Bruno Wolff III wrote:
On Sat, Apr 29, 2006 at 05:45:10 +0200,
"A.J. Bonnema" <abonnema@xxxxxxxxx> wrote:
What I wonder about is the following:
* given that all ports are closed to external contact through a physical
allbeit consumer oriented firewall, just means I am safe for
port-scanners. But does it mean that I am safe from cracker systems /
programs? Is there a way to break in, without allowing external contact
through one of the ports? (not including trojans and the like).
Since the firewall lets some packets through, there is a vector to
compromise your system using the network connection. Blocking inbound
connections reduces the risk a lot. You don't say what the firewall does
for UDP (which is connectionless). If it passes any UDP packets through
(or ICMP packets), then if there were bugs in your network stack or if
you have processes listening for UDP requests with bugs, you could be attacked
that way.
AFAIK my firewall has all ports closed for both TCP and UDP. However, I
have no means of checking that this is true. Through the site "Shields
Up" (www.grc.com) I have been able to check that *some* UDP ports are
closed (windows related), but that is no surprise as I run FC5 and the
Windows machines are currently not connected.
* A second issue is: suppose I would force my family to use really
random passwords (like characters picked from a one-time pad). And now
suppose I lose my root-password: would I be able to rectify this,
without destroying the data?
You have physical access to the machine right? Unless you have encrypted
file systems, you can boot in single user mode and change the password.
Have a boot loader password? Boot off a rescue/live CD.
Have the BIOS set only to boot off the first disk drive, password protected
and you forgot the password? Pull the battery and the BIOS will reset to
a state where you can change boot device settings.
Thanks, that is what I needed. So actually I *can* use a strong password
and if I lose it, no sweat, I can use the rescue disk to change to
password file.
If your firewall is blocking inbound connections, it sounds like you aren't
expecting your family memebers to connect to your machine remotely. If that
is the case then they don't need particularly strong passwords (since they
have physical access, there isn't a lot of point of having them even to
protect against each other). If you go this route, you should take some
extra steps to prevent remote connections on your box in case something
happens to the firewall.
Yes, currently I have no external connections. However, I would very
much like to be able to ssh into my computer, remotely. Because of the
security implications and my current lack of knowledge I have chosen to
keep it closed for the moment.
I was checking out some kind of door-knocking protocol, but that is
where the commercial firewall gets in the way: there doesn't seem to be
a way to implement this, short of replacing the firewall completely (by
opening all ports and sending them through to one of my PCs).
Guus.
--
A.J. Bonnema, Leiden The Netherlands,
user #328198 (Linux Counter http://counter.li.org)
