Page 3 of 7 FirstFirst 12345 ... LastLast
Results 21 to 30 of 62

Thread: Can anybody help a noob?

  1. #21
    Join Date
    Jun 2011
    Beans
    32
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Can anybody help a noob?

    Quote Originally Posted by BkkBonanza View Post
    As far as I know Ubuntu forums doesn't use HTTPS (SSL) for security during login. At least, I just tried it and it didn't, though I didn't check if it can forced to use it.

    This is a bit silly nowadays but I guess they don't consider security of login creds too critical. Anyway, you likely just saw a message from your browser warning you that this is the case. If the forum doesn't support it there's not much you can do except perhaps login only when using an SSH tunnel. That will protect your whole connection from outside eavesdropping regardless of whether you use HTTPS for the site. But it also requires that you have some outside server you can connect via - which not everyone has handily available.

    There is anti-virus programs for linux but they aren't going to help you with anything like this as this lack of encryption has nothing to do with a virus anyway. Virus problems on Linux are much less common and rarely a threat like under Windows. If you want to know more then read the Sticky at top of this forum.
    Much thanks for the answer, I was not sure if the info was simply readable that what I was writing in the forums or if my password was readable.

  2. #22
    Join Date
    Apr 2008
    Location
    Far, far away
    Beans
    2,148
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Can anybody help a noob?

    When you login without https your data including userid and password are potentially readable by someone who is able to intercept your traffic. On a wifi connection this can be very easy. On a wired connection, less so, but still not too difficult to pull off and dependent on the arrangement of your network and connection to the internet.

    If the web site you are on does not provide an https page for login then you have no choice about data being visible, except to take further measures using either a VPN or SSH proxy. In either case your data is encrypted and passed thru a tunnel to another server located somewhere. It is secure to that point, which is generally much better than your local network or ISP.

    There are paid-for VPN and SSH services out there which are particularly useful for securing net cafe and wifi connections. There are also ways to set this up using free services (more or less useful depending on trustworthiness of the server).

  3. #23
    Join Date
    Jun 2011
    Beans
    32
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Can anybody help a noob?

    Quote Originally Posted by BkkBonanza View Post
    When you login without https your data including userid and password are potentially readable by someone who is able to intercept your traffic. On a wifi connection this can be very easy. On a wired connection, less so, but still not too difficult to pull off and dependent on the arrangement of your network and connection to the internet.

    If the web site you are on does not provide an https page for login then you have no choice about data being visible, except to take further measures using either a VPN or SSH proxy. In either case your data is encrypted and passed thru a tunnel to another server located somewhere. It is secure to that point, which is generally much better than your local network or ISP.

    There are paid-for VPN and SSH services out there which are particularly useful for securing net cafe and wifi connections. There are also ways to set this up using free services (more or less useful depending on trustworthiness of the server).
    That must be the best answer for such an obscure question that anyone can give, thank you!!!!!
    I do not in any way trust this ISP, nor do I trust the other user in this house to be responsible enough to secure the network...he is out of practice and does nothing but play WOW all night with no updates being installed on his pc...leaving the full network vulnerable to critical attacks.
    It cost me a nice computer, now I am stuck with a dinosaur handout.
    Thank you for helping me friend.

  4. #24
    Join Date
    Apr 2011
    Beans
    484

    Re: Can anybody help a noob?

    Quote Originally Posted by Strom View Post
    It cost me a nice computer, now I am stuck with a dinosaur handout.
    That's enough for a Linux hacker.

    Some distros make Ubuntu specs look high-end.



    On a completely unrelated note, if he's so incompetent, take over yourself.

    arp -a

    Login to the router by plugging it's IP into your browser, then googling the default password.

    If it's not the default you probably have nothing to worry about.

    (For anyone who may be angry at me for telling him this, anyone who has a default password may as well be leaving their wifi open to the world.)

    Of course, if you change the password from the default you'll have to let the owner know you did so, otherwise he won't be able to authenticate to it.

    All other security issues aside, one reason to do this is that a special brand of jerks make it a hobby to go around locking people out of their routers, because they can.

    Nothing can fix your untrustworthy ISP, besides maybe tunneling.
    Last edited by Thewhistlingwind; June 22nd, 2011 at 06:13 AM.
    Life is an extraordinarily long concatenation of luck and coincidence.

  5. #25
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Can anybody help a noob?

    I am sure many people have said a lot of what I am about to say before. However, I figured I would just make my base line suggestions if you are concerned about security on your Ubuntu installation.

