Slashdot Mirror
Just How Paranoid Are You?
An anonymous reader writes "We all understand the need for security in a corporate environment. Personal computers, however, typically don't have nearly the amount of sensitive information (or it's at least less damaging if found). How far do you go to protect your computer? I recently went overboard on securing my information (at least as secure as Windows XP can be). I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?"
Security against 'Big Brother' is a myth, especially given that it is very easy for authorities all over the world to label someone a "terrorist", or a "person of interest", and lock him/her up for years without any oversight.
S
Oh yeah, guess all those security vulnerabilites listed on securityfocus are just bogus, eh?
How about unpublished exploits? All those take care of too?
Actually the above post illustrates a problem- giving highly technical advice to the masses. The above post is imformative, but I don't think it addresses the correct audience. What do you do for a family that does not include a security professional in the household? "Don't let your children's friends have unlimited access to the computer" might be more appropriate
This is mildly off topic, but I'll back you up on a recent experience of mine. I've had some intense sinus pressure on the right side of my face, but no pain. My normal GP (who has served me well) dismissed it initially, but after 8 months did little more than keep offering me decongestants. They didn't really help. We stepped through a few other options, including ear infections and a course of antibiotics. Still nothing. A few times I asked the guy if he could just take a look up my nose, it *felt* like there was something there, on the right hand side.
He wouldn't, just told me it would be fine, it's nothing to worry about.
That leads me to poke around with a pair of tweezers up my nose - you know, it's really surprising how much space you have back there if you really concentrate while you're prodding about, to see what is where.
After a couple of attempts I latched onto something that didn't give any feedback of belonging to me - I couldn't feel the tweezing, and it didn't hurt. Giving it a tug I felt a *big* pressure change in my sinus, and pulled slowly. Out came what has to be the filthiest thing from my head. Two and a half inches long, dark green/brown and stained with a little blood on the end, it was close to the consistency of a pencil eraser in parts, moving to the consistency of jello at one end.
Then came the draining. Gack. What looked like 2 tablespoons of pus ran from my nose, which honestly made me feel physically ill. I like squeezing a zit as much as the next person, but this was just a bit much.
Anyway, after an hour I felt awesome. no more pressure on the side of my face, and I swear my eyes focus a little better than they did before. I took the gel-lump into my doctor, told him what it was, how it happened, how it had fixed all the sinus pressure I'd been having.
He didn't think that was the problem.
Go figure. My situation wasn't problematic. I wasn't in pain, I didn't have any long term damage to my health, but still a doctor when presented with symptoms and requests from a patient and ignores them, even when the final cause is discovered isn't someone to keep around, so I changed docs and told him why. Give each doc a good go at solving a problem, but if they insist on sticking on a point that really doesn't feel right, do change.
Why do you think only "corporate" (which seem to be big iron since you contrast it to "personal computers") have sensitive data?
What about doctors? Lawyers? Accountants? Schools? Bookstores? etc.
If you've been paying attention to the news you'll know that every so often somebody buys a used computer disk and finds the results of STD tests (including AIDS) for tens of thousands of people. Or the name, address and credit card information for thousands of customers.
The loss of this information may not cause the DJIA to drop 10%, but it can be devastating to the people involved. But security is often lax since it's "only" a PC and it never occurs to these people that their computers may be stolen precisely because of the confidential information on the disk.
Even home users can face a difficult situation if they take their work home. They have a duty to protect that information... then they work on those files on virus-ridden systems. Today's viruses seem to focus on spam and stealing credit card numbers, but it's not hard to imagine more sophisticated attackers looking for other information.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Ok, how many admins out there who take backup tapes home as your offsite solution?
This may be modded as funny, but is actually quite interesting. I know of a number (at least I know they used to) of sysadmins whose offsite backup was at home. This included some organizations with fairly substantial interests in limiting the access to their information. It should be company policy to properly pay for and establish a secure off site location for backups that are not in insecure locations like peoples homes. This should include any company that backs up information related to personnel information like SS#'s and such. For lots of companies or research institutions with just research info that is not sensitive, backups at home can be wholy appropriate.
Visit Jonesblog and say hello.
>I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume.
Call me ignorant but wouldn't one simple phishing/keylogging software to get your password and its all for nothing?
You would have to get the software on your machine first, but there are loads of way it could be done (even on linux and especially if its hooked up to the Internet) but its well worth the trouble for a person.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Who are the threats? {family, boss, cybercrooks, burglars, fire}
What is the threat? Discovery, use or loss?
What is the cheapest/easiest precaution?
Multiple user accounts, removeable media, doorlocks, backups and selective crypto are all I bother with.
You seem to be missing perhaps the most fundamental aspect of security: "Make your data secure enough such that it is not worth anyone's time to get past the security measures".
