Educating Ourselves on Security Tools and Concepts

For discussions about security.
Post Reply
Message
Author
musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

Educating Ourselves on Security Tools and Concepts

#1 Post by musher0 »

Hello all.

If you're like me, you probably know very little about Internet Security,
except for the general concepts (of which i have a generally fuzzy idea...).

The recent thread on the Mirai malware initiated by Mike7 made that
painfully obvious. "Besides lsof, what do I know, eh?" :roll:

So I thought of sharing a couple of starting points I found --

Here's a list of 10 security-oriented Linux distros:
http://www.techradar.com/news/software/ ... fs-1292902

And here's a list of apps focusing on security:
https://github.com/Security-Onion-Solut ... wiki/Tools

Hopefully this thread can grow. Please feel free to add below any "good
read" you come across. With a short description for newbies would be
nice! :) Thanks in advance.

BFN
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#2 Post by rufwoof »

Frugal boot is great for security. Just boot in read only mode, but where you can update/remaster/whatever that and you can both reboot a pristine version each and every time, and easily upgrade that. Boot fresh image, first check for updates and save if updates occur ... but otherwise don't save. That way you always boot a factory fresh image, and if you do catch a virus then that only persists for the single session (reboot, go straight to your bank or whatever and nowhere else beforehand, and little chance of being hacked (best to also reboot again afterwards to ensure all secure stuff is removed from cache/memory)).

If for other stuff/browsing, you just assume that your system might have been compromised, as though you were using a public PC, then generally you'll be fine.

The main issue then becomes how secure is the factory fresh image. Whilst that can be compromised, for larger distros any security holes sooner or later tend to be identified/fixed (not much you can do about such weaknesses as if all the experts looking at such common code don't spot a problem then as a individual you have near zero chance of identifying a problem in the factory fresh image yourself).

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#3 Post by rufwoof »

Our home network has the main router (cable modem) with wifi activated, so all domestic appliances that use wireless access via that. Out of that router one of the wired connections connects to another router, which is used for all hard wired (ethernet) connections (desktops) and wireless is deactivated. Admin is restricted to physical connected only (no remote or wireless based router administration of that second router). On top of that each PC has its firewall activated.

That double router approach best ensures the stability/safety of the second router. For online banking only connecting from a clean system (frugal booted/factory fresh) that's hard wired to a clean router enables keys to be exchanged and secure encrypted sessions end (home) to end (bank) established.

User avatar
drunkjedi
Posts: 882
Joined: Mon 25 May 2015, 02:50

#4 Post by drunkjedi »

Few days ago while reading about anonymous browsing and tails distro.
I came across orbot and orfox for Android.
orbot is a proxy to use tor networks, and orfox is Firefox edited to use tor networks and onion sites.

There's also Tor bundle to use on Linux distros.
Someone did make one for puppy too last year, I think.

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#5 Post by 8Geee »

In spite of what security measures can be done to the OS, the browser is the gateway. I would recommend getting "under the hood" of the configuration of the browser and nix some of the "default" settings.

My scope is limited to Firefox, but even a long read through about:config is enlightening. In many cases FF allows seaarch engines the "Right of Way" when online. Removing search engine "help" is essential. Another object is to disable ID-broadcasting by items such as SYNC, HELLO, and WALLET. A rule of thumb is if you don't use it... disable it.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

#6 Post by labbe5 »

The end user of any distro should update frequently, use a Virtual Private Network, use secure encrypted hotspots with password , use some apps such as Firejail, firewall such as ufw, a good browser such as Firefox with some privacy and security plugins (Ublock, etc) and you are done.

The hard stuff is for developers.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

auto-install security updates on Debian and Ubuntu

#7 Post by labbe5 »

http://www.tecmint.com/auto-install-sec ... s+Guide%29

Here is a technical article about how to install and configure unattended-upgrades.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#8 Post by Flash »

Does any of it apply to Puppy?

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#9 Post by musher0 »

Hi labbe5,

Flash has a point, because the apt utility is for ubuntu-type distros only,
AFAIK. So it's useless in Puppy. Also, updates alone can only go so far
as security goes.

@all:
I was hoping someone would bring up the concepts of defensive-security
and offensive-security, with maybe a description of a couple of apps in
those areas, as examples that we can use on Puppy.

Mike7's thread on Mirai really got me thinking. Sure Puppy is not a "thing"
in the "Internet-of-Things" sense, and Puppies' name and password were
not in the Mirai list. I very much feel that the moral of that story is:
we were lucky this time.

To sum up:

-- 8Gee is right, the browser is a big part of computer security. If you
browse anonymously, nobody can trace you and that's a good thing.

-- Also, as rufwoof mentioned, using a frugal install with good methodical
back-ups of pupsave files will reduce to almost nothing the downtime if
you should be infected by anything.

That said:

-- None of the above -- regular updates, good browser and good back-up
practices -- can prevent your Puppy ports from being "visited" and maybe
used for a Denial-of-Service attack on some poor guy's site, or for
sniffing your data and breaching your privacy.

Are you getting my meaning?
Is a red light lighting up over someone's head already? :)

IMO, this points to the question, for starters:
-=> How good is Puppy's firewall?

Mirai, for ex., used a number of ports to relay its Denial-of-Service
attack. If something similar happened again, could Puppy block them
efficiently? Is there an app that Puppy can use which senses "illegal" use
of ports and reacts accordingly?

As I said in my OP, please continue to inform Puppyists on this thread of
any "good read" on security that you come across. It's really appreciated.
But I wouldn't mind at all someone knowledgeable instructing us about
defensive security apps on Puppy and strengthening our firewalls.

Thanks in advance.

BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#10 Post by Lobster »

Guys I created the easily modifiable GROWL for Puppy security

http://www.murga-linux.com/puppy/viewto ... 7&t=100228

I am now using Qupzilla as my browser and an Ipad as my main computer.

Somebody recently offered me a free copy of Windows [lobster spits] I have not used Windows since XP ...

My browser was hijacked and locked by a javascript scammer. Telling me my Windows machine was being locked by Microsoft to protect me. How I laughed.

I do not use GROWL because I tend to boot puppy from DVD - fresh each time, with a config file saved on the hard disk . . .

Puppy is innately secure because we have educated Linux users. Puppy taught me to be aware that security is a state of mind and knowledge of real threats to our security. Like for example the virus known as pResident Evil Trump . . . :D
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

kjdixo
Posts: 153
Joined: Sun 13 Sep 2009, 21:13

#11 Post by kjdixo »

Intended for windows users but useful, educational and informative nevertheless.
It might give you a false sense of security though, if the real threat is already sitting on your system factory fresh and well hidden.
https://www.grc.com/
The online scan 'Shields Up' checks your open / closed / stealthed ports.
Attachments
shields-up-grc.png
(53.28 KiB) Downloaded 308 times

User avatar
Burn_IT
Posts: 3650
Joined: Sat 12 Aug 2006, 19:25
Location: Tamworth UK

#12 Post by Burn_IT »

It might give you a false sense of security though, if the real threat is already sitting on your system factory fresh and well hidden.
Same as any test on any system, especially Linux, where malware tests are less common.
"Just think of it as leaving early to avoid the rush" - T Pratchett

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#13 Post by musher0 »

Many thanks, lobster.

Good to know you produced an update of your excellent script.

For people's convenience, here is a zip file of it and a couple of screen shots.

Don't fuss if you see a mention of "slacko", any Puppy can GROWL!

If anyone has an icon and a desktop entry, we could make it into a pet!

BFN.
Attachments
lobster's_growl-1.8_2016-11-11.jpg
(9.06 KiB) Downloaded 292 times
lobster's_growl-1.8_2016-11-11(2).jpg
(10.91 KiB) Downloaded 304 times
GROWL-1.8.sh.zip
Unzip in /usr/local/bin and make executable.
(2.17 KiB) Downloaded 86 times
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#14 Post by musher0 »

Hello all.

I rediscovered BK's PuppyLinux FAQ. All of it is a good read -- if only to brush
up on Puppy concepts and how-to's. But for the purposes of this thread,
please go half-way down the page, to the question entitled "Security Concerns".

In the sidebar you can read:
(...)However, I then ran the "Puppy Firewall Wizard" and accepted the
default totally secure mode, then rebooted. I am connected to the
Internet by dialup modem and using Mozilla. ShieldsUp! now reports that
my computer is totally absolutely 100% invisible. It simply doesn't exist
(apart from providing its IP address and responses of the browser).
All ports are in "stealth" mode, meaning Puppy doesn't respond to any
probe, nor does Puppy respond to pinging.
(...)
(Underlining by me.)

Any more questions about Puppy's safety, anyone? Not that we should
ever become lax about Internet security on PuppyLinux or any other OS,
but the result of BK's test is quite reassuring and encouraging. As
Puppyists, we have a very good base, an "invisible" base.

BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

Educating Ourselves on Security Tools and Concepts

#15 Post by Sky Aisling »

Does this effect Puppy in anyway?

Elegant 0-day unicorn underscores “serious concerns

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#16 Post by musher0 »

Hello, Sky Aisling.

If I understood the article correctly, it uses GStreamer as a vector. If you
have "Secrets of State" stored somewhere on your computer :) , for the
time being avoid any program that's GStreamer-based?

Very few Puppies if any come with the GSTreamer suite by default. If that
news makes you nervous, use Sound-Exchange (aka SoX), mplayer or
vlc instead of a Gstreamer-based app to play your music or media?

I'm sure the GStreamer programmers will come up with a corrective
shortly. Why not go check on their site now?

I also noticed in the article that this malware has recently been
"published"? It's unclear to me if that means it's a proof-of-concept thing,
a lab experiment or a real "out there" bug -- or if some kiddo just wants
his / her 10 minutes of fame.

If it was a POC thing or an experiment, I wouldn't worry about it.

As you no doubt already know any code of any OS can be deflected for
evil purposes.

That said, I'm quite sure that 01micko and the other programmers at the
top of the Puppy-building chain take extreme care NOT to include
malware of any kind in Puppies.

If you need extra reassurance, install the real lsof utility (please see
above), and check every now and then if there is outgoing activity on
your line while you are running a GStreamer-based app.

If nothing abnormal shows in the lsof report after using it 2-3 times,
again, I wouldn't worry about this.

IHTH.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

Post Reply