Hello;

If I were to run Linx, connected to the internet, and had a good password (varied caps and numbers), no-one should be able to "hack" into my comp, right? First off, how would people be able to know usernames on the system apart from root? Im assuming they cant, can they? Im asking all of this because Im not sure what the point of a firewall is unless someone has installed a backdoor on your comp, but that would require them having access to the computer...

Im just trying to learn! Anyone have any thoughts on this?

Even well-written software has bugs which could be exploited, and which are discovered from time-to-time and need to be fixed. Not all security holes are purposely-written "back doors" like you seem to assume.

If you were running a service on your computer (web, ssh, whatever), there *may* be security flaws in the software which allow a remote attacker to do unwanted things to your computer.

You would still do well to have a firewall in Linux, to let through only the traffic you want, closing the ports of services you don't need.

Not to mention keeping up to date with the latest security fixes for your software.

Originally posted by skeen
Hello;

If I were to run Linx, connected to the internet, and had a good password (varied caps and numbers), no-one should be able to "hack" into my comp, right? First off, how would people be able to know usernames on the system apart from root? Im assuming they cant, can they? Im asking all of this because Im not sure what the point of a firewall is unless someone has installed a backdoor on your comp, but that would require them having access to the computer...

Im just trying to learn! Anyone have any thoughts on this?

Well as said many time before, no system is 100% secure . Having a password as you describe is a good start.

As with any system, do not run services you do not need, use a firewall and do not forward any ports (unless you specifically need to).

A firewall will not prevent a"back door" to your system. Firewalls are for preventing others from scanning your internal network and allow you control over traffic in/out of your system. If all incoming ports are closed the only way a trojan or such can enter your system is through;

1. An email attachment that you open.
2. A program (ie some kind of warze) you install (knowingly or not).

There maybe others but that's all that comes to mind.

At this point in time viruses and trojans are not that big of a concern so long as you;

1. Do not login as root and run a GUI.
2. Run as a normal user and "su" to root when needing to do root level things.

I expect as the current crop of script kiddies are done teething themselves with windows viruses and trojans. They will get bored and turn their attention more to a challenge like Linux and other Unix type systems.

Hi;

If you were running a service on your computer (web, ssh, whatever), there *may* be security flaws in the software which allow a remote attacker to do unwanted things to your computer.

I just cant understand how a flaw in the software can be so great that it would allow someone to access files, etc.

A firewall will not prevent a"back door" to your system. Firewalls are for preventing others from scanning your internal network and allow you control over traffic in/out of your system.

Why does Linux make it possible for one to scan someones internal network though?

Thanks for the replies.. Im learning. ;)

Originally posted by skeen
Hi;



I just cant understand how a flaw in the software can be so great that it would allow someone to access files, etc.



Why does Linux make it possible for one to scan someones internal network though?

Thanks for the replies.. Im learning. ;)

To answer your first question would take a lot explaining about how software is written, how operating systems handle coding errors and any number of other related matters. If you really want to know more about that I suggest taking some courses in software developement and/or googling around for those things that interest you.

As for what Linux can do. It is not the only operating system that has software tools for scanning networks. Most such tools were written to assist in troubleshooting network problems and software (network related). One such useful tool is ping.

Ping can help you determine if a workstations NIC, DNS resolving and others things are configured correctly. The tools are not "evil" and are quite necessary for those who need to figure whats going on with their network.

Check out Debian Weekly News (http://www.uk.debian.org/News/weekly/) for an example of how security flaws keep getting spotted in even the best-tested and well-maintained software. I'm sure Red Hat, SuSE, Mandrake and others have just as thorough reporting and bug-fixing systems.

If a linux box is providing a service, then it needs to keep ports open for other computers to access it. eg, run a web-server, and you'll have to have port 80 open, listening for connections from outside. That's just the way TCP/IP works. A firewall lets you carefully control which of these ports you leave open, so you only leave open the ones you really need to.

Of course if you don't run any network server programs, then you can just get your firewall to block all incoming connections.

Ok, thanks alot;

Ill read up on that (been reading up alot lately!)... here is one problem I have though... I would like my friends to access my Linux computer via the internet, so they can have accounts and test out Linux commands on them. There wouldnt be any way for someone to access their accounts would there? Provided they had a good password, I dont see how.

To be completely honest with you, I wouldnt care to much if someone "hacked" into my Linux system, mainly because Im just using it to learn about it... these are just some things that have always interested me.

Originally posted by skeen
Ok, thanks alot;

Ill read up on that (been reading up alot lately!)... here is one problem I have though... I would like my friends to access my Linux computer via the internet, so they can have accounts and test out Linux commands on them. There wouldnt be any way for someone to access their accounts would there? Provided they had a good password, I dont see how.

To be completely honest with you, I wouldnt care to much if someone "hacked" into my Linux system, mainly because Im just using it to learn about it... these are just some things that have always interested me.

On the machine you want them to use, create an account for them. Turn on sshd and at your router forward port 22 to the machine you created an account for them on. Then from their machine they can use something like;

ssh "username"@your.machine

Of course if your ISP uses DHCP you will have to find out what this IP is and give that to your friends. Be aware that IP could change, so if they have connection problems you might want to see if that happened.

If that don't work then search this site for ssh and forwarding.

Thanks alot 'stumbles'. :)

Originally posted by skeen
Thanks alot 'stumbles'. :)

Yer welcome.

Here's an example of a flaw that is quite dangerous (not sure if it's still valid but it was a few years ago).

The finger program. It's a useful network tool for determining user information on a system remotely, however it gives out way too much information. It does, for example, give your username.

Anyway, that's not the point.

The flaw that was found was that if an attacked used finger on a remote machine and then deliberately crashed it, the attacker may end up with a root shell in your machine. Without a password.

This is one reason why SETUID programs that run as root are considered dangerous.

Most people don't run finger since they have no need for it, but some distros install and activate the server by default. With a firewall in place, the finger port would be blocked.

Another reason for using a Firewall is to hide your machine on the Internet. My main server (which acts as a Gateway) has almost all ports "stealthed" which means they do not respond to pings (whether ICMP, TCP or UDP) or any data request. Any incoming data is dropped. In fact, if you were to ping my machine, it wouldn't reply and you wouldn't even know it was there.

James

Another reason for using a Firewall is to hide your machine on the Internet. My main server (which acts as a Gateway) has almost all ports "stealthed" which means they do not respond to pings (whether ICMP, TCP or UDP) or any data request. Any incoming data is dropped. In fact, if you were to ping my machine, it wouldn't reply and you wouldn't even know it was there.

But by this you are in direct violation of the RFC's...???

will this not be a problem??

funkytaz10

Originally posted by funkytaz10
But by this you are in direct violation of the RFC's...???

will this not be a problem??

funkytaz10

Technically yes, making a device un-pingable does go against the RFC that governs ICMP (I think that's what it's called).

Its not really a problem as such though you probably wouldn't want your DNS server (for example) to be un-pingable.

So it really depends on what the machine is being used for. A home PC for example, I don't really see a problem.

I don't see aproblem too, but as i wanted to do this and asked opinions in the smoothwall forum did i get this RFC rule on my back...
and now i am still thinking....
it is not that i have a normal pc running here but to say i am important to the net ??

so i am looking for more opinions....
and what can this rfc do to me, if i decide to ignore the rules??

funkytaz10

Originally posted by funkytaz10
I don't see aproblem too, but as i wanted to do this and asked opinions in the smoothwall forum did i get this RFC rule on my back...
and now i am still thinking....
it is not that i have a normal pc running here but to say i am important to the net ??[?QUOTE]

I doubt anything you are running at home is that important to the net. All the folks at smoothwall are saying is your firewall will not be pingable. That is not going to harm anyone. Now OTH if you were setting up your smoothwall box for remote administration it might cause you problems connecting.

[QUOTE]so i am looking for more opinions....
and what can this rfc do to me, if i decide to ignore the rules??

funkytaz10

The RFC (Request For Comments) isn't going to do anything to you. The RFC's are simply standards documents (and there a a slew of them) the specify how all the network/internet protocols are supposed to function.

You really only need to be concerned about them if you are setting up an authoratative DNS server, you are an ISP, setting up an email server, a web server, etc.

In the case of ping, nothing will happen.

BTW RFC's are listed here in case your interested-

http://www.ietf.org/rfc.html

quote:
On the machine you want them to use, create an account for them. Turn on sshd and at your router forward port 22 to the machine you created an account for them on. Then from their machine they can use something like;

ssh "username"@your.machine

This will work if they also are using a linux distro. If they are using windows, they will have to install a program called "putty" to ssh into a linux box.

so use telnetd.

Hey, if you don't mind being hacked into... ;)