How to increase the security!

For discussions about security.
Message
Author
shoutcrown
Posts: 84
Joined: Sat 12 Mar 2011, 16:21

How to increase the security!

#1 Post by shoutcrown »

Hello everybody!

Well I am using Puppy Linux (I completely deleted Windows XP). Because Puppy Linux is able to do what I want. By the way I am using Lucid and Slacko Puppy Linux, because of some little differences

You know?, I never before had Internet Connection at home. (I usually went to Public Internet...). But a few days ago Movistar installed Internet Connection to my laptop (wired connection to TP-LINK modem which also has WIFI)

So, this is new for me and I need to increase my security. Reading the user guide I could change my SSID, WPA-PSK password (the official webpage only shows two authentication types: WEP and WPA-PSK; two encryption: TKP and AES), also I activated the mac address filter and I have turned on the Firewall

But the user guide doesn't have deep information about internet security, So:

- Can anybody give me detailed information about internet security?

- Is it possible that anybody could get my password?

- Which is the strongest authentication and encryption type?

- how can i know if anybody else is connected to my Router?, if so how can i disconnect them?

Thank you very much for reading and helping me!

Bye

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#2 Post by Lobster »

Using Puppy you are already safe

Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows: 'If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppy Linux is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing Internet banking'.


Turn on the firewall
the rest is common sense
security done
If you are a budding tin hat . . .
http://puppylinux.org/wikka/security

Wpa2 is the most secure wifi
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#3 Post by nooby »

Is it possible that anybody could get my password?
It sure is. A neighbor can use programs that use brute force guessing
until it crack it. And drive by cars that cruise for such vulnerable modem
routers to break into.

Our version of PBS showed how easy it is. Took only minutes for the guy
they hired to show how vulnerable we are.

Wep where most easy and WAP took more time.

There should be such reports in English speaking computer press too
and BBC tech should have such texts and even videos?

So you should try to get a good password.

If the person doing is not good at hiding then most likely an icon indicate
that another have entered your network.

Others can confirm if one can click on these and stop them.
Most likely possible.

What Lobster talk about sounds to me to be a compare with Ms Win
getting targeted within ten minutes or earlier if one just get out with a
modem and no router. Routers makes it a bit more secure.

My naive take is this.

If many thousands of Apple latest OS get invaded with Trojan
then why would linux be more protected.

Puppy being a very different linux makes it maybe less targeted.
But if somebody is dedicated then they can do it. Hopefully
somebody that really knows thing give you good advice.

I know too little.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#4 Post by Barkin »

don't use a word which is in a dictionary as a key/password.

https://en.wikipedia.org/wiki/Dictionary_attack

http://howsecureismypassword.net/

create a good but memorable password using MD5 generator

MD5("puppy+salt") = 3e646fbe529c65d4d4be511e926c1bb4
Attachments
MD5(puppy+salt).png
(5.27 KiB) Downloaded 1613 times

postfs1

Re: How to increase the security!

#5 Post by postfs1 »

shoutcrown wrote: How to increase the security
wrote: http://www.murga-linux.com/puppy/viewto ... 209#587209
Image Theme: Security/Privacy = //"House Training"/"HOWTO ( Solutions )" Image
wrote: Image
wrote: http://www.murga-linux.com/puppy/viewto ... 415#586415
Image Perhaps the theme: 1st_script.sh Image


http://www.murga-linux.com/puppy/viewto ... 415#586415
Image Perhaps the theme: 2nd_script.sh Image


http://www.murga-linux.com/puppy/viewto ... 415#586415
Image Perhaps the theme: 4th_script.sh Image
wrote: Image
A computer devices without additions from spy plus passwords without writing into your own memory, when the passwords can be placed into the shifting stencil, plus the protected energy for computer devices, plus the successful work with licences, plus booting from the DVD or CD-disk. But it will not give a full protection.
Last edited by postfs1 on Sat 21 Apr 2012, 08:42, edited 2 times in total.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#6 Post by nooby »

I fail to link to it directly. it is a bit down on the page. Go here
http://distrowatch.com/weekly.php?issue=20120416#news
"DoudouLinux has several features that set it apart from the others:
a safe computing environment for children;
make computers accessible to all children on earth;
copy and share freely;
carry it anywhere and use safely on any computer;
the operating system children prefer.

