Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: host name and security

Hybrid View

  1. #1
    Join Date
    Aug 2007
    Location
    Paris
    Beans
    5,538
    Distro
    Ubuntu 11.04 Natty Narwhal

    host name and security

    By default, the Ubuntu installer will give a machine a host name of "user-desktop," where "user" is the name of the account created during install. I was wondering if this poses any kind of security risk, because it would give attackers a valid account name that they can use in conjunction with password brute-force attacks against ssh and so on. Aren't we making it easier for attackers by advertising the name of the default user account? Or is this not really something to be worried about?

  2. #2
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,698

    Re: host name and security

    I agree it's a slight issue - much more of one if you don't use key based authentication and don't use strong passwords.

  3. #3
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Beans
    1,393
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: host name and security

    I think its a valid point. Knowing half of a username/password is certainly better than not knowing either; having the just username is arguably better than just the password, since a large number of people tend to use weak passwords. And this is an account which is automatically given sudo privileges.

    You can change it during the install, but I am sure many people will not take the time to do so. They should have the installer prompt for a unique computer name, instead of automatically putting the user account in there; perhaps even go so far as to make sure the hostname cannot contain the initial account name.

  4. #4
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: host name and security

    How would a remote user retrieve the computer name from ubuntu? The only way I could think of is if samba is installed.

  5. #5
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: host name and security

    Quote Originally Posted by cdenley
    How would a remote user retrieve the computer name from ubuntu? The only way I could think of is if samba is installed.
    I pose the same question.
    Because SSH is not installed by default, and even if it was, the prompt would be user@ip (user is the remote user).

    Please show me how this is a valid threat.

    Dr Small
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  6. #6
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Beans
    1,393
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: host name and security

    Quote Originally Posted by Dr Small View Post

    Please show me how this is a valid threat.

    Dr Small

    Maybe I am just overly paranoid, but I don't see why you would give out that information unnecessarily.

    I have read about javascript and java applets that can determine your local ip and local hostname when you view a web page. Flash was found to have the ability to initiate socket connections on the local machine and be used to port scan the internal network. Javascript was also found, in theory at least, to be able to connect to the web interface of the typical home router.



    Sky is falling threat? Probably not.

    Something to be concerned about? I think so.

  7. #7
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: host name and security

    You can always install NoScript and FlashBlock for extra security.
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  8. #8
    Join Date
    Aug 2007
    Location
    Paris
    Beans
    5,538
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: host name and security

    I've also noticed that a lot of the headers for mail I send contain my host name, so anyone I email (or who sniffs and reads my mail while it's in transit) knows it if he wants it. This is not a big deal, as the chances of someone looking at a mail header and exploiting the information in this way are very, very low, but my understanding of computer security is that no matter how safe you think you are, you should still try to do better.

    Anyway, I just wanted to know if this was a legitimate concern (even if there are a lot of more pressing things to worry about). Thanks all for the information.

  9. #9
    Join Date
    Feb 2008
    Beans
    606
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: host name and security

    Quote Originally Posted by Monicker View Post
    Javascript was also found, in theory at least, to be able to connect to the web interface of the typical home router.
    Who needs Javascript? Some home routers can be reprogrammed by an <IMG> tag (see the recent DNS reprogramming attack in Mexico).

    While I agree that SSH should rely on strong passwords or keys, I still lean towards giving an attacker as little information as possible; if they don't know your username then it's much harder to try to break in, which is why login programs no longer tell you that you entered an invalid user ID.

  10. #10
    Join Date
    Aug 2007
    Location
    Paris
    Beans
    5,538
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: host name and security

    How would a remote user retrieve the computer name from ubuntu? The only way I could think of is if samba is installed.
    There must be some way to get the host-name using a port scan, isn't there? Even if you can't, which would surprise me, many people do you samba.

    I opened up my ssh port the other day to the Internet and have been surprised by how often brute-force attacks occur. In the last twenty-four hours, I've had two. I have OSSEC running with active-response, so it shuts down any attacks as soon as they start, but I was still a little scared to realize how often people try to break in, because this is just a workstation, behind a proxy, in my house. If people are trying to brute-force against my desktop machine, it must be much worse for a server on a corporate or academic network.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •