Re: On passwords, securtiy and real -sweat, blook and tears- life

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bruno Wolff III wrote:
On Sat, Apr 29, 2006 at 05:45:10 +0200,
  "A.J. Bonnema" <abonnema@xxxxxxxxx> wrote:
What I wonder about is the following:

* given that all ports are closed to external contact through a physical allbeit consumer oriented firewall, just means I am safe for port-scanners. But does it mean that I am safe from cracker systems / programs? Is there a way to break in, without allowing external contact through one of the ports? (not including trojans and the like).

Since the firewall lets some packets through, there is a vector to
compromise your system using the network connection. Blocking inbound
connections reduces the risk a lot. You don't say what the firewall does
for UDP (which is connectionless). If it passes any UDP packets through
(or ICMP packets), then if there were bugs in your network stack or if
you have processes listening for UDP requests with bugs, you could be attacked
that way.


AFAIK my firewall has all ports closed for both TCP and UDP. However, I have no means of checking that this is true. Through the site "Shields Up" (www.grc.com) I have been able to check that *some* UDP ports are closed (windows related), but that is no surprise as I run FC5 and the Windows machines are currently not connected.


* A second issue is: suppose I would force my family to use really random passwords (like characters picked from a one-time pad). And now suppose I lose my root-password: would I be able to rectify this, without destroying the data?

You have physical access to the machine right? Unless you have encrypted
file systems, you can boot in single user mode and change the password.
Have a boot loader password? Boot off a rescue/live CD.
Have the BIOS set only to boot off the first disk drive, password protected
and you forgot the password? Pull the battery and the BIOS will reset to
a state where you can change boot device settings.


Thanks, that is what I needed. So actually I *can* use a strong password and if I lose it, no sweat, I can use the rescue disk to change to password file.

If your firewall is blocking inbound connections, it sounds like you aren't
expecting your family memebers to connect to your machine remotely. If that
is the case then they don't need particularly strong passwords (since they
have physical access, there isn't a lot of point of having them even to
protect against each other). If you go this route, you should take some
extra steps to prevent remote connections on your box in case something
happens to the firewall.


Yes, currently I have no external connections. However, I would very much like to be able to ssh into my computer, remotely. Because of the security implications and my current lack of knowledge I have chosen to keep it closed for the moment. I was checking out some kind of door-knocking protocol, but that is where the commercial firewall gets in the way: there doesn't seem to be a way to implement this, short of replacing the firewall completely (by opening all ports and sending them through to one of my PCs).


Guus.
--
A.J. Bonnema, Leiden The Netherlands,
user #328198 (Linux Counter http://counter.li.org)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux