Security Questions


Forum: Networking
Topic: Security Questions
started by: jpeters

Posted by jpeters on April 21 2006,21:33
If I'm running DSL in ram and have the hardrive unmounted, is there any need for a firewall?
Posted by green on April 22 2006,03:57
Just my opinion, so take it with a grain of salt.

If you do not have FTP, ssh, webserver, etc. running, you should be okay.

To my knowlege, DSL does not have any ports open by default, which makes it pretty secure out of the box. Don't keep personal stuff on it and things like that. You could even remove the hard drive if you wanted to.

If someone does manage to molest it, a reboot will fix anything they managed to do since it is running toram.

I've ran one or two of my DSL boxen that way, and never had any issues.

I'm sure there are others around here that will not agree. However, with that said, I do use a dedicated firewall now all the time and one can be set up using old obsolete hardware if you so choose.

Posted by bigpilot on April 22 2006,05:32
We don't really know how much more secure Linux is than, say, Windows.

But I have a hunch it's not much more secure than Windows, to be honest. If you look at Mac OS X (also Unix based), for example, it was touted to be secure but right now bugs and exploits are being found almost on a weekly basis. There's no reason to believe it will be much better on Linux, although I do have a lot more confidence in open-source software than Apple's closed-source model.

Posted by green on April 22 2006,05:59
bigpilot,

One of the main reasons that Linux flavors are so much more secure that Windows is that the file structure is different and almost each *nix flavor's file structure is unique as compared to other flavors.

Thus, on a *nix machine, if an executable file is told to go to a certain file or program and then do this and that (the way viruses work) then you would have to write an executable file, enable it's permissions correctly, make sure it knows exactly what the file sturcture is then execute it's evil business, and all this to be designed with your specific flavor in mind. That is not very likely, at best.

Howver, if you write one for Windows, it'll kill 'em all cause they are all the same file structure and have all the same ports open (logical and virtual) and are all almost identical and most of the world uses it.

The second largest is the Mac. Therefore, Windows and Mac are more vulnerable to attack than Linux or other Nix systems due to their vast existence across the planet and so many people connecting to the 'net without conern to proper security.

Also, Windows must make a system that appeals to everyone, that's how they make their money. Again, that provides Linux with a strength. Linux can be customized down to the smallest of details, which can not be done in Windows or it would break. This is not a slam on Windows, it is just part of the reality of how the different operating systems are built.

Dedicated firewalls do not run on Windows. They run a unix-like OS. The same goes for mainframes, high-demand servers, network equipment, VPN concentrators, even secure terminal servers. Google, eBay, etc. run *nix systems. There is a reason that enterprise class IT shops use these. It is now trickeling down to the home user. Which is a good thing, if you ask me.

This is just a small example of the real world and a small security related tidbit. There is much more to learn if one has the time and desire to do so.

Lastly, I am not slamming Windows. I have to use it too. However, being in a field of work that gives me first hand knowlege of some of this stuff, that heavily influences my decisions about security and how I protect information/gear at home.

EDIT: Just thought I would throw this in.
A couple of years ago I read an article that spoke about how susceptible a windows box is when connected to the 'net without a firewall, etc. So, a friend and myself decided to sacrifice a windows box and a linux box. We hooked each one to the 'net via broadband access, there was no firewall protection, no anit-virus protoection, etc. After about 6 or 7 minutes, the Windows box had many ports open to who knows where and why. Another 30 minutes and the box was barely usable. The Linux box, under the same conditins, stayed connected all night and all day the next day. It had no issues and problems. I know this is not scientific, but it is proof enuf to me.

Sorry for the long post. I digress.....

Posted by pr0f3550r on April 22 2006,10:07
Quote (jpeters @ April 21 2006,17:33)
If I'm running DSL in ram and have the hardrive unmounted, is there any need for a firewall?