Note that this does not mean make your data as humanly secure as possible. If it takes six months of brute force time to break my encryption, I don't mind. I don't have anything that is worth the trouble. So I'm not going to create hurdles for myself by securing it further.
If you have more valuable data, then make it as much harder to get to it. Going overboard will not gain you anything, other than a hassle.
Yes, big brother can storm my house, and torture the information out of me. But it's not worth their trouble. It perhaps would be worth it if I had no security measures and conducted all my Internet transactions in plain text. So I just use a few simple measures to make sure it's not that easy.
Beetle B.
Easy.
Right-click on the network icon in the system tray then select "Disable". Seems easier to me than having to bring up a console, enter 25 characters, and hit return.
I'm no Microsoft fan but come on, ya gotta pick your battles a little better than this.
Never underestimate the power of human stupidity -RAH
Of course, that's not the only blunder. A cracker under the name "The Cheshire Catalyst" broke into a network service they were demonstrating, and started piping songs onto the computer screen in the TV studio.
These security breaches got the kind of publicity few crackers could ever hope to achieve today. A live television audience of maybe 7-8 million, and next to zero chance that the camera is going to pull away?
One important lesson I learned, over these incidents, is that security is rarely accidental. Nor is it something you can consider seperately from the rest of the design. Designing something to be consistant and uniform means that errors will stick out like a sore thumb. In terms of security, or reliability, elegence is everything.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
They look much harder at AC posts then us rambling registered users who normally have nothing interesting to say...
:-)
There is no saftey in anonymity, only mediocrity. People are always looking to see who hides behind the mask even as they step over the unwashed masses.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
We were developing a backup plan that involved cross-backups between the two buildings where this particular part of the company was housed. What were the odds, we figured, of something bad happening to both buildings at the same time?
On 9/11, watching the smoke from the Pentagon, we reconsidered that position.
This next song is very sad. Please clap along. -- Robin Zander
You right click on the connection's system tray icon and click disable.
OK, now perform that action in a shell script.
/smartass
You've just given me, and everyone else, a detailed list of attacks which will not work against you (saves us time, thank you!), and presuming that you've given an exhaustive list, you've also told us what holes are in your methods and where they are. You've given us some hints as to your software packages (Qmail, FWReport, IPTables, Apache, mostly non-windows machines) so we can go look up bug reports and exploits for them...
Who says any of the rest of this information is not easy to determine?
lets see:
Apache is kept reasonably up to date.
FWReport is a report generator. Not directly exploitable. All it does is send me reports, and I wrote it and released it open source (as advertised on the web site), so you would expect me to be running it, right? I am sure you would expect Theo to be running OpenBSD too, right?
Qmail.... When was the last time there was an exploit in Qmail?
Look.... If you use Netcraft, you can see I am using Apache. Not saying so does not mean people can't find out. If you use Netcraft, you can even see I am running Linux.
Hmmm.... and if you check port 110, it is open and you can look up the welcome message to see I am in fact running Qmail. So I have saved you, what? 10 minutes online with Google and Netcraft by telling you this information? How hard is it to determine this information? How hard is it to obscure this information?
In essence, nothing I said is anything I could keep secret anyway from an attacker who would even do light recon.
Now.... Beyond the basics (here is where I won't tell you details but can tell you principles and design ideas):
1) If a program fails and is compromised, that should provide as little access to anything else as possible.
2) If I have to require passwords on one remotely accessible resource, these passwords should not be reusable on another group of such resources.
It is all about defence in depth and providing as many obstacles as possible to cause damage to me and my business, and containing the damage so that we can gracefully recover with a minimum of downtime. I won't share details. But I think we can all agree on the goals (these goals have been discussed in other whitepapers I have written, so again, this is public information).
LedgerSMB: Open source Accounting/ERP
If they have physical access, they can just reset the BIOS... Plus you probably have floppy or CD set as boot first, in which case a simple bootable floppy or CD could circumvent all your elaborate security.
MacroHard - Boning you in a big way! (TM)
First of all, 99.9999% of us is probably incapable of securing our system so well that it would prevent 'big brother' from getting to our info (most of us can't/won't bother with TEMPEST shielding for example). Or staying with our computers/info 24 hrs/day to guard it.
Secondly, most of us are probably so insignificant as individuals that the odds of 'big brother' even being interested in any of us individually is non-existent (except in delusions of self-importance which do nothing more than attempt to compensate for feelings of inadequecy).
Thirdly, all this does not mean you shouldn't use tools to protect your privacy. Over the past few years, the threat to privacy and data theft has become real--the enemy is identity theives, nosy peers, business competitors, etc.
Yeah, don't tell them. I love the way people respect and fear me just because I use bash and cmd.exe.
/dev/urandom" on a green terminal to make dummies think you are doing real work...
Seriously, some people are very impressed by CLIs. Especially green ones. Try "cat
# cat
Damn, my RAM is full of llamas.
"That means that nobody has a snowball's chance in HELL of getting onto my machine when I'm not around."
Unless they're one of the many people who happen to know how to reset your CMOS settings...
ND
This statement is forty-five characters long.
Under those circumstances, I very much want my encryption easily broken.
At some level of difficulty it becomes easier for such organizations to break kneecaps to get the password than it is to use computers to do it.
I like the old "obsolete" DES, since anyone with the resources to break it also has the resources to torture me to get the keys if they couldn't.
Or more careful: Don't post inside bed info on ./ for starters. At least, don't log in. ;-)
i could break a DES key given sufficient time, but i could not torture you because you are an anonymous coward. Disproven.
I do not deploy Linux. Ever.
Also wipe the data if anyone breaks in. Easy enough to do with a standard security system, if you already have the electromagnet in place. In fact, you might want to forget the switch under your see, and just attach it to your door.
This way, you have less chance of them successfully arguing you tampered with evidence after you heard the police knock down your door. You didn't do anything. Be sure to not even stand up without the police asking you to.
This is better than a password. They can compel you to give up a password by going to court. They could, even more easier legally, compel you to turn off the electromagnet, but won't actually have time to get a court order.
(Nothing is stopping you from having a switch to turn the system on in the first place, and flipping that when the police break in (So you don't sit in eternal danger of losing all your data if something screws up.), as long as you are willing to lie and claim it was already on when they came in.)
If corporations are people, aren't stockholders guilty of slavery?
Um, unless they wanted the data without you knowing.
If corporations are people, aren't stockholders guilty of slavery?
We had a so-called security expert put them on a bunch of my SUN systems at a job in 1999, Talked our PHB into buying into that. Took all of a week to get the jerk and his dumb idea out of our site. Once the power went out and the Junior who was on late shift couldn't start the systems. PCs are easy to get around and Suns are a evil to fix after that sort of nonsense.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
Yeah, but you just spilled your freak'n guts to /., which while maybe not legally actionable, certainly isn't paranoid enough. :) I suppose that's one of the problems with maintaining a high security stance over long period of times: after a while, what's the point?
Incidentally, I wouldn't have just worn gloves. You can leave a lot of other material lying around besides fingerprints (hair follicles and the like). Remember, your body is constantly shedding material (you'd be amazed at what falls between the cracks in my keyboard).
That's what the encrypted filesystem is there for; then you also have to acquire the key.
Other possibility is the ATA password, supported by more modern disks.
You can also query the SMART registers in the disk, and check the power-on counter; if there was a discrepancy, a disk powered up without you knowing about it, check why.
Yet another option is welding the case shut. Won't stop the adversary, but will make tampering obvious and slows him down. You can also use sealing wax instead, if you want more service-friendly option, but a determined adversary will make a negative of the seal from the epoxy and then reseal it again.
I just want to demonstrate that unless your data is with you (USB) or in an isp datacenter, your so-called friends can play havoc.
An USB dongle may get lost or stolen (even easier than a stationary desktop machine). An ISP colocation may be entered by anyone posing as a serviceman, if their security is sufficiently lax (which it way too often is); social engineering is a king here.
I have a hasp built into my case to lock the computer shut. I even had a padlock on it for a while at school. The hasp is so flimsy that a friend with the same case twisted the lock off with his bare hands because the key got jammed.
Locks on cases are not very useful. The metal that the case is made of is not adequate. The lock is so much stronger than the case, the lock will break the case.
This is like the apartment that had the reinforced steel door. The thieves cut a hole in the drywall 32 inches over with a utility knife and got everything they wanted. Yes, many if not most apartments are this insecure. (The really good ones have 1/4 or 1/2 inch plywood below the drywall in the halls. Not much better.)
End result is physical security must be adequate: if you can touch the box, you can get access.
On another note, the case is usually OFF my box, and was ALWAYS off at school (Steam heat is WONDERFUL!). The lock went to a cable so the box wouldn't walk. This is an example of apparent security. The item was secured against casual theft, nothing else.
Phil
Laugh, it's good for you!
I know this is a joke, but if any girlfriend of mine ever had the balls to read my e-mail, she'd be out the door.
There isn't anything that I wouldn't want her to see in there, either. It's the principle of the thing. Relationships are based on trust, and when someone is reading your personal correspondence behind your back, trust is lacking.
I'm a pretty laid back guy, but I don't play games with my privacy.
Besides the temp files that might be written outside of $HOME (/var/tmp?), an encrypted root helps against some attacks, for example mounting the root partition from a boot CD and inserting trojans like a keylogger, backdoor or rootkit. With an encrypted root you still have an unencrypted /boot partition that could also be subverted with a trojaned kernel or initrd, but that's not nearly as straightforward. Also, for the truly paranoid, you could use a removable boot CD or floppy instead of a /boot partition on the hard drive.