Posts Tagged Computer Safety
Keep Your Unix-Based System Safe This Summer (Part2)
Posted by Mourad Ben Lakhoua in Best Practices, Open-Source, Operating System, Safety rules, Software Security on July 5, 2010
System monitoring is the most important method for detecting all kinds of Trojans, viruses and any malicious activities on the system.
Maintaining control over file integrity can be acheived by installing a tripewire which has the ability to detect changes on each system on which it is installed, checks the integrity of normal binaries and reports any changes to syslog or by email, and alerting users to intrusions and unexpected changes with the available source code.
After installing the tripwire (using command: $ Sudo apt-get install tripwire) you will need to answer some questions regarding the configuration, and by the end you need to enter a password of at least 8 characters (twice).
The script generates keys for your site (host) and then asks you to enter a password (twice) for local use. You should then back up and delete the original plain-text files installed on the system.
Developers have made the appropriate policy for all files and configurations, but if you need to update or change something you can make the change at the file in /etc /tripwire/tw.pol.
Actually, the tripwire creates a database with snapshot of your file system, it uses this baseline along with the encrypted configuration and policy settings under the /etc/tripwire directory to monitor the status of your system.
Now you can perform a test scan:
$ Tripwire – check
The check will be on a daily bases and will report all changes, including the normal tasks allowed once like editing system configuration files, installing packages, etc … and all reports on the changed files will be sent to the root by email.
Final three points are:
* Keeping track of all access accounts, all important system configuration files should be readable and writable only by root. Home directory can be accessed only by you (600).
* Do not place users in many groups because group membership gives users special access to files and directories which are permitted to that group. Such as operator, audio, etc, this can creates a hole and gives user a special privilege not needed.
* Root privileges are needed only when they are really required. No need to run commands as root and if you really need to install or manipulate something, use sudo.
So make sure to apply all these security rules for a safe 2010 Summer.
make sure you subscribe to my RSS feed!
(Picture from Scott Ableman)
Keep Your Unix-Based System Safe This Summer (Part1)
Posted by Mourad Ben Lakhoua in Best Practices, Open-Source, Safety rules on June 27, 2010
Protecting your systems against all manner of intrusions will provide more safety for your virtual life, by using complex passwords and a regular file check against changes, plus restricting anything and everything will keep these threats away.
Computersremain the easiest point to compromise if there is a physical access. At schools, universities, cafes or the airport many people use their computers without locking the session.
Lock screen comes as the first and most important reflex to protect your machines physically. Locking the screen is possible over a keyboard combination:
Ctrl+Alt+L (KDE and Gnome) and Ctrl+Alt+Del (Xfce). The same can be done from the command line: KDE $ qdbus org.freedesktop.
ScreenSaver / ScreenSaver Lock
Gnome $ gnome-screensaver-command-l
Xfce $ xflock
For other cases, you can use the command:
$ Xscreensaver-command-lock
Or you can install program from xlock, xscreensaver if not activated. The console is an analog vlock. This will help in Locking Popular text window managers, such as GNU Screen and Tmux that we mentioned on a previous post.
Locking the screen will not bring much benefit if we are keeping the Boot from CD/USB on Bios level enabled, because there are many Linux Live CD that can help in removing different session passwords.
Booting from any media except from the hard disc should be disabled, and set a password on the CMOS setup. For better reliability, reset the file/etc/security where entry is possible under the account root.
If a person managed to steal your password, you can use command last to display a list of all users logged in (and out) since that file was created or check file (~ /. history, ~ /. bash_history) for logs.
Then there are some important things to do while Installing or using the system:
1 – Do not click on icons that you do not know, as various malicious commands UNIX-shell that can be masked.
2 – Do not use the configuration files without reading them.
3 – Do not install software patches without reading their contents, or at least make sure that they were obtained from reliable sources. There is no guarantee that the patch does not contain backdoors, malicious code.
4 – Do not install packages manually from other websites. All normal distribution has a remote repository, in which all packages have a verification hash code. In an extreme case, download the package from sites that identify themselves using certificates.
5 – Always download into a temporary subdirectory of your home directory and check their content before unpacking.
6 – Create a file «-i» in the root directory (touch /-i). This will make as user permission before deleting each file in the root directory.
In next part we will be looking further for different configuration to make your Unix-Based system safe this summer.
make sure you subscribe to my RSS feed!
Conficker.C Overview
Posted by Mourad Ben Lakhoua in News on March 26, 2009
Researchers at SRI International updated their Conficker paper. They have provided a very useful analysis of the Conficker malware.
The last variant of Conficker, referred to as Conficker C leaves as little as 15% of the original B code base untouched the main purpose of the Conficker is to provide the authors with a secure binary updating service that effectively allows them instant control of millions of PCs worldwide.
Through the use of these binary encryption methods, Conficker’s authors have taken care to ensure that other groups cannot upload arbitrary binaries to their infected drone population, and these protections cover all Conficker updating services: Internet rendezvous point downloads, buffer overflow re-exploitation, and the latest P2P control protocol.
Conficker authors have devised a sophisticated encryption protocol that is generally robust to direct attack. All three crypto-systems employed by Conficker’s authors (RC4, RSA, and MD-6) also have one underlying commonality and the discovery of MD-6 in Conficker B is indeed highly unusual given Conficker’s own development time line.
Source: [SRI International]
SUBSCRIBE
Latest Comments