Re: [newbie] Internet security Mandrake 9.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 23 January 2003 10:05 pm, Derek Jennings wrote: (Hmm How do you know that site does not contain malicious HTML designed to cause a buffer overflow in your browser and install a Trojan on your computer? - The best defence against that possibility is to not visit the site with Internet Explorer :-) I read at www.linuxsecurity.com that there is a trojan for linux in mp3 files. Have you heard or read about this, Derek ?. Could tripwire protect linux box from trojan horses ?. Any comments will be appreciated. - -- Rifza Adriansyah Are you using GnuPG ? Find my public key at http://belgium.keyserver.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+MRZQH9VEhcXPGz4RAunlAJ9sMfw2KxGVH4RYlfWdxC2bmcNY7gCeP7iD kdIK8pYVNphWhn7lgGV5E9k= =XLrN -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Friday 24 Jan 2003 10:32 am, Rifza Adriansyah wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 23 January 2003 10:05 pm, Derek Jennings wrote: (Hmm How do you know that site does not contain malicious HTML designed to cause a buffer overflow in your browser and install a Trojan on your computer? - The best defence against that possibility is to not visit the site with Internet Explorer :-) I read at www.linuxsecurity.com that there is a trojan for linux in mp3 files. Have you heard or read about this, Derek ?. Could tripwire protect linux box from trojan horses ?. Any comments will be appreciated. - -- Rifza Adriansyah Yes. I read about it here http://212.100.234.54/content/6/28842.html and here http://www.pclinuxonline.com/modules.php?name=Newsfile=articlesid=4252 It exploits a bug in a version of mpg123 to run arbitary code when you play a malicious mp3 file. It can damage files in your *user* account (so long as you are not running as root) The version of mpg123 shipped with Mandrake is not vulnerable, and the alternative mp3 player mpg321 is not affected. There was also a bug found in mozilla a while back which would allow a malicious website to run arbitary code in your computer. http://www.mozilla.org/projects/security/known-vulnerabilities.html I am no security expert, but I do not think Tripwire would protect against either of those attacks. As I understand it tripwire works by comparing files checksums against those previously calculated to find evidence of intrusion. (As can msec) While Linux is not immune to malicious attack, it is certainly better protected than Windows, but you should still get your security updates regularly. derek -- -- www.jennings.homelinux.net Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Internet security Mandrake 9.0
Do a search on google, there are tons of tutorials on IPTables. A good place to start is www.netfilter.org or http://www.linuxguruz.org/iptables/ Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vaessen, E.M.J. (Ed) Sent: Thursday, January 23, 2003 3:58 AM To: '[EMAIL PROTECTED]' Subject: [newbie] Internet security Mandrake 9.0 I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Ed Vaessen Disclaimer Aan dit bericht kunnen geen rechten worden ontleend. Dit bericht is uitsluitend bestemd voor de geadresseerde. Als u dit bericht per abuis hebt ontvangen, wordt u verzocht het te vernietigen en de afzender te informeren. Wij adviseren u om bij twijfel over de juistheid of de volledigheid van de mail contact met afzender op te nemen. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Thursday 23 Jan 2003 9:58 am, Vaessen, E.M.J. (Ed) wrote: I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Ed Vaessen This is a good place to start. http://www.mandrakesecure.net/en/docs/msec.php http://www.mandrakelinux.com/en/doc/90c/en/Server_Conf_Guide.html/security.html For a desktop system 'High' is probably too high a security level. You will find the system will not let you do what appears to be innocent things. If you are coming from the Windows world 'Standard' security is already much higher than you had before. derek -- -- www.jennings.homelinux.net Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
Ed said: I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Setting msec to high is a good first step, but you need to make sure shorewall is on also. You'll find it under Security in the Mandrake Control Center. For more info on security check out MandrakeUser (http://www.mandrakeuser.org/docs/index.html). -- Anthony Abby - http://www.aplusdata.com Comic Book Community News| Web Programming Inventory and Management System | Cold Fusion PHP ASP Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Internet security Mandrake 9.0
Hello Derek, Even though 'high' is very severe according to your words, my connection to the internet via my ISP works fine and I encountered no road blocks towards internet. Your remarks give me a very save feeling (but: who can assure me that you are not a malicious hacker trying to lull me and rule my machine?) Ed -Oorspronkelijk bericht- Van: Derek Jennings [mailto:[EMAIL PROTECTED]] Verzonden: donderdag 23 januari 2003 13:14 Aan: [EMAIL PROTECTED] Onderwerp: Re: [newbie] Internet security Mandrake 9.0 On Thursday 23 Jan 2003 9:58 am, Vaessen, E.M.J. (Ed) wrote: I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Ed Vaessen This is a good place to start. http://www.mandrakesecure.net/en/docs/msec.php http://www.mandrakelinux.com/en/doc/90c/en/Server_Conf_Guide.h tml/security.html For a desktop system 'High' is probably too high a security level. You will find the system will not let you do what appears to be innocent things. If you are coming from the Windows world 'Standard' security is already much higher than you had before. derek -- -- www.jennings.homelinux.net Disclaimer Aan dit bericht kunnen geen rechten worden ontleend. Dit bericht is uitsluitend bestemd voor de geadresseerde. Als u dit bericht per abuis hebt ontvangen, wordt u verzocht het te vernietigen en de afzender te informeren. Wij adviseren u om bij twijfel over de juistheid of de volledigheid van de mail contact met afzender op te nemen. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Thursday 23 Jan 2003 2:00 pm, Vaessen, E.M.J. (Ed) wrote: Hello Derek, Even though 'high' is very severe according to your words, my connection to the internet via my ISP works fine and I encountered no road blocks towards internet. Your remarks give me a very save feeling (but: who can assure me that you are not a malicious hacker trying to lull me and rule my machine?) He's wicked! Wicked I tell you! g Anne -- Registered Linux User No.293302 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Thursday 23 Jan 2003 2:00 pm, Vaessen, E.M.J. (Ed) wrote: Hello Derek, Even though 'high' is very severe according to your words, my connection to the internet via my ISP works fine and I encountered no road blocks towards internet. Your remarks give me a very save feeling (but: who can assure me that you are not a malicious hacker trying to lull me and rule my machine?) Ed Well give me your IP address, root password and Credit card number, and then see how trustworthy I am :-) Seriously :- At high security the msec security system will enforce file permissions quite strictly. People on high security often complain they set file permissions one way, and then a few minutes later they get changed. If 'High' works for you then fine. But be aware if 'weird' things happen it could be because of the security level. BTW: The security level is unrelated to the firewall. You can test your firewall here http://scan.sygatetech.com/ (Hmm How do you know that site does not contain malicious HTML designed to cause a buffer overflow in your browser and install a Trojan on your computer? - The best defence against that possibility is to not visit the site with Internet Explorer :-) derek -- -- www.jennings.homelinux.net Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Internet security Mandrake 9.0
On Thu, 23 Jan 2003 10:58:28 +0100 Vaessen, E.M.J. (Ed) [EMAIL PROTECTED] wrote: I installed Mandrake 9.0 on my PC, that is connected to my internet provider via an ADSL USB modem. I don't have a network, just a simple PC. The security level was put to 'high' during installation, but I don't know at all to what extend I am protected against what. But I am online during many hours a day and I guess hat this makes security more and more important. I delved through many internet pages dealing with firewall and security information but they very often deal with setting up a firewall for computer on a network. Does anyone know where to find information about configuring security on a single PC? Howdy, I recently had problems with the security level I was using (msec level 4) - that level did work for me once when I had a computer setup to only be a firewall/router protecting our local home network. No other services except Internet Conenction Sharing were supplied by that computer to the local network in the house so it worked fine. BTW, I also ran a firewall in that setup in case you were wondering. However, when I attempted to use the same computer for a firewall/router AND samba file sharing - samba was not able to share the files to the local network. Level 4 - which I believe from your post you are not using, blocks any local services from that computer configured as such to the network. From Derek J.'s post to my recent issue with msec level 4 and samba, I learned there are ways to open up services like samba...but I had no luck. Your results may vary if you choose that level. FYI, the description of level 4 in text was called Higher- just below Paranoid(level 5) The description Mandrake provides for msec levels made me think level 4 was what I wanted/needed - ie; #1 the firewall/router is a server and #2 it is always connected to the internet. What I ended up doing is dropping down to level 3 (High) and now samba is happily sharing files across the local network. Level 3 is what I use for my p.c. also and I have gotten used to any odd things there may be. To me, it is acting like a normal Linux system should, but then I have never tried level 2 so I cannot compare it. I choose to keep level 3 for my p.c. and it works for me. I would prefer to go back to level 4 for our firewall/router someday, but I am a guy who learns well from reading about success stories or well explained howto's - of which it is slim pickens for msec itself. man mseclib does give some good info though, along with the links Derek posted already (forgive me if I forgot that somebody else has posted a link) IMO, level 3 is just about right for your setup - along with a good set of firewall rules, then again - what ever works for you should be good. Just remember to keep a firewall going on your system, even if you do not have a network to protect. You need to guard against somebody gaining access to your p.c. and using it to their advantage. Just my 2 cents worth (ok, maybe 3 or 4) Good luck Steve -- Linux user #280097 Machine #162480 http://counter.li.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com