I have the same settings as yours and:
Code Sample
root@box:~# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:bootpc                *:*                     LISTEN      
tcp        1      0 10.0.2.15:1184          www.paypal.com:https    CLOSE_WAIT  
tcp        1      0 10.0.2.15:1033          l2.login.vip.scd.:https CLOSE_WAIT  
tcp        1      0 10.0.2.15:1032          l2.login.vip.scd.:https CLOSE_WAIT  
tcp        0      0 10.0.2.15:1166          damnsmalllinux.or:https CLOSE_WAIT  
tcp        1      0 10.0.2.15:1060          www.fastmail.fm:https   CLOSE_WAIT  
tcp        1      0 10.0.2.15:1061          www.fastmail.fm:https   CLOSE_WAIT  
tcp        1      0 10.0.2.15:1062          www.fastmail.fm:https   CLOSE_WAIT  
tcp        0      0 10.0.2.15:1138          www.fastmail.fm:https   CLOSE_WAIT  
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     2858   /var/run/pump.sock
unix  2      [ ACC ]     STREAM     LISTENING     3466   /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     3509   /tmp/dsl-jhl9v6/dpid.sr                                                s
unix  2      [ ACC ]     STREAM     LISTENING     3511   /tmp/dsl-jhl9v6/bookmar                                                ks.dpi
unix  2      [ ACC ]     STREAM     LISTENING     3513   /tmp/dsl-jhl9v6/downloa                                                ds.dpi
unix  2      [ ACC ]     STREAM     LISTENING     3515   /tmp/dsl-jhl9v6/file.dp                                                i
unix  2      [ ACC ]     STREAM     LISTENING     3517   /tmp/dsl-jhl9v6/ftp.fil                                                ter.dpi
unix  2      [ ACC ]     STREAM     LISTENING     3519   /tmp/dsl-jhl9v6/hello.f                                                ilter.dpi
unix  2      [ ACC ]     STREAM     LISTENING     3521   /tmp/dsl-jhl9v6/https.f                                                ilter.dpi
unix  3      [ ]         STREAM     CONNECTED     3848   /tmp/.X11-unix/X0
unix  5      [ ]         STREAM     CONNECTED     3847  
unix  3      [ ]         STREAM     CONNECTED     3489   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     3488  
unix  3      [ ]         STREAM     CONNECTED     3487   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     3486  
unix  3      [ ]         STREAM     CONNECTED     3481   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     3480  
unix  3      [ ]         STREAM     CONNECTED     3470   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     3469  
root@box:~#


I think the X client/server connections are exposed to attacks.
A firewall is never overkill.

Posted by green on April 22 2006,13:46
I agree 100% regarding a firewall not being overkill, I have a dedicated firewall myself.
However, I bet the "open ports" look siginificantly different if done from another box against that one.
You are showing what connections you initiated, and the x server ports do not show up like that from the outside.
It would be super rare for a hacker to waste his/her time on a *nix box with no ports open and no promise of a golden treasure on the inside.

Posted by jpeters on April 22 2006,18:54
"I think the X client/server connections are exposed to attacks"

I looks like all the connections are to the /tmp or /var folders on your ramdisk.
As long as there is no access to the harddisk, that shouldn't be a problem (from what little I know, anyway).

Posted by jpeters on April 22 2006,19:58
I just ran a couple of available security checks, and got the following results:

< https://tau.hackerwhacker.com/quickscan.php > Test site

No open ports found

< http://www.auditmypc.com: >

We completed the audit and did not find any open ports.
This is ideal for the average visitor.

Shields Up: < https://www.grc.com/: >

unsolicited Packets: PASSED ? No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)

Ping Echo: PASSED ? Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.


GRC Port Authority Report created on UTC: 2006-04-22 at 19:52:19

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                           119, 135, 139, 143, 389, 443, 445,
                           1002, 1024-1030, 1720, 5000

   0 Ports Open
   1 Ports Closed
  25 Ports Stealth
---------------------
  26 Ports Tested

NO PORTS were found to be OPEN.

The port found to be CLOSED was: 113

Other than what is listed above, all ports are STEALTH.
___

Posted by 300c_pilot on April 23 2006,05:46
Thought I would throw 2 more cents into the pot.

It is just easier to setup a good firewall on linux because it is free(download the iptables.dsl). So there is no excuse for not learning how to setup iptables. Then  you are reasonably sure that you are safe. Its good enough for the fortune 100 companies.

Something is always better then nothing.

Always use protection
:D

Posted by pr0f3550r on April 23 2006,10:47
jpeters,
try to run a security test from within your LAN on a shared hub and then we talk about it.

I guess, if you want complete security traded with performance, run DSL in QEMU, which acts as a gateway/firewall. That's what I do. Slow but secure.

Posted by green on April 23 2006,13:35
sounds like you may be worried about someone on the LAN trying to do something? Or someone from the outside ? or both?

To protect the LAN from the inside, use good deadbolt locks, a good security system, a pitbull,  and a shotgun.
To protect the LAN from the outside,  http://www.SmoothWall.org
Problem solved.

Posted by jpeters on April 24 2006,05:27
Quote (green @ April 23 2006,09:35)
sounds like you may be worried about someone on the LAN trying to do something? Or someone from the outside ? or both?

To protect the LAN from the inside, use good deadbolt locks, a good security system, a pitbull,  and a shotgun.
To protect the LAN from the outside,  http://www.SmoothWall.org
Problem solved.

Or take a vacation, www.smoothwall.com. :p

Posted by green on April 24 2006,13:26
You freaked me out. I thought SmoothWall was gone!!!
< http://www.smoothwall.org > still works. Phew!

Posted by jpeters on April 24 2006,15:44
I downloaded a copy, but haven't installed it yet.  Notice any decline in speed with smoothwall running? I probably don't need it for what I'm doing with DSL, but if there's no tradeoffs.........
Posted by green on April 24 2006,20:48
No noticable speed reduction. I have cable broadband access, so it's pretty fast anyway. I also use the web proxy, so i'm sure that helps as well. If you feel like poking around once you get it installed, there is a package that you can install called "Complete Network Control." It's pretty awesome. Let's you make decisions on which port and what IP is allowed to get to you DMZ (if you have one) your Lan and your Wan. It's nice. There are few DSLers around here that use Smoothwall also. They seem to like it. One of them is pretty vocal about it. (you know who you are!)
Posted by jpeters on April 24 2006,23:35
I just looked at the readme.txt.  It had a big warning about how when you run the application it destroys all other information on the disk. I must be misreading something, so I'll check it out later.  I guess that WOULD be the ultimate securty though, because it ensures that you have nothing further to lose...clever technology; I think I'm beginning to get into the linux mentality.
Posted by jpeters on April 25 2006,07:11
I just went into my Windows OS (do you know where I find a linux iso extractor?), and checked out the readme file again:

Installation
------------

This disc can be booted from with compatible drives and BIOS - please be
aware that installing SmoothWall WILL COMPLETELY ERASE ALL DATA ON THE HARD
DRIVE OF THE TARGET MACHINE!  Please be vigilant when using this disc.

____

What am I missing?

Posted by green on April 25 2006,13:52
j,

I think maybe I mislead you, perhaps, kinda,.... but not on purpose.
Yes, Smoothwall WILL DESTROY all data on any hard drive you install it on.
The term "dedicated firewall" means that a machine that is a dedicated firewall is dedicated to that purpose and that is all that it does. SmoothWall is not an add on firewall application like rcfirewall, iptables, or the various Windows desktop firewalls. SmoothWall's only function in life is be a firewall and protect your stuff. This is very similar to a Cisco PIX or other various commercial dedicated firewall appliances. That is the world that I work in so I get excited to be able to use a commercial grade dedicated firewall at home.

So, to sum up: If you install SmoothWall on your DSL machine, it will cease to be a DSL machine and it will become a dedicated firewall. Personally, I think it is great. However, if you do not have another machine to run DSL on, then maybe not so great. I have used garage sale $10 machines with 200Mhz CPU and 128Mb Ram and 2Gb Hdd to become SmoothWall firewalls. It can be done for cheap or free, if you are so inclined.

Posted by jpeters on April 25 2006,16:08
Got it, thanks.

Right now I'm running linux on my laptop, so can't use a hardware firewall (although I might consider that for my desktop).

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.