how to secure my computer - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: how to secure my computer

On Sun, 09 Apr 2006 21:06:01 -0400, Penguin_X wrote:

Quoted text here. Click to load it

Cheers back at You.  :)

Your English is actually quite good, although it is not hard to see that
it was not your native language.  Most people, if they have the time can
understand and live with, very well, the good level of language skills
that you show.  The bigger danger here is that you will not be able to
express your best thoughts and foremost questions and concerns to
everyone's best advantage.  And your concerns about security are widely
shared, and very valid.  Thank you for asking.

I'll throw a few things "onto the table" in no particular rationale or

First, do look at the list of links that Mikhail posted below in this
thread.  I have not yet studied them thoroughly myself.  But I have no
doubt that they point to much valuable information regarding your
question.  Also as your time allows, there are many good suggestions in
the other messages in this thread and in this group.  Please don't be
intimidated or offended by anything you read and don't be afraid to post
back with feedback or specific questions.  It is very easy for
misunderstandings to develop on usenet; most of us understand that part
and don't let it bother us unnecessarily.  Don't let it bother you
unnecessarily.  If there is something posted that is not clear or
understood, google is usually the fastest remedy.  Or man pages or info
documents.  Many distros have lots of less-known software installed that
can be useful in a security context.  Lots of other good software is
freely available.  If you are able to help, many worthwhile projects could
use it.  Some more on this below.

First, to add to Mikhail's list of sites, some I find of interest: /

Now, some "nitty-gritty", basics.

Always run a firewall.  Check it; understand it; read the logs.  Improve
it as necessary.

Run antivirus software.  I use clamav and freshclam.

Install and use an IDS, Intrusion Detection System.  I suggest tripwire.
This is not for everyone, or for casual or automatic use.  It takes
considerable system time and is only useful under specific conditions: set
your initial scan on a new, known-good system.  When you run it, look at
what it tells you.  Takes time.  But if you do it you are unlikely to have
undetected unwanted malware on your system.  Tripwire only detects the
damage after the malware is on your disk (although it might not
necessarily have already run).

Another good IDS is SNORT.  SNORT is not for beginners and takes
substantial system resources.  But once set up it runs in the background
and protects sort of the same way a firewall works, except to protect your
systems from malware on a much higher level than a firewall.  Snort often
has signatures available to detect and stop new malwares even before major
AV vendors have sigs out.  SNORT is very, very good protection.  SNORT
will detect malwares and stop them *before* they can harm your systems or
even get on your disks.  (BTW, SNORT is also available for other
platforms, such as *gag* windows.)

Only install software from trusted sites.  Check md5 sums (or other
integrity systems) before installing.  Or use Yum Extender for updates,
which does all the checking for you.

To the best extent possible, run current versions of all software.

Protect your systems from unauthorized or untrusted access.  Lock the room
where your computer or workstation is when you are not there.  (Also lock
the room with the file cabinet where your paper records are kept.  You
*do* have a file cabinet, don't you?)  Alarm the room if necessary. Use
strong passwords. Protect the secrecy of your passwords. If someone is
watching while you type your password, change it.  There used to be a
small utility named mkpasswd to generate random strong passwords; no idea
what's available now.

Now some network stuff:

If you know your network well, if your correspondents are known, some
network vulnerabilities can be mitigated or bypassed by "hard-wiring" the
MAC and IP addresses into the files /etc/ethers and /etc/hosts(*).  You
can also use the "host" command to check IP addresses and reverse DNS
lookup hostnames for important remote connections.  See if they are the
same as what you had last time.  This could be helpful in avoiding some
"phishing" attacks and also some "DNS poisoning" attacks.

Avoid "human engineering" attacks by educating yourself and other of your
users to avoid such things as clicking on links in e-mails, opening
executables in e-mails, and opening untrusted executables in general.

If you run a DNS server (BIND-"named"?) keep it private and isolated from
outside public network access via firewall.  Turn off recursive lookups
unless you really know what you are doing.

Whether or not you run your own DNS server, do set up and run nscd (Name
Server Caching daemon) on each of your local machines.  I increase the
refresh time from the default of 3600 seconds to 14400, but that might not
be best in all cases.  Properly configured (in /etc/nscd.conf? ) ncsd will
first check in its cache for recent resolution of a domain name, and only
if that fails will go out to your ISP's DNS servers.  Therefore, it will
cut down on the number of calls to outside sources, and the amount of
information that can be harvested about your activities from outside
sources.  Once set up it runs transparently in the background.  It is
probably already installed in many distros.  You need to turn it on, set
it to run on reboot, and configure it. That is very easy for anyone who
can read and follow simple instructions.

