Breaking into Computers Without Permission

[legover]

I recently posted some data on the benefits of running Blackice alongside Zonealarm, publishing on a variety of forums to determine their value on a test-bed machine. Within a few days the machine was hacked by a winreg attack, Zonealarm completely compromised same Blackice (No Adapters found) & Rappap.exe unremovable also. (delete rights denied on both) Apparently the original author of my post is right in his claim that Zonealarm is an all but useless protection device while connected to the Internet where the IP address can be established. The source of the attack is unknown though i have some suspicions being that the OS running on the machine is slighly unusual with a large number of permissions denied through my OS's inherited permissions config as part of a subnet, (locked shared files, denied possession of ADMINISTRATORS password, burner disabled, the list is long). it was an interesting experiment & the last two weeks have been a great opportunity to get more familiar with OSes & get to the point where there's no need to rely on OS installers who seem to enjoy manipulating events through their their privileged positions. an excellent learning experience & without this hack i'd still be pretty clueless about the OS we all rely on so heavily.

 

 

[khunsanuk]

Hi,

 

Uh... sorry but I don't quite follow the post. Are you saying that Zonealarm alone is effective or that it isn't and you need to run BlackIce as well?

 

Sanuk!

 

[BritTim]

An interesting experiment indeed! Personally, I have never used two personal firewalls at once. Your experience just reinforces the message that no single approach can secure a machine (or network).

 

For what it is worth, here is my view of the best economical approach to securing systems:

 

* Use a separate router/firewall to face the Internet. This should be Unix based: ideally something like Coyote or Frazier Wall that runs from R/O diskette and requires no hard drive. This has many advantages. Such a router is difficult to crack in the first place because it is minimalist in design. There is little to attack. Even should the router be compromised, with no hard drive, everything can be cleaned up with a reboot. Such a router is dirt cheap and requires negligible maintenance, though initial setup is non trivial.

 

* The main machine (or wider network) is connected via NAT. While not a 100% guarantee of safety, an external attack is much harder to mount when there is no Internet visible IP address to go after.

 

* Turn off all services that are not absolutely needed. The less that is running, the less there is for an attacker to go after.

 

* On all machines, have an up to date virus checker and a personal firewall (for stability reasons, a spyware detector also).

 

* If it is absolutely necessary to provide services to Internet users, try to use a single machine to do so and place the machine on a separate subnet so, if it is compromised, it cannot easily be used to infect the rest of your network.

 

* Intrusion detection products are useful, but tend to be pretty expensive: for personal users and small networks, they are probably not justified.

[danish30]

Hi BritTim,

 

Solid advice on securing a small network solution but maybe a little over the top for the average internet user. I think often a personal firewall, and most important peoples behavior on the internet such as what sites they visit, how they handle email attachments, what programs are downloaded and installed is a good start to stay somewhat secure.

 

For coporate network security I have often seen bad setups of good products (cisco pix and so on) ending in an overall low security. I think if people have to ask for eg. what port to open for the email server and so on, then they should not be allowed near the firewall in the first place.

 

Best regards,

 

Danish30

 

 

[BritTim]

maybe a little over the top for the average internet user

---

In many cases, you are right -- because they do not have somone to do the initial setup for them. For sure, this requires quite a bit of knowledge. For those with a friendly geek to help, however, I regard a router/firewall as quite appropriate for a home computer. The reason: easy maintenance and economy. Even those with no ancient machine they can use can pick up suitable hardware in Panthip Plaza for 3,000 baht or less. The software is free. It is difficult to expect the average home user to be up to date on patches. A solid router/firewall gives a good chance of escaping damage even on an unpatched machine on a broadband connection.

[adikgede]

I agree with BriTim, you have to be behind a firewall not on top of it. Many firewalls will run on what would otherwise be an abandoned cpu. I also think that solid state routers/switches that do NAT/IP Masq are cheap and easy providing enought of a barrier for most people.

 

While the LRP derivatives like Coyote and Frazier may be a bit daunting for the average Joe Sentry Firewall which is also derived from the now defunct Linux Router Project runs off a CDRom and may be a little easier to configure. I think it even uses Webmin as the interface which seems complex at first but is well documented and supported. I have always thought that freescoshowed promise, but not many people seem to use it.

 

Smooth Wall is very actively developed and used with a complex but accessable web interface. Needy people will get the most help here, but expect to be ignored if its obvious you haven't read any of the documentation.

 

E-Smith, now SME Server is a bit bloated but there is a large user group and its pretty easy to set up. I remember that the Dial on Demand server worked very well when I used v4 years ago. The instructions are very well written. With the CD in hand and a printed version of the instruction a novice could be up and running in an hour or two.

 

There are lots of other little firewalls floating around search freshmeat.net or google.

 

I am of the mind that NAT/IP Masq takes care of most problems a $20 solid state router/switch will do that and some even have firewalls. If you are tired of being a target see if you can live without MS Windows, 9/10 + desktop users us MSW and probably 9/10 of the attacks have their sites set on MSW. Failing that see if you cant live without Outlook, IE, and the "rich scripting features of the MS Office family."

 

ag

 

[Guest]

adikgede, brit tim and all

 

No doubt you chaps have more than the basics on all this technological expertise. If i was to open an online store, I would want all your opinions/solution.

 

But what do you see as the purpose to we little private computers in all this hardware/software/ protextion. I do not consider myself to be in any meanscomputer illiterate, but fail to grasp the necessity of all this for the average Joe.

 

If someone really wants to view the pictures of my last trip to LOS stored on my machine, let them. Do they want my latest score in the strategy game I'm playing. Passwords?? to my account at Nanaplaza, or the book store. Bank info?? don't think they can get there from here. Ain't no money in it anyway. So what's it really all about guys? or are we just contributing to the worldwide paranoia and pockets of the doomsayers?

 

PS, I'm in awe at the level and amount of tech info freely shard on this board.

[adikgede]

Actually Im pretty much of the same opinion as you. I was just responding to the previous posts. If you need security the best firewall is separate from the machine you need to protect. There is nothing interesting on my machine and since I use OS X and Linux I don't feel like that many people would be interested in attacking me if they could find me. We have a firewall at home because we do need to protect a few computers that my brother is using for work, and at the same time have them available for people in other parts of the country who need data on those computers.

 

I am not going to say how these computers are protected but even without using a firewall putting them behind a router quieted down the never ending warnings on two computers that had been running Symantec. I think one advantage to a single purpose firewall is to do away with the personal firewalls that people run on their computers. I find it pretty annoying to use a computer and be bombarded with warnings about suspicious behaviour or the need to update software, most of it seems commercially oriented and to my mind an offense to a productive or enjoyable computing experience.

 

 

[Guest]

Thank you.

[ALHOLK]

Hi!

 

It's quite possible for someone with the right knowledge to take over your computer. It has been done frequently. Your computer can be used to distribute illegal material. You probably don't want some cops knocking on your door and asking why you are distributing virus, kiddie porn, pirated software etc. Even though it will most likely be sorted out in the end it will cost you a lot of grief. If you're on a dial up line the risk is minimal but if you have a broadband connection and leave the computer on around the clock it's a real issue.

 

regards

 

ALHOLK