Safety means two things. It means system safety,
because even though DoudouLinux can be installed
to a hard drive, it's really intended to run from a CD or
USB stick without making any changes to the host system,
and without access to the host system.

It can't be used as a rescue distro or
interfere with the host system in any way.

There is no console and no command line.
It is very simple, with a limited tightly-focused set of applications,
and no modifications without rebuilding the system image."
Okay a very restricted type of OS. Too restricted for serious work
But could one not learn from their intention to make it as simple
and as secure as possible and make a two layered approach ?

Maybe two kind of puppy? One puppy so that one boot when one
want to be very safe online and then another iso that one boot
when one need to do a lot of offline work that require access to
the HD.

I have a test machine now that have no internal HD what so ever.
I use a CD/DVD or USB to boot it and save things on another USB.
I use Google Search on Puppy Forum
not an ideal solution though

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#7 Post by nooby »

Thanks to shoutcrown for the PM. Sadly due to personal circumstances
I don't have time to answer and exchange views on Security because
I know too little. I contributed to this thread in hope a lot of persons
who do more than me would share their best advices.

I know nothing about DoudouLinux but would be cool to get feedback on
if what they write there is as they say or if they are too optimistic.

Can puppy learn from their approach and how? Not to cripple Puppy
but to have one very secure puppy that maybe is too restricted to use
for others uses but to use for safe browsing and then one shut down
and reboot into a normal puppy when one need those features?

Shoutcrown has started a personal question that is related here
http://www.murga-linux.com/puppy/viewtopic.php?t=77746

I did not write there because my long experience is that if I write something
then none else get active in that thread. :) So to be polite I only link to it here. Hope that helps.

I share your worry shoutcrown but have no time to get deep into it.
Hope you get good answers if that fails do use the search I link to
and put in keywords like security and wap wifi wireless and what is needed to find your answers and give feedback in that thread you started.
I use Google Search on Puppy Forum
not an ideal solution though

shoutcrown
Posts: 84
Joined: Sat 12 Mar 2011, 16:21

hi nooby!

#8 Post by shoutcrown »

I really appreciate your effort to share my "post"

I am using Puppy Linux, it's an excellent OS (i am sure the other distros are the best too). Like you, there are many things I don't know and can't do, but I already know the basic usage. So on now I can show and share this practical knowledge I have, to people close to me...

Now I have internet connection at home, and it is better to learn and do more questions

thank you again, Best wishes!

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#9 Post by 8-bit »

When you asked how to tell if someone was online using your routers WIFI connection, you can access the router's setup page and there should be a section that will show what PCs are connected.
At least both my Linksys and Quest routers have that feature.

Maybe that will help.
At my home, it showed me just what PCs were connected using both WIFI and wired connections.

Also, be sure to change the default password for your router so that it cannot be accessed remotely easily.
I only say this because I can access my router via WIFI knowing the username and password.

So if you left the default of username- admin and password of - password, you are leaving yourself open.

shoutcrown
Posts: 84
Joined: Sat 12 Mar 2011, 16:21

HOLA!

#10 Post by shoutcrown »

Hi! 8-bit,

Thank you!.

Yeah, Now I am watching which options shows the Router web page. As all of you say, there is a section where I can see which devices are connected...

Nevertheless there is a question I forgot to make: Which are the more secure characters for a key: ASCII or Hexadecimal?

Because using ASCII I can write symbols like @, #, etc., but Hexadecimal only admit numbers and letters from A-F

BYE

User avatar
puppy_apprentice
Posts: 299
Joined: Tue 07 Feb 2012, 20:32

#11 Post by puppy_apprentice »

check info about passwords on this page (from Services menu):
http://www.grc.com/intro.htm

shoutcrown
Posts: 84
Joined: Sat 12 Mar 2011, 16:21

HI!