See if you may want to install and run "Tor" (The onion router).  Tor will
probably slow your internet throughput substantially, particularly in peak
periods. Tor uses a system of peers to route your traffic and
substantially reduce the ease of traffic analysis, and the points from
which it can be analyzed. Tor interfaces well with the (Mozilla) Firefox
( web browser, and also requires a proxy (suggested privoxy).
There is a Firefox plugin called Switchproxy that makes using all this
painless once installed and configured (not too hard to do). Tor (does a
DNS lookup,) sets up a SSL (encrypted) link with a Tor server that only
provides one or more routes to your real target through (volunteer - peer)
Tor servers. Tor uses encrypted headers so that no individual Tor server
knows, except for the previous and next hop, where the traffic is coming
from or going to.  Full details are on the Tor homepage.  Tor is partially
supported by EFF.  If you like Tor and can see your way clear, they can
use help and support. One easy way to help is to run a Tor server, which
helps other Tor users have better, faster and less transparent throughput.
They can also use money and programming help. The traffic itself can also
be separately encrypted if desired, without impairing Tor in any way.

If you are a United States resident, become familiar with what has been
written about the Narus 6400 and the warrentless wiretap program.  This is
an incredible widespread program to capture phone and internet traffic.
Reportedly it is in operation *now*.  When you become sufficiently
concerned or alarmed, please contact your local, state and federal
government representatives and communicate your concerns to them.  If you
are eligible to vote but are not registered, register; these folks often
check voter lists to see if they need to care what you think or say.  If
you are registered, _DO_ go to the polls on election day and go through
the motions, even if you don't mark a single line on the ballot.  They
watch how many people go through (as well as who) to gauge how closely
they need to watch voter sentiment. Most intend to retire from their
public service jobs, and may do only what they think they need to do to
watch out for their own future job security.  There are links to the Narus
6400 and the warrentless wiretap program, posted by John, earlier in this
thread.  Or google (as always) might work, but it's pretty new content
(past week), and google can take days or weeks to catalogue some content.

Also write to or call your local and regional news media, and communicate
your concerns to them and to your friends and neighbors.  This is somewhat
breaking or developing news, and there are probably many people who are
not yet fully aware of what is going on.  Do them a favor and inform them
on the issue, as well as your own concern or alarm, as the case may be.

If you reside outside of the United States you should still familiarize
yourself with the issue.  This will not stop at US borders.  When you
become sufficiently concerned or alarmed, and if you are able to do so in
your location, communicate your concern or alarm, as the case may be, to
whomever you know who might be most influential in controlling the spread
of this abomination to your locale.  When you know what this is, you will
not want it anywhere near you.

End of appeal, getting off soapbox now.  Thanks for reading.  And best
wishes and safe computing to all.

Re: how to secure my computer

Good post, newsbox.

Re: how to secure my computer

Thanks john.  I'd jevgr zber but V'z erny ohfl rapelcgvat and
boshfgvpngvat j%w].q ynetr svyrf ubcr v pna erzrzore ubj gb haqb nyy
ixypoortsa guvf fghss pnhfr vgf !va gur obbx

Re: how to secure my computer

On Thu, 13 Apr 2006 15:21:09 -0400, Newsbox wrote:

Quoted text here. Click to load it

(Ynhtuvat).  Lbh pna nyjnlf jevgr gur qverpgvbaf qbja naq cnfgr vg ba
lbhe zbavgbe.  :-)

Re: how to secure my computer

On Sun, 09 Apr 2006 21:06:01 -0400, Penguin_X wrote:

Quoted text here. Click to load it
Quoted text here. Click to load it
Cheers again,

I missed some things in my post earlier this afternoon, which was mostly
on disaster prevention.  You also need disaster recovery.

Make regular system backups.  Do it daily, weekly or whatever makes sense,
but do it on a regular schedule, else you will end up not doing it often
enough or at all.  Keep backup data disks and system re-installation
spare disks handy and secure, but keep a _current_ set somewhere off site
as well.  We all like to think (hope?) that "It Can't Happen Here".  But
if it _does_, plan for recovery.  If you don't have a good friend or
relative really close by, get a lock box (or two!) and put your current
disks in it.  Knock on your (hopefully friendly) neighbor's door and ask
if they would keep it in their closet for a week, when you will return and
exchange it for the new set.  Explain what you are doing and why.  they
will be impressed at your care and sophistication.  It would be wise to
encrypt your data backups.

And not least, when you think you have it all covered - double check it,
and then try a recovery from scratch.  You'll have to either wipe your box
(*ewe!*), or get a spare and try to reconstruct your system there.  Only
this way can you truly have confidence in what you are doing.  But if you
do have that confidence, then when disaster hits, malware takes your
system over or some other unspeakable disaster..., well you won't be
tempted to do the all too common worst thing.  That worst thing is deny it
in the face of reality.  Leave it on-line. Run it anyway - maybe it will
go away...  - - - Don't do it.  Just unplug it, wipe it and rebuild it
from scratch.  It takes a few hours, which you would otherwise waste in
agonizing and then still have to do it all anyway.

And I didn't say but should have in my earlier message:  Encrypt
everything possible, especially whatever traffic goes on to a public
network (internet).  If your experience is like mine, you may find that
few people want to be bothered with all that encryption stuff.  As I said
encrypt everything possible.  And, ... try to stay far away from people
who aren't concerned about their security (or *yours*.)

Ok, that's some of what I missed, anyway. -- Best.

Re: how to secure my computer

On Tue, 11 Apr 2006 18:38:49 -0400, Newsbox wrote:

Quoted text here. Click to load it

Some people like rkhunter, which is probably limited in some ways, but may
tell you some things on your system to be corrected even if you don't have
any rootkits.  It checks a lot of things and runs very well in most cases,
at least as far as I have heard.

Another variant of this is ckrootkit (IIRC).

Quoted text here. Click to load it

Re: how to secure my computer

Penguin_X wrote:

Penguin_X wrote:

Quoted text here. Click to load it

In response to the OP:
Read the story below and the links.  When you become sufficiently
concerned or alarmed as the case might be, and you are a United States
citizen, contact your local, state and federal government representatives
and explain your concerns to them.

Ask them to tell you what their position would be concerning these issues.

AT&T Seeks to Hide Spy Docs

By Ryan Singel| Also by this reporter 11:00 AM Apr, 12, 2006

AT&T is seeking the return of technical documents presented in a lawsuit
that allegedly detail how the telecom giant helped the government set up a
massive internet wiretap operation in its San Francisco facilities.

In papers filed late Monday, AT&T argued that confidential technical
documents provided by an ex-AT&T technician to the Electronic Frontier
Foundation shouldn't be used as evidence in the case and should be

The documents, which the EFF filed under a temporary seal last Wednesday,
purportedly detail how AT&T diverts internet traffic to the National
Security Agency via a secret room in San Francisco and allege that such
rooms exist in other AT&T switching centers.

The EFF filed the class-action lawsuit in U.S. District Court in Northern
California in January, seeking damages from AT&T on behalf of AT&T
customers for alleged violation of state and federal laws.

Mark Klein, a former technician who worked for AT&T for 22 years, provided
three technical documents, totaling 140 pages, to the EFF and to The New
York Times, which first reported last December that the Bush
administration was eavesdropping on citizens' phone calls without
obtaining warrants.

Klein issued a detailed public statement last week, saying he came forward
because he believes the government's extrajudicial spying extended beyond
wiretapping of phone calls between Americans and a party with suspected
ties to terrorists, and included wholesale monitoring of the nation's
internet communications.,70650-0.html

eliminate the spam-

Re: how to secure my computer

Hash: RIPEMD160

responder wrote:
Quoted text here. Click to load it
Quoted text here. Click to load it

I think that this is nothing new. For more on this topic have a look at:
Version: GnuPG v1.4.1 (GNU/Linux)


Re: how to secure my computer

Matthias Kirchhart wrote:

Quoted text here. Click to load it

ECHELON has been widely acknowledged to have been eavesdropping *outside
of* the US.  US Courts and US Congress have variously and repeatedly
required specific oversight and specific authorization for any similar
Executive activities *within the US*.  Until this point in time there has
always been at least a pretense that the powers of the Government and
particularly the Executive were constrained by the will and whatever sense
of fairness of the Electorate, and by the US Constitution, the
Institutions of Government and a system of "checks and balances".  We are
now seeing (at least) two critical differences.

1.    The Executive is now (apparently) claiming *exclusive authority* to act
in these previously prohibited ways unfettered by _any_ further
constraints from the US Congress _or_ US Courts.  Importantly, the
Executive now seems to want to claim the right to conceal its acts from
the public *and from other Institutions of Government*, acts which until
now have always been considered prohibited.

2.    An entirely new generation of vastly more powerful monitoring equipment
is being installed within the Continental US with the clear intention of
long-term eavesdropping on communications *within* the US.  This new
equipment far exceeds even ECHELON.  With no possible realistic
expectation of effective long-term concealment of existence of these
facilities or their purposes, the Executive appears to have presented us
with a "fait acomplis", or as he might say "Mission Accomplished".

The unfolding Perjury/Obstruction case surrounding I. Lewis "Scooter"
Libby serves to amplify concerns about these above developments.  There
"appear to be" credible bases for questions that have already been raised,
concerning whether the Executive and his administration have already
misused their access to secret information.  The "appearance" is that
he/they (may have) misused secret information for personal or political
purposes and to the detriment of private US citizens who were not
themselves accused or suspected of any wrongdoing.

Taken individually any of these facts or appearances could be extremely
troubling.  Taken together they present worldwide implications.

This is an excellent article and source.  Thank you for linking it.  Thank
you for writing.

As this thread was originally about computer security, we should try to
avoid going OT, which you did not do.  Thanks again.

eliminate the spam-

Re: how to secure my computer

Re: how to secure my computer,70650-0.html
eliminate the spam-

Re: how to secure my computer

eliminate the spam-

Site Timeline