Ross Pearson wrote: >Hello all > >I am currently running Mandrake 8.2 on a single PC with an adsl internet >connection. The internet connection is via ethernet to an adsl router. > >I've been pretty overwhelmed by the amount of information available on >making my internet connection secure. So far, I have ensured that only >essential services are running and I have set up Bastille-firewall using >its interactive configuration. But I am still not confident that I have >done enough or even whether that which I have done is effective. > >I would therefore be grateful to hear any opinions on how I can best make >my system as secure as it needs to be, > > >thanks >Ross > > > >------------------------------------------------------------------------ > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com > Well, it is very difficult to penetrate a router which does essentially the same job in that configuration as the linux ip masquerade ot NAT. Here are the services that can tunnel ...
DNS/BIND -- just don't run it on your machine. Stick with one trustworthy nameserver (usually the ISP supplies a good one, but you can use the host -a (some url) instruction to find others, some of which are publicly available. ftp -- just don't run any servers, and don't trust what you download from it if your data rate doesn'tr seem reasonable, (Best in a separate session to snatch the md5sum and always check what you telnet.) telnet -- NEVER use it. use ssh instead. telnet, like ftp and http is vulnerable to a "man in the middle" attack where the ends of the line are desynchronized for the TCP connection and the middleman pretends to be you to the server and pretends to be the server to you. Of course the actual packets you are sending to the server and that the server is sending to you produce a flurry of ACK signals which is easily detectable if there are few hops between you and the server, but long distance connections can be attacked in this way almost undetectably, and any unencrypted TCP connection is vulnerable. Only telnet, or http, or ftp are usually worthwhile attacking for the occasional precious password. There are actual programs in linux which use a few not uncommon libs (libnet, libnids, and libpcap) to do the middleman attack, and test programs for checking network vulnerability do exist (macof -- to try to bust switches, mailsnarf -- man in the middle mail interceptor, and similar). Obviously these were intended to test network vulnerabilities but they are supplied in source and people with every color hat do have access to them, including the blackhats. Best to find another computer at another site, load the test programs available, and attack your own machine, if you want to be really sure of your own security. Of course to do that, you need a friend who runs linux... Join a LUG if you can find one. Civileme Yes it IS really a jungle out there. Tis a good thing that windows is so easy to attack and so plentiful else we would see a lot more script kiddies having a go at linux, and maybe even a few succeeding.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com