    First off Ubuntu is fairly secure out of the box , so long as you're not opening up ports left right and sunday. However, here are several tips that should be able to help you along the way. Note, I am not writing an in depth tutorial as some of these tips depend on the hardware you are using. Consult documentation for anything you are unsure of how to do.

    If possible , start with a clean install. If you don't have anything terribly important on your computer or, things that are easily backed up I highly recommend starting with a fresh install. It's not so much that you can't fix whatever may be wrong with the system already, as it offers a peace of mind if you will.

    Update, you don't have to install every single update available (although I recommend it since it helps the developers get feedback). However, security updates are important. Ubuntu allows you to choose your update options at install time. However you can always just do an update from the terminal by doing the following.

    sudo apt-get update && sudo apt-get upgrade

    Enable Uncomplicated Firewall (UFW). By default UFW runs with full inbound deny policies. This is fine, unless you are hosting some sort of server off of your machine. Make sure UFW is running by typing the following in a terminal.

    sudo ufw enable (conversely if you wish to disable it use disable instead)

    Harden your kernel through sysctl.conf : this is a more advanced task and is really over kill on a desktop system although it will give you an extra measure of prevention against some types of attacks, most you will never see on a desktop system. If you wish to do that I will be happy to provide you with a well commented example of a hardened sysctl.conf file and instructions on updating it. Send me a private message.

    Browser Security : Make sure whatever browser you're using, either I recommend Firefox or Chrome is updated to the latest version PARTICULARLY in regards to Flash, there have been a million flash exploits running around in the past few months, and most of them can lead to remote code execution. Disable Javascript, get a script auditing addon like No-Script for Firefox, there are similar extensions for Chrome. Use Secure Socket Layer whenever possible, it won't help with viruses but it can help with ARP poisoning and MITM style attacks, as well as other credential/session hijacking methods. Watch your pdf's. PDF's and many other types of files can be payloaded, use common sense when surfing the internet. (seems like you already do)

    Viruses, Root-Kits, and other Malware : There isn't a ton of this stuff running around for Linux, and even less of it actually works on current distros. However if you want to be safe I recommend a program like rkhunter or chkrootkit. You can get them by typing the following in a terminal

    sudo apt-get install rkhunter
    sudo apt-get install chkrootkit

    Again, use common sense with downloading, stick to official repositories, don't add personal repos without knowing what you're installing. Also avoid installing random shell scripts that you aren't sure what they do. If you haven't learned bash yet, I suggest doing so it will help.

    Check for world writeables , this isn't too important if you're not running servers, however you can never be too careful. Check for directories running world writable permissions. You can do this by typing the following in a terminal.

    sudo find /* -type d -perm -002

    Router (if you have one) : Make sure if you're using a router (which I recommend doing). That your system is not in the DMZ, although if you have completed the above steps it won't matter, also make sure you don't have any ports forwarded or vnat'ed. Additionally, if you're using wireless make sure your encryption type is WPA (preferably not PSK if your router supports private keys). Whatever you do, don't use WEP. A lot of people will tell you to hide your SSID, it's a waste of time don't bother it shows up on airodump-ng wether it's hidden or not. Pick a long cipher key for your WPA passphrase (preferably 32 characters or more it gets saved so it's not like you're going to have to type it all the time). Make sure you change your routers default password from admin to something strong (at least 16 characters containing uppercase, lowercase, special characters, numbers and white spaces). Also make sure you turn off remote administration.

    Strong passwords : Everything that needs a password needs to have a STRONG password. A strong password is considered at LEAST 16 characters preferably 32 containing uppercase, lowercase, special characters, numbers and white spaces. Additionally, do not share passwords between accounts. Particularly on any publicly accessible sites such as gmail , yahoo , etc. Do NOT ever make your root password the same as your username password. To change your root password from the default (which is the same as your username) do the following in a terminal

    sudo su
    passwd

    It will prompt you to change your password. (In keeping with what the staff member below me said make sure you read this link before doing the above step.)

    Finally if you're still a little paranoid you can install an intrusion detection system such as snort or psad (which actually is for port scans). This is extremely over kill if you are firewalled and not running a server of any type, these should in theory see little to no traffic, especially if you're behind a router.

    Hope that helps.

    EDIT: I forgot to mention apparmor , put some research into installing apparmor profiles for the applications you use regularly, browsers etc etc.
    Last edited by Dangertux; June 22nd, 2011 at 06:48 AM.

  6. #26
    Join Date
    Apr 2008
    Location
    Far, far away
    Beans
    2,148
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Can anybody help a noob?

    Be sure you read the forum sticky on root password before deciding to do that yourself.

  7. #27
    Join Date
    Jun 2011
    Beans
    32
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Can anybody help a noob?

    Quote Originally Posted by Dangertux View Post
    I am sure many people have said a lot of what I am about to say before. However, I figured I would just make my base line suggestions if you are concerned about security on your Ubuntu installation.

    First off Ubuntu is fairly secure out of the box , so long as you're not opening up ports left right and sunday. However, here are several tips that should be able to help you along the way. Note, I am not writing an in depth tutorial as some of these tips depend on the hardware you are using. Consult documentation for anything you are unsure of how to do.

    If possible , start with a clean install. If you don't have anything terribly important on your computer or, things that are easily backed up I highly recommend starting with a fresh install. It's not so much that you can't fix whatever may be wrong with the system already, as it offers a peace of mind if you will.

    Update, you don't have to install every single update available (although I recommend it since it helps the developers get feedback). However, security updates are important. Ubuntu allows you to choose your update options at install time. However you can always just do an update from the terminal by doing the following.

    sudo apt-get update && sudo apt-get upgrade

    Enable Uncomplicated Firewall (UFW). By default UFW runs with full inbound deny policies. This is fine, unless you are hosting some sort of server off of your machine. Make sure UFW is running by typing the following in a terminal.

    sudo ufw enable (conversely if you wish to disable it use disable instead)

    Harden your kernel through sysctl.conf : this is a more advanced task and is really over kill on a desktop system although it will give you an extra measure of prevention against some types of attacks, most you will never see on a desktop system. If you wish to do that I will be happy to provide you with a well commented example of a hardened sysctl.conf file and instructions on updating it. Send me a private message.

    Browser Security : Make sure whatever browser you're using, either I recommend Firefox or Chrome is updated to the latest version PARTICULARLY in regards to Flash, there have been a million flash exploits running around in the past few months, and most of them can lead to remote code execution. Disable Javascript, get a script auditing addon like No-Script for Firefox, there are similar extensions for Chrome. Use Secure Socket Layer whenever possible, it won't help with viruses but it can help with ARP poisoning and MITM style attacks, as well as other credential/session hijacking methods. Watch your pdf's. PDF's and many other types of files can be payloaded, use common sense when surfing the internet. (seems like you already do)

    Viruses, Root-Kits, and other Malware : There isn't a ton of this stuff running around for Linux, and even less of it actually works on current distros. However if you want to be safe I recommend a program like rkhunter or chkrootkit. You can get them by typing the following in a terminal

    sudo apt-get install rkhunter
    sudo apt-get install chkrootkit

    Again, use common sense with downloading, stick to official repositories, don't add personal repos without knowing what you're installing. Also avoid installing random shell scripts that you aren't sure what they do. If you haven't learned bash yet, I suggest doing so it will help.

    Check for world writeables , this isn't too important if you're not running servers, however you can never be too careful. Check for directories running world writable permissions. You can do this by typing the following in a terminal.

    sudo find /* -type d -perm -002

    Router (if you have one) : Make sure if you're using a router (which I recommend doing). That your system is not in the DMZ, although if you have completed the above steps it won't matter, also make sure you don't have any ports forwarded or vnat'ed. Additionally, if you're using wireless make sure your encryption type is WPA (preferably not PSK if your router supports private keys). Whatever you do, don't use WEP. A lot of people will tell you to hide your SSID, it's a waste of time don't bother it shows up on airodump-ng wether it's hidden or not. Pick a long cipher key for your WPA passphrase (preferably 32 characters or more it gets saved so it's not like you're going to have to type it all the time). Make sure you change your routers default password from admin to something strong (at least 16 characters containing uppercase, lowercase, special characters, numbers and white spaces). Also make sure you turn off remote administration.

    Strong passwords : Everything that needs a password needs to have a STRONG password. A strong password is considered at LEAST 16 characters preferably 32 containing uppercase, lowercase, special characters, numbers and white spaces. Additionally, do not share passwords between accounts. Particularly on any publicly accessible sites such as gmail , yahoo , etc. Do NOT ever make your root password the same as your username password. To change your root password from the default (which is the same as your username) do the following in a terminal

    sudo su
    passwd

    It will prompt you to change your password. (In keeping with what the staff member below me said make sure you read this link before doing the above step.)

    Finally if you're still a little paranoid you can install an intrusion detection system such as snort or psad (which actually is for port scans). This is extremely over kill if you are firewalled and not running a server of any type, these should in theory see little to no traffic, especially if you're behind a router.

    Hope that helps.

    EDIT: I forgot to mention apparmor , put some research into installing apparmor profiles for the applications you use regularly, browsers etc etc.
    A=You are from the city that continues to send me false government documents....
    B=You just joined...4rth bean...
    C=You give me way to much info.
    I will follow the admins advice below yours.
    Thanks anyway.....
    Last edited by Strom; June 22nd, 2011 at 05:22 PM. Reason: error in last sentence.

  8. #28
    Join Date
    Jun 2011
    Beans
    32
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Can anybody help a noob?

    Quote Originally Posted by Thewhistlingwind View Post
    That's enough for a Linux hacker.

    Some distros make Ubuntu specs look high-end.



    On a completely unrelated note, if he's so incompetent, take over yourself.

    arp -a

    Login to the router by plugging it's IP into your browser, then googling the default password.

    If it's not the default you probably have nothing to worry about.

    (For anyone who may be angry at me for telling him this, anyone who has a default password may as well be leaving their wifi open to the world.)

    Of course, if you change the password from the default you'll have to let the owner know you did so, otherwise he won't be able to authenticate to it.

    All other security issues aside, one reason to do this is that a special brand of jerks make it a hobby to go around locking people out of their routers, because they can.

    Nothing can fix your untrustworthy ISP, besides maybe tunneling.
    I believe he is capable of being competent, he is just lazy...I don't even think he owns the rights to his operating system.
    I will look up some info on tunneling, maybe a daisy chain also.
    If you do not mind me saying...I love your sig!!!
    Namaste

  9. #29
    Join Date
    Jun 2011
    Beans
    32
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Can anybody help a noob?

    I read your advice thoroughly and I apologize for the prior comment....but I am still a bit suspicious of your location/knowledge/and small time you have been here.
    You joined about 6 days after me and hail from a city I have traced over 40% of my attackers from....
    Thank you.
    Namaste.

  10. #30
    Join Date
    Apr 2008
    Location
    Far, far away
    Beans
    2,148
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Can anybody help a noob?

    SSH Tunneling is a good tool to have on your belt and is very useful any time you have to work from an untrusted network, or in a country that doesn't value web privacy. It can be used to secure net traffic between your machine and some distant server that you "should" trust more than your local connection. It will work with any program that supports using a "SOCKS" proxy - which includes most common programs like Firefox, Thunderbird, Skype, etc.

    I won't explain the full setup here as that's available elsewhere on this forum and easily enough via google. But I'll comment on some basics so that more people become aware of what this is and how they can use it.

    Since you are using Ubuntu you already have SSH Client as part of the default install. This is typically used for logging in to remote servers but it also has a "Dynamic Proxy" mode which gives you a local SOCKS proxy with one console command.

    The second part you need is a server "out there on the net" that you "trust". There are services geared directly to this for a low-cost ($3-5/month, eg. Tunnelr.com, Santrex.net, st0rage.org to name just a few) but also you can use any server that you have an account on.

    For example, I use my VPS web server account which costs me $11/mo but I'm already paying for that anyway. I've also had good success using Amazon EC2 which has a one-year free deal (even if not free it only costs pennies/hour to use). The key is to have access to some system that runs an SSH Server (most servers have by default) and that you trust (more or less!) has a good net connection.

    With both sides in place you can run a single local ssh command that starts a local SOCKS proxy - this creates a tunnel between you and your remote server. When you config Firefox to use this proxy it will pass all traffic to the local ssh client, which encrypts it and forwards it thru the tunnel to the server end. At that end it is unencrypted and sent out on the net from there. To the website you visit it looks as if the traffic originates from your server, not your local machine. And anyone between you and your server sees encrypted data - they cannot see who you visit or what you send/receive, only that you are connected to your server.

    For most users once they have a usable server account somewhere (which gives you a userid and password/key) you are ready to go. I'd recommend a couple add-ons to make life easier. First, the "gSTM Tunnel Manager" (from the repos via Synaptics) gives you a nice GUI front end so you don't have to remember SSH commands. Second, the Firefox add-on "Quick Proxy" makes it one-click to toggle Firefox proxy settings.

    With those items you can switch your tunnel on/off in a few clicks.

    Using SSH Tunnels is not just for Firefox but will work with most decent net programs that have config options for a SOCKS proxy. eg. Thunderbird, Skype, Deluge, and many more. It can be used with command line tools too but usually requires more tech savvy to get going.
    Last edited by BkkBonanza; June 23rd, 2011 at 04:03 AM.

Page 3 of 7 FirstFirst 12345 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •