Hello I've installed a Fedora 12 kde live cd on a local area network, that I want to keep safe from hacking ( specially from network admin. !!) Is a default fedora 12 install secure enough ? or do i still take some measures to secure the pc ? I need also to monitor scans or probes to the pc
please help
mike
Around 06:32pm on Tuesday, July 27, 2010 (UK time), mike lan scrawled:
I've installed a Fedora 12 kde live cd on a local area network, that I want to keep safe from hacking ( specially from network admin. !!) Is a default fedora 12 install secure enough ? or do i still take some measures to secure the pc ?
It sounds like you are doing something that is probably contrary to your employers IT policy, but if you are concerned then unplug the network cable.
I need also to monitor scans or probes to the pc
Modify the firewall configuration.
Steve
On Tue, Jul 27, 2010 at 6:38 PM, Steve Searle steve@stevesearle.com wrote:
Around 06:32pm on Tuesday, July 27, 2010 (UK time), mike lan scrawled:
I've installed a Fedora 12 kde live cd on a local area network, that I
want
to keep safe from hacking ( specially from network admin. !!) Is a default fedora 12 install secure enough ? or do i still take some measures to secure the pc ?
It sounds like you are doing something that is probably contrary to your employers IT policy, but if you are concerned then unplug the network cable.
I need also to monitor scans or probes to the pc
Modify the firewall configuration.
Steve
--
how do I modify firewall config? I'm not good in iptables
what about ipv6 ?
the fact is I don't like being spied on my desktop , this means there is no fast way to secure a fedora 12 pc ?
On Tuesday, July 27, 2010 18:49:13 mike lan wrote:
the fact is I don't like being spied on my desktop , this means there is no fast way to secure a fedora 12 pc ?
Exactly what kind of security are you interested in? Fedora is quite secure with its default installation, if you didn't turn off the firewall and SELinux. I never needed any additional setup.
If you tell us what kind of additional security you want, we might be able to give you some specific suggestions.
What do you mean by "being spied"?
HTH, :-) Marko
On Tue, Jul 27, 2010 at 7:22 PM, Marko Vojinovic vvmarko@gmail.com wrote:
On Tuesday, July 27, 2010 18:49:13 mike lan wrote:
the fact is I don't like being spied on my desktop , this means there is no fast way to secure a fedora 12 pc ?
Exactly what kind of security are you interested in? Fedora is quite secure with its default installation, if you didn't turn off the firewall and SELinux. I never needed any additional setup.
If you tell us what kind of additional security you want, we might be able to give you some specific suggestions.
What do you mean by "being spied"?
HTH, :-) Marko
I mean "looking at my dekstop" on the other room, or installin some rootkits to gain access to the pc on my behalf.
mike lan <lan.mike88 <at> gmail.com> writes:
...
the fact is I don't like being spied on my desktop ,
... I mean "looking at my dekstop" on the other room, or installin some rootkits
to gain access to the pc on my behalf.
Mike, we are all concerned about privacy, hackers, etc. But if you are in a corporate environment, please understand the position of the sys admin (if if she may be a moron ...). She is responsible for the net. Do you understand what is on that net ? Accounting ? Sales ? Atomic bomb lab ? Will you have access to Internet from within the lan ? Will the sys admin let you out ? Do you want to risk "digging a tunnel" to fool him ? You should openly ask him if you can plug in your pc. You will have to obtain an IP address on that lan, manually or dynamically (DHCP) - with or without sys admin knowledge ? Get an OK from him first. Then learn about desktop security - Fedora has a nice gui firewall, just accept the defaults (but check off SSH service port) and you are safe. There are some additional steps you can take - just read a Red Hat manual on security. JB
On 07/27/2010 12:22 PM, mike lan wrote:
On Tue, Jul 27, 2010 at 7:22 PM, Marko Vojinovicvvmarko@gmail.com wrote:
On Tuesday, July 27, 2010 18:49:13 mike lan wrote:
the fact is I don't like being spied on my desktop , this means there is no fast way to secure a fedora 12 pc ?
Exactly what kind of security are you interested in? Fedora is quite secure with its default installation, if you didn't turn off the firewall and SELinux. I never needed any additional setup.
If you tell us what kind of additional security you want, we might be able to give you some specific suggestions.
What do you mean by "being spied"?
HTH, :-) Marko
I mean "looking at my dekstop" on the other room, or installin some rootkits to gain access to the pc on my behalf.
As others have suggested you had better have a good look at your employment agreement and the company's policy documents. It may be that they have a policy which states that they can "spy" on you and an attempt by you to block that could be grounds for termination of your employment and possible prosecution for misuse of company assets.
It is not uncommon for employers to watch their employee's web access, email and other use of IT resources to ensure they are being used for company business and not personal activities or ones that may be in opposition to the company's goals. If everyone would play by the rules, this wouldn't be necessary, but I know of several people who have been let go because they spent all day in chat rooms or online poker tournaments. One was sacked because she was releasing confidential accounting data to a competitor. She's also in jail now for fraud, embezzlement, industrial espionage and perjury.
Businesses have the right to limit your access to their assets. You might not like it and it's a sad commentary on society, but that's the real world. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, C2 Hosting ricks@nerd.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Jimmie crack corn and I don't care...what kind of lousy attitude - - is THAT to have, huh? -- Dennis Miller - ----------------------------------------------------------------------
On Tuesday, July 27, 2010 20:22:59 mike lan wrote:
On Tue, Jul 27, 2010 at 7:22 PM, Marko Vojinovic vvmarko@gmail.com wrote:
On Tuesday, July 27, 2010 18:49:13 mike lan wrote:
the fact is I don't like being spied on my desktop ,
this means there is no fast way to secure a fedora 12 pc ?
Exactly what kind of security are you interested in? What do you mean by "being spied"?
I mean "looking at my dekstop" on the other room, or installin some rootkits to gain access to the pc on my behalf.
If you
(a) use default F12 installation options (firewall and SELinux turned on), (b) don't give away your user and root passwords to anyone (and use strong password choices), (c) don't do any ignorant changes to the system (ie. understand what you are about to do *before* you actually do it),
you'll be pretty safe from anyone gaining any access to your F12 box. In general, Linux (Fedora in particular) is considered more safe than windows in this regard.
So if you try not to do anything stupid, the default Fedora installation will provide you with quite good security.
HTH, :-) Marko
If you
(a) use default F12 installation options (firewall and SELinux turned on), (b) don't give away your user and root passwords to anyone (and use strong password choices), (c) don't do any ignorant changes to the system (ie. understand what you are about to do *before* you actually do it),
you'll be pretty safe from anyone gaining any access to your F12 box. In general, Linux (Fedora in particular) is considered more safe than windows in this regard.
So if you try not to do anything stupid, the default Fedora installation will provide you with quite good security.
HTH, :-) Marko
ok thanks what about turning off ipv6 ? installing rkhunter ?
Marko Vojinovic wrote:
On Wednesday, July 28, 2010 08:34:04 mike lan wrote:
what about turning off ipv6 ?
If you don't need it, feel free to turn it off. I typically do.
installing rkhunter ?
If you wish. I typically don't. :-)
It is very interesting that this person is on a company LAN and is looking for rootkits. What makes you so paranoid? If you don't trust the local IT department, a lot of cleaning needs to be done.
Does your company have a policy that states key logging will be installed? If so, you have no recourse but to comply. Failing to abide by IT rules in most companies is immediate cause for dismissal.
However, I work as a contractor for the U.S. government and they have forbidden the installation of such software unless the person has been advised they are under investigation by Criminal Investigators and that they have a legal right to gain evidence (again, the 5th Admendment forbids this unless you are advised and then you have the right to say "NO" or to request legal assistance in the form of a lawyer.)
Looks like someone needs to find a lawyer. You need their advice if you can proceed further with what you are doing.
James McKenzie
-
James McKenzie -
JB -
Marko Vojinovic -
mike lan -
Rick Stevens -
Steve Searle