Results 1 to 10 of 10

Thread: Some Security concerns i have over network access

  1. #1

    Default Some Security concerns i have over network access

    First off How do you disable IPV6 access on all connections used on the pc-is there a way to test for ipv6 connectivity?

    Secondly how secure is a default opensuse 11.04 machine out of the box? should i be making some changes to the default configuration?

    Thirdly what does the default firewall settings do? on my network i use my wpa2 psk aes connection via my local wireless network-in the event that some can hack into my wireless would the opensuse firewall prevent direct access to my pc from a attacker on the same wireless subnet?

    Fourthly when does opensuse 11.04 go out of date? in a year from now?

  2. #2
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,317

    Default Re: Some Security concerns i have over network access

    On Thu, 19 May 2011 16:36:04 +0000, linux ftw1 wrote:

    > First off How do you disable IPV6 access on all connections used on the
    > pc-is there a way to test for ipv6 connectivity?


    Go to a terminal prompt and type "/sbin/ifconfig". If you don't see ipv6
    information listed on your external interfaces (you may see it on the
    loopback, I don't recall offhand and I haven't disabled it yet). There's
    a setting in the network configuration to disable it; a reboot is
    recommended after disabling it to remove the kernel module IIRC (though
    that can probably be done without a reboot).

    > Secondly how secure is a default opensuse 11.04 machine out of the box?
    > should i be making some changes to the default configuration?


    By default, all inbound connections are blocked with a few exceptions.
    Go into YaST and select the firewall configuration to see what ports are
    open. It's pretty straightforward.

    BTW, I'm assuming you mean 11.4 - there is no version "11.04" for
    openSUSE - the version numbers are all xx.x in format.

    > Thirdly what does the default firewall settings do? on my network i use
    > my wpa2 psk aes connection via my local wireless network-in the event
    > that some can hack into my wireless would the opensuse firewall prevent
    > direct access to my pc from a attacker on the same wireless subnet?


    Any inbound connection is blocked other than for the ports that are
    opened.

    If someone hacked into your wpa2-encrypted network, I'd be concerned that
    the key isn't strong enough. IIRC, wpa2 is not yet broken, or if it is,
    it's brute-force and generally a brute-force attack will succeed quickly
    if you haven't chosen a strong enough key.

    > Fourthly when does opensuse 11.04 go out of date? in a year from now?


    http://en.opensuse.org/Lifetime

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  3. #3
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,731
    Blog Entries
    2

    Default Re: Some Security concerns i have over network access

    Fourthly when does opensuse 11.04 go out of date? in a year from now?
    The "stable" openSUSE is as per hendersj's link, 18 months.
    There is one openSUSE variant that doesn't go out of date; viz Tumbleweed. This is still being developed ATM, so probably not for inexperienced users at this stage.
    And there's Evergreen too, which will last a long time. I don't know what stage of development Evergreen has reached.
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

  4. #4

    Default Re: Some Security concerns i have over network access

    Ok for the ipv6 there was no mention of ipv6 in the terminal command so i thinks that turned off.
    Went to a website to test ipv6 and it seems im using only ipv4

    For the firewall i have the following configuration
    -Firewall Starting

    • Enable firewall automatic starting

    • Firewall starts after the configuration gets written



    Internal Zone

    • No interfaces assigned to this zone.



    Demilitarized Zone

    • No interfaces assigned to this zone.



    External Zone

    Interfaces

    • eth0

    • Broadcom WLAN controller / wlan0

    Open Services, Ports, and Protocols

    • Zone has no open ports.

    So im guesing that in the event someone accessed my wireless since wlan0 has no open ports then a attacker shouldn't be able to access my pc directly. For the network data im using a vpn to protect against sniffing.

    Yes i meant 11.4 according to that link usable till December 2012.

  5. #5

    Default Re: Some Security concerns i have over network access

    Forgot to say i also ticked a box under firewall settings called 'protect firewall from internal zone'. Before i unticked this box there were a lot of ports greyed out in the background for the internal zone-now that ive ticked this box the internal zone has no entries. Does this mean that the internal zone (my local wireless subnet i think) has no open ports for a attacker on the same wireless to connect to my pc?

  6. #6

    Default Re: Some Security concerns i have over network access

    bump bump bump

  7. #7

    Default Re: Some Security concerns i have over network access

    There is a global tab setting in yast-network devices-network settings that has an enable ipv6 tick box. I'm not entirely convinced it works completely but I haven't fully checked yet.

    As to security I too have had my doubts basically because actually getting into the suse filewall and understanding it is not an easy task for many people even many competent ones. I'm not sure how this stands at the moment but I have used this utility in the past following a couple of rather spooky experiences via the web.

    Guarddog

    There was talk of including it in kde a long time ago but kde people were not too keen on getting into that sort of thing. I mentioned it on the kde mailing list some time ago and I believe there was a fair amount of interest. This one works in a sensible manner. All ports are disabled by default. It also helps in respect to which ports do what in as much as suggesting what to open for what. Installation was easy and if the suse one was started it just stated that there appeared to be a firewall already running.

    If security is a real concern some linux mags in the past have included code to set up a simple linux box as a router that provides internet access. This could obviously include a local zone as well. The idea behind the code was to strip it to the essentials to make it easier to pick up and do further work on. Similar code may be available elsewhere.

    From private correspondence it seems my spooky experiences were down to a back door that has long since been closed. No other details but I would be suspicious of any seldom used or unused network protocols especially older ones. Problem here is it seems to be difficult to get a list of what is supported and what ports they use and even if the are really needed.

    -
    Leap 42.2 KDE 5.26
    3.6gig Xeon, 64bit SATA Raid home - Linux Raid 1
    All software on a flash drive, SATA swap & Temp files,

  8. #8
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,674
    Blog Entries
    3

    Default Re: Some Security concerns i have over network access

    Quote Originally Posted by linux_ftw1 View Post
    Internal Zone

    • No interfaces assigned to this zone.
    That shows that there are no interfaces for the internal zone. Everything is in the external zone.

    I'm pretty sure that is the default.

    If there are no interfaces in the internal zone, then it doesn't matter whether the firewall is on for the internal zone.

    You can reconfigure some of your interfaces to be in the internal zone, if you want that.

    At present, I also have everything in the external zone. But, at one time, I did put my eth0 in the internal zone. It is behind a router, so part of the home network. The idea was to have no firewall for that, so I left the firewall off for internal zone. But you could have different firewall settings for internal zone if you wanted.

    On my laptop, I have always kept everything in the external zone and fully firewalled.

    The above comments were to help illustrate the use of the different zones. Unless you have special needs, simplest is to keep everything in the external zone.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  9. #9
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: Some Security concerns i have over network access

    On 05/21/2011 12:36 PM, linux ftw1 wrote:
    >
    > bump bump bump


    heh! you must have bought three support contracts..

    this forum is a volunteer effort where users try to help other users..

    personally, i try real hard to help those who have shown a willingness
    to both help themselves and others....so far you have done neither..

    in the hopes you are the kind who will hang around and be as helpful as
    you are demanding i offer:

    (examples of helping yourself) questions one and four in your initial
    post are easily found by a couple of smartly worded google searches:

    http://tinyurl.com/3v2utzl
    http://tinyurl.com/3ud9tb7

    and your second (how secure out of the box) is impossible to answer
    unless you state your needs...that is, it is either not secure enough or
    far more secure than you need....my experience is that an out of the box
    openSUSE is far more secure than i need *if* behind a NAT router and
    with STRONG passwords...one for me and another for root..

    third Q i can't help with..

    --
    dd CAVEAT: http://is.gd/bpoMD
    [NNTP via openSUSE 11.4 [2.6.37.6-0.5] + KDE 4.6.0 + Thunderbird 3.1.10]
    Dual booting with Sluggish Loser7 on Acer Aspire One D255

  10. #10
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,654

    Default Re: Some Security concerns i have over network access

    linux ftw1 wrote:
    > Does this mean that the internal zone (my local wireless subnet i think)
    > has no open ports for a attacker on the same wireless to connect to my pc?
    >

    That is what it means and if you are so concerned about your security you
    should never trust anything you can see, but you have to do tests with
    appropriate tools to simulate an intrusion.

    --
    PC: oS 11.3 64 bit | Intel Core2 Quad Q8300@2.50GHz | KDE 4.6.3 | GeForce
    9600 GT | 4GB Ram
    Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.6.0 | nVidia
    ION | 3GB Ram

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •