-Ducan,
Sorry for the late reply
...inline
DSinc wrote:
Soren,
I send this open. May as well do my language mistakes in free space.
The only possible one of language mistakes would be me, as English is not my native language. But I'm trying to keep
errors to a minimum, and carefully re-reading every post before I send it. And I'm always damned sorry about any
linguistic mistakes.
I apologize for my 'gray-hat' suggestion. Somehow, over the years I
have forgotten much of your past counsel. I know it was always suggested.
Yeah, in all modesty, I was actively participating in starting up hwg, in the
days when Tom Pabst was around.
It is just that your presentation is just scary.
Scary gets my attention!
As I said, I don't believe in stuffing things under the carpet, as scary things
might be.
However, one always has a choice. Think of "scary" as an asset that allows one to take the proper, proactive
precautions, or think of "scary" as ... well, just scary - and you've lost the game.
I do not doubt that much of what you share could come to pass. Yes, I do
see small indications, that my
current protections indicate, that what you share is important to think
seriously about and, perhaps prepare and react to.
It seems that CW and Greg sorta agree also.
Thank you.
You're welcome.
I now look at 2 of my old platforms as possible candidates for new IP
machines.
I have your suggested basic hdw stack.
I still grapple with what an IP machine truly is. I will raise this as a
new thread.
My recommandation for a firewall/gateway for a non-critical web surfing system
was IPcop, http://www.ipcop.org
If you should choose to install this one, make sure also to install the 1.4.21
update before continuing web surfing.
Hth
I will come back in the future with any set-up questions/confusion as
such happens.
Again, Sorry!
Best,
Duncan
On 05/29/2011 00:19, Soren wrote:
Duncan,
I am sorry if I scared you, that was not at all my intention. Though I
do understand the frustration you may feel about the subject, I don't
believe in hiding things under the carpet. And, btw, my hat is white
and will always be so. Not even a speeding nor parking ticket in my
entire life, and there will never be so, period.
The only picture I'm trying to paint, is the present picture of where
things are going. I had my own security business until about six years
ago, plus I've done serious research in harmfull internet traffic for
about ten years. Enough to understand what is emerging, and what to
look out for. These days I'm no longer 'cutting edge', though still
following development closely.
During the past six months or so, several new point-and-click exploit
kits has evolved. With these kits, anyone can taylor their own
backdoor, virus, or whatever is wanted. What's new about the recent
kits of that kind, is that some core functions/features that are
universal for all operating systems, are now attacked very
aggressively. This includes Mac/BSD.
The essence of my original suggestions is: keep your eyes open, and
don't trust operating systems nor firewalls, use common sense instead
of blind trust. Also, it's important to understand that keeping one's
system/data safe is an ongoing process.
If you want to setup a firewall/gateway, go ahead, and don't be
frightened because it's new to you. All needed is an outdated system
with 256 MB or more RAM, +500 MHz processor, and 2 NIC's - one for
Green (local network), and one for Red (internet), and a +2 GB HDD/SD
card/USB-pen, depending on system and preferences.
If you want to play with an easy firewall/gateway, get IPcop 1.4.20 (+
update to 1.4.21), but don't use it for anything serious, as it's
becoming sort of outdated. Safe enough for casual surfing, though.
IPcop is very easy and intuitive to setup, and will give you a basic
idea about the subject. Very good documentation, also. Don't be scared
of playing around a bit, we all start somewhere. Btw, Intel NIC's are
nice, but Realtek's are cheap, and they work. Just make sure they are
manufactured in Taiwan or Japan, not China (yes, this is a warning).
What you instead *should* be scared of, is the fact that in about two
years from today, everyone who doesn't have just a slightly secure
firewall/gateway setup, will suffer the steep learning curve that
comes from total exploitation. There are some very evil people out
there that can't be reached or punished by civilized law enforcement.
Also, this is a great oppurtunity to put some of the old, stashed-away
hardware into good use, and play around, in the true hwg spirit.
hth
DSinc wrote:
Soren,
Nice share. But, still you continue to paint a very bleak picture.
I'd like to think I have some grasp of this, but, I do not.
I feel incapable of constructing most of your suggestions.
Any/all reformats suck! I get this one.
Again, nice share........ :)
If I was much smarter, I might suspect that you might be a
Gray-Hat sorta folk. JMHO.
Live well. You scare me.
Duncan
On 05/28/2011 03:14, Soren wrote:
Hello,
A few words about the effects of virus infections.
First, the viruses of today very often contain hidden backdoors.
Back in 'the good old days', a virus was terminated completely by a
reformat. Not so anymore, unfortunately. These days, a complete HDD
wipe is mandatory.
Please, beware that the wipe schemes in proggies like dBan, and so
forth, only follows a wipe standard that conforms to portable
media, like USB pendrives. The Gutman 35x wipe is still the only
secure wipe of a HDD. Also, the drive has to be connected directly
to a HDD controller, and not only via USB. Always check drive
situation with fdisk.
Today most vira also contains either a rootkit or a backdoor trojan,
or both. Say hello to exploits of the NTFS/ext3+ secondary data
streams in combination with Hyper Threading (that transport excactly
secondary data streams). An almost ideal environment for a virus
programmer.
A *very* good way to avoid most Windows vira, is to set up a *nix
gateway containing a web proxy. This form of gateway will filter out
about 95-99 pct. of all Windows malware, vira, rootkits, and other
unwanted stuff. Some *nix gateways also include an option for a full
IPS (Intrusion Prevention System), if one has the hardware to match.
The system for installing such an appliance, is very much one of the
cheap Atom solutions, with Hyper Threading DISabled, that is.
There's still a few Asus/AsRock boards with both ATA and SATA
available (future upgrades), and with a built-in GPU, NIC, and two
different controllers, all for the price of a 4GB RAM stick...
Some of these appliances can run from an SD card (mechanical write
protection!), or from a USB pendrive, even as boot. This enables a
fairly noisefree environment, if combined with a mini-itx case with
a passive PSU - a US company produces some pretty awsome passive PSU's.
hth
