How can I inmprove / test my level of Internet / email security?
To all, As I am running SuSE8.2 exclusively at home I was wondering how safe I was with regards to Internet and email usage, especially as I had my CPU maxed out last night on gkrellm, till I killed Mozilla (version Mozilla 1.4b - thanks to James Ogley ...). Note : I have set up SuSEFirewall for a Single User ADSL line, but Internet seems awful slow at times lately... I would therefore like to submit the following questions for this list's experts: 1) How can I check / improve my level of Internet / email security? I don't do anything except installations as root and I have already tested mozilla and konqueror using the browser security testing site located at: http://webtest.scanit.be/bcheck/ Nice site. Both mozilla and konqueror pass with 0 errors. Wow! thats way better than IE at the office... 2) Does anyone know of a list of bad sites, or a test sites with various exploits, or else give me some specific URLS that I can test my setup against? 3) What is your specific setup with regards to Internet and email security.. This is what I have done to date... - I use SuSEFirewall - I installed Ntop and I configured it to run off boot.local. This allows me monitor the size of Local <=> Remote network echanges. This is an attempt to make sure that no script kiddies are trying to hit me up... -I installed Nmap and run Nmap from time to time... I just wanted to see what SuSEFirewall leaves open... -I downloaded and ran chkrootkit-0.40 to check out my system... 4) Are most SuSE users using an integrated antivirus program? Under Windows I religiously updated Nortons every two weeks, however, under SuSe I have never used an anti-virus program... 5) Any recommandations for a home ADSL user with regards to solutions offered by Vexira Antivirus for Linux F-Prot Antivirus RAV AntiVirus RAE AntiVirus 4) Any other ways I can strengthen my security... Any help / comments would be greatly appreciated. James
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 14 May 2003 16:45, James PEARSON wrote:
To all,
As I am running SuSE8.2 exclusively at home I was wondering how safe I was with regards to Internet and email usage, especially as I had my CPU maxed out last night on gkrellm, till I killed Mozilla (version Mozilla 1.4b - thanks to James Ogley ...).
Note : I have set up SuSEFirewall for a Single User ADSL line, but Internet seems awful slow at times lately...
I would therefore like to submit the following questions for this list's experts:
1) How can I check / improve my level of Internet / email security?
I don't do anything except installations as root and I have already tested mozilla and konqueror using the browser security testing site located at: http://webtest.scanit.be/bcheck/
You can test all the service ports (0-1054 IIRR) here-> http://nanoprobe.grc.com/
2) Does anyone know of a list of bad sites, or a test sites with various exploits, or else give me some specific URLS that I can test my setup against?
3) What is your specific setup with regards to Internet and email security..
This is what I have done to date... - I use SuSEFirewall
Go into YaST2 and click on the security settings again, then firewall, and it will pop up a dialogue saying if you continue, it'll stop using SuSE Personal firewall, and install SuSEFirewall2, then it'll walk you through a few simple questions, click finish and that's it. Does a fine enough job for *me*, but I'm on dial-up, and not sure if it'll need any more tweaking for DSL or Cable setups...someone will tell you I'm sure, heh.
-I downloaded and ran chkrootkit-0.40 to check out my system...
I do this also every once in a while, but I'm pretty sure that as a regular home user, and careful about what I download and from where, I won't ever have to worry about this kind of thing hitting me.
4) Are most SuSE users using an integrated antivirus program?
You're not in Windows anymore Dorothy (just kidding). Unless you're running your Linux box as a server of some kind for a Windows box or network of them, you don't need an AV. I've used SuSE from 7.3 up to 8.2 (skipping 8.1) and have installed junk from all over the place (yeah...sometimes just downloading something just for the heck of it to try it out and see what it's like)...never had anything like a virus or worm or anything else bother me or my system.
5) Any recommandations for a home ADSL user with regards to solutions offered by Vexira Antivirus for Linux F-Prot Antivirus RAV AntiVirus RAE AntiVirus
4) Any other ways I can strengthen my security...
Any help / comments would be greatly appreciated.
James
There should be a thing called 'harden-suse' on the DVD's or CD's IIRR, this would make it more secure in the sense that it'd tighten up how the user(s) could do *anything* as root, etc...at least as far as I'm able to understand that that's what it does, LOL. John - -- A butterfly is: Pretty,soft,harmless...and useless, just like M$N. My Penguin and my Gecko eat butterflies. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+wtOiH5oDXyLKXKQRArnpAJoDEycSYMkqr9Ipb6t2TcFqZq7r9QCeKvEN hpjkwSeqdyUGFHLCxNMnu4A= =8a3I -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 14 May 2003 04:39 pm, John wrote: > On Wednesday 14 May 2003 16:45, James PEARSON wrote: > > To all, > > > > As I am running SuSE8.2 exclusively at home I was wondering how > > safe I was with regards to Internet and email usage, especially as > > I had my CPU maxed out last night on gkrellm, till I killed Mozilla > > (version Mozilla 1.4b - thanks to James Ogley ...). - ----------snip------------- > There should be a thing called 'harden-suse' on the DVD's or CD's > IIRR, this would make it more secure in the sense that it'd tighten > up how the user(s) could do *anything* as root, etc...at least as far > as I'm able to understand that that's what it does, LOL. I would suggest that one not take running "harden suse" lightly, make sure you understand what it does before using it or you might find yourself with a very secure machine that doesn't do the things you what it to anymore. I haven't checked it out lately but I did use it when I first tried SuSE7.2. I don't remember exactly what the results were but they weren't what I was looking for. dh Don't shop at GoogleGear.com! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+wzD6BwgxlylUsJARAsv8AKCeulT6ys0Y3szFC8CkT2+EoXYKfACfQoHk aFroE+CZtwMyk1ZwgeHS/ro= =xouf -----END PGP SIGNATURE-----
Just a few thoughts from the POV of a Sys Admin/Security Professional...
I have set up SuSEFirewall for a Single User ADSL line, but Internet seems awful slow at times lately...
ADSL's like that ;-)
1) How can I check / improve my level of Internet / email security?
Various ways...
2) Does anyone know of a list of bad sites, or a test sites with various exploits, or else give me some specific URLS that I can test my setup against?
Not off the top of my head, but if you subscribe to Bugtraq (via www.securityfocus.com) then as new exploits are found, proof of concept & test code tends to be made available there.
3) What is your specific setup with regards to Internet and email security..
That would be telling
-I installed Nmap and run Nmap from time to time... I just wanted to see what SuSEFirewall leaves open...
Where do you run it from? You want t orun it from a machine on the hostile side of the firewall - ie the internet, and if you can arrange it/afford it (if you opt for a professional to do it)/your ISP approves (your ISP seems perfectly happy with port scanning - we detect plenty of them from it ;) ) get a full nessus scan and vulnerability/intrusion test done.
-I downloaded and ran chkrootkit-0.40 to check out my system...
Make sure you keep that up to date
4) Are most SuSE users using an integrated antivirus program?
Actually, I don't, but then I'm really careful about what I run.
Under Windows I religiously updated Nortons every two weeks, however, under SuSe I have never used an anti-virus program...
Only every two weeks? Our Windows machines at work update their virus definitions every two HOURS
4) Any other ways I can strengthen my security...
Disconnect from the internet? ;) Nah, make sure your firewall only allows access to the ports you want to be visible from the internet, and that you make sure it's totally up to date with the latest patches for everything. Disallow traceroute as this potentially allows an attacker to understand how to get to your machine. Drop rather than reject unwanted packets - rejecting confirms that the machine is there and alive, and can aid in OS identification, dropping just causes packets to 'vanish'. On any services visible to the internet, obscure version numbers wherever possible. James -- James Ogley, Webmaster, Rubber Turnip james@rubberturnip.org.uk http://www.rubberturnip.org.uk Jabber: riggwelter@myjabber.net Using Free Software since 1994, running GNU/Linux (SuSE 8.2). GNOME updates for SuSE: http://www.usr-local-bin.org
On Wed May 14 2003 4:45 pm, James PEARSON wrote:
To all,
snip<
4) Any other ways I can strengthen my security...
Any help / comments would be greatly appreciated.
James
You are on the right track. I'm not even close to being an expert but what works for me might work for you too. For newbies/friends/relatives/clients I always recommend getting a SOHO type hardware cable/dsl router/firewall/switch between your cable/dsl modem and your system(s). Linksys, Netgear, SMC and lots of others have these available with Ethernet switches with from 1 to 8 10/100 ports and some even have a wireless access point. Netgear and Linksys also have VPN endpoint servers built-in with 8 to 70 or more possible VPN tunnels. If you keep their firmware up-to-date and don't trust them 100% they are very good at blocking most unwanted traffic from the internet. They do introduce another level of complexity when you want to open TCP/UDP ports for specific services on your system(s) to/from the internet such as http, VPNs, mail, SSH. When you want acces to your home system(s) from work for example. The protection they do provide I believe is worth the extra cost even though you have one more device to maintain. Keep learning about firewalls in general, especially Linux firewalls, since they will be more configureable than most affordable SOHO hardware devices. And you'll know what to watch out for. Stan
participants (5)
-
David Herman
-
James Ogley
-
James PEARSON
-
John
-
Stan Glasoe