Re: Security Questions
Quoting Thomas H. George,,, <georgeacct@spininternet.com>:
> I have read Security-Quickstart-HOWTO.
>
> I believe my home network has been compromised (my daughter received
> returned emails she neversent) and plan to take drastic action. The
> network consists of DSL modem, a wireless router and four computers. I
> have no concerns about the family members and the houses in the
> neighborhood are widely separated so it is very unlikely that the
> wireless connection has been used by outsiders. The DSL link to the
> internet is my concern. Here are my quesions:
>
As others have said, look carefully at the headers of the "returned"
e-mail. The most likely cause is a virus on a computer that has your
daughter's e-mail address in the address book. Spammers are another
possibility.
> 1. How to erase hard drives? I plan to pull one computer off line and
> reinstall Debian Woody and Windows from CD's (Regretably I still need
> Windows for a few applications). Is reinstallation enough or must, and
> can, the hard drives be wiped clean of any residual programs?
>
Re-installation is not enough. Yes, residual programs can be a
problem. You must do a clean install or new install so all partitions
are re-formatted. For the paranoid/suspicious, use "wipe" on all
partitions after booking from a rescue floppy with the wipe
package/program installed.
> 2. What is the best Firewall? I have an old Compaq 486 machine with no
> math coprocessor. I assume I can install two ethernet cards (I believe
> it has two PCI slots, must look though), load Woody, set up iptables and
> a sniffer and place it between the DSL modem and the wireless router.
> When I am ready to put this firewall in place I have all the computers
> off line. I will bring up the one that has its operating systems and
> applications reinstsalled from CD's and download all the security
> updates from Debian and Microsoft. The procedure can then be repeated
> for the other computers.
>
This sounds good. Before you do it, check for compromised computers.
It is a lot of work and you will almost certainly leave some data
behind. I would do this if I didn't have backups only if I know there
are compromised computers. And be very careful of what you restore
off the backups. It may be compromised (viruses & trojans).
Most wireless routers have firewalls built in. These are adequate for
home networks. Just make sure the firmware is up to date.
> 3. DHCP or static addresses? I have been using static addresses. I
> believe I have seen in the references that it is possible to set the
> wireless router to receive and transmit to these addresses only? If so,
> is this the best approach?
>
My experience is use static addresses for static computers and dynamic
for visitors.
> 4. How to deal with a rogue computer? The fly in this ointment is my
> grandson's laptop, a gift from his father (my daughter's ex-husband).
> It came with XP Professional and I don't have the CD's to reistall it.
> My grandson likes to go on the internet and also use our wireless
> network to print his homework on one of the printers attached to the
> fixed computers. Would it work and not compromise the system if I give
> it a static address and instruct the other computer's on the network to
> refuse any transmissions from this address? And could I then attach one
> of the printers to the computer serving as the firewall and allow all
> the computers on the network to use this printer without cmpromising the
> system?
>
Scan it with nmap and see what ports are open. If there is nothing
exploitable beyond ports 137-139 open, I'd assume it has not been
compromised. It is reasonable to have firewalls on all computers on
the wireless network. Tighten them up until something breaks, then
relax that bit.
> I would greatly appreciate responses to the above questions and any
> recommendations of alternate and, or additonal steps to secure the network.
>
> Tom George
>
>
Check the returned e-mail headers! The most likely cause is a virus
on someone else's computer.
HTH,
Jeffrey
Reply to: