Re: Security Questions

To: debian-user@lists.debian.org
Cc: "Thomas H. George,,," <georgeacct@spininternet.com>
Subject: Re: Security Questions
From: Jonathan Matthews <jaycee.removeifnotspam@jaycee.uklinux.net>
Date: Sun, 6 Apr 2003 14:46:12 +0000
Message-id: <[🔎] 20030406144612.GI32281@bigdaddy>
In-reply-to: <[🔎] 3E90352B.6040602@spininternet.com>
References: <[🔎] 3E90352B.6040602@spininternet.com>

On Sun, Apr 06, 2003 at 09:09:47AM -0500, Thomas H. George,,, wrote:
> I have read Security-Quickstart-HOWTO.
> 
> I believe my home network has been compromised (my daughter received 
> returned emails she neversent) and plan to take drastic action.  The 
> network consists of DSL modem, a wireless router and four computers.  I 
> have no concerns about the family members and the houses in the 
> neighborhood are widely separated so it is very unlikely that the 
> wireless connection has been used by outsiders.  The DSL link to the 
> internet is my concern.  Here are my quesions:
> 
> 1.  How to erase hard drives?  I plan to pull one computer off line and 
> reinstall Debian Woody and Windows from CD's (Regretably I still need 
> Windows for a few applications).  Is reinstallation enough or must, and 
> can, the hard drives be wiped clean of any residual programs?

Using Debian's installation program you can zero out all partitions 
easily (skipping, say, existing /home partitions ) and reinstall what 
you need on them.  I don't believe that you need to do a low-level wipe 
of the disk.  If you boot from CD 1, then even code/a virus in the 
boot sector of the disk won't be executed.

> 2.  What is the best Firewall?  I have an old Compaq 486 machine with no 
> math coprocessor.  I assume I can install two ethernet cards (I believe 
> it has two PCI slots, must look though), load Woody, set up iptables and 
> a sniffer and place it between the DSL modem and the wireless router.   
> When I am ready to put this firewall in place I have all the computers 
> off line.  I will bring up the one that has its operating systems and 
> applications reinstsalled from CD's and download all the security 
> updates from Debian and Microsoft.  The procedure can then be repeated 
> for the other computers.

My firewall here:
Dell 486sx/25Mhz, 1.2GB disk, 2 ISA NICs - one to the hub, one to my 
cable modem.  PCI would be better, but if your f/w is only used as the 
router between inside and out, then you're unlikely to max out the ISA 
bus.  I don't on my 600kbps connection.

> 3.  DHCP or static addresses?  I have been using static addresses.  I 
> believe I have seen in the references that it is possible to set the 
> wireless router to receive and transmit to these addresses only?  If so, 
> is this the best approach?

DHCP if you'd like to have the ability to plug random PCs into the 
network and have them find it, otherwise you'll not have a problem with 
static addresses.

> 4.  How to deal with a rogue computer?  The fly in this ointment is my 
> grandson's laptop, a gift from his father (my daughter's ex-husband). 
> It came with XP Professional and I don't have the CD's to reistall it. 
> My grandson likes to go on the internet and also use our wireless 
> network to print his homework on one of the printers attached to the 
> fixed computers.  Would it work and not compromise the system if I give 
> it a static address and instruct the other computer's on the network to 
> refuse any transmissions from this address?  And could I then attach one 
> of the printers to the computer serving as the firewall and allow all 
> the computers on the network to use this printer without cmpromising the 
> system? 

Unfortunately not.

I've got this problem with my SO's Win98 laptop.  I just gave it an 
internal address that's iptable'd off by all the other machines.  It 
isn't, though, secure.  Any code that manages to execute on the XP box 
as Windows' equivalent of root (which is usually the result of the next 
exploit du jour) can just send out packets with any source address it 
likes.  Also, it can just sit there and sniff your traffic.

Without two physically distinct networks, you can't (AFAIK) really 
ensure that traffic isn't intercepted, and that traffic actually comes 
from where you think it does.  That's why you should be putting 
everything (even locally) over ssh.  That includes NFS, SMTP, whatever.  
A Bit Of A Bugger(tm), but neccessary.

> I would greatly appreciate responses to the above questions and any 
> recommendations of alternate and, or additonal steps to secure the network.
> 
> Tom George

Hope this helps!

If it's wrong, bring it back for a FULL refund ...

  jc

Reply to:

References:
- Security Questions
  - From: "Thomas H. George,,," <georgeacct@spininternet.com>

Prev by Date: Re: startx problem
Next by Date: Re: Security Questions
Previous by thread: Security Questions
Next by thread: Re: Security Questions
Index(es):
- Date
- Thread