my system secure? What else should I do?"
- In reply to: Proteus: "Is my system secure? What else should I do?"
- Next in thread: matt_left_coast: "Re: Is my system secure? What else should I do?"
- Reply: matt_left_coast: "Re: Is my system secure? What else should I do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