#12 Post by shoutcrown »

Hi puppy-apprentice!

that page test passwords too

bye

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#13 Post by Lobster »

password generation
http://www.murga-linux.com/puppy/viewto ... 884#316884

For all you budding tin hats :shock:
Why not order a Raspberry Pi
http://puppylinux.org/wikka/Puppi
and create
a password generator and changer?

Basically this would log into all your password protected services
Maybe once a day, with the previous password and change it.
The program would then print out the passwords (possibly in braille) for you to type in when requiring access.

That should keep you occupied for a while . . . 8)

Hope that or link is of interest :)

Puppy <> FUD
Educating Penguins
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#14 Post by Barkin »

there's no way people can remember tens of passphrases each consisting of random characters,
which means you'd have to write them down, which would be a security risk.

With my method you can safely write down ...
Lobster's password for bank account is "bank"
when your actual bank password is an MD5 of "bank+salt",
i.e. the bank password is the 32 character hexadecimal number c70d765ca96f3b0855e2d4dd9b38efd6

["+salt" is any character sequence which you commit to memory and never write down,
character sequence preferably not a word in any dictionary, "+salt" isn't , "salt" is , the longer the character sequence the better ]

Note: slight changes to the text make huge difference to the MD5, e.g. missing out an apostrophe , changing the case of one letter.
Attachments
MD5 password method examples.png
(12.69 KiB) Downloaded 1275 times

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#15 Post by Lobster »

which means you'd have to write them down, which would be a security risk.
Your plan is good.
How about if you write them down in invisible ink?

I once spent a lot of time creating a secure website, password protected
- which at the time was not essential

When they then told me how they had forgotten their password
I informed them how secure the site was (as warned)
I did not have access to the password. :shock:

In fact I have just tried to get into a secure account
. . . and I have no record or account of my forgotten details

I am the weakest link
Goodbye!
Last edited by Lobster on Sat 28 Apr 2012, 09:03, edited 1 time in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#16 Post by Sylvander »

1. For years now...
I've held ALL of my MANY sets of info [includes username, password, security info, URL's, etc]...
In my "Acersose Password Vault" [APV].

2. APV is a Windows program that can either be installed, or run portable.
I choose to run it portable, in both Win2000Pro->[almost never], and each of my Puppies using WINE.
The exe file is held on a dedicated partition [holding ALL my portable Windows programs], on a separate/dedicated internal HDD [Windows uses 1 of the other partitions].
Normally, none of these partitions are mounted.

3. To gain access to the vault...
I need only remember my username and fairly long but easily rememberd password.
Once in there I typically copy and paste the needful.
Hence, stuff can be long and complex and still be easy to work with.
APV can auto-generate passwords of a length [and with types of characters] specified by the user.
New entries are easy to create.
Saves can be made manually.
Backups are automatic.

4. The number of sets of info [entries] is HUGE.
Can't think of any other way of dealing with all of that.
Very useful too.
I can keep all sorts of info in there.
And it's both SECURE->[difficult to gain access to] and SAFE->[protected from loss by multi-auto-backup].

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#17 Post by nooby »

I'm very naive and bad at doing logic but follow this.

For years they have tested what happens when some noob
get a computer and start it up and get out on internet.

I trust that pcworld.com and similar mags has done like our
idg.se did. They have tested this with WinXP and Win Vista
and Win7 and within some 5 to 10 minutes the machine is full
of trojans and other things from the internet and this without that
person having to visit any dangerous sites.

So my logic tells me that if one have puppy with Wine then
would not the same happen instantly due the wine allowing it all in?

What is the difference? Why would it be safer with wine?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
puppy_apprentice
Posts: 299
Joined: Tue 07 Feb 2012, 20:32

#18 Post by puppy_apprentice »

it is better to use virtual machines like QEMU or VirtualBox, if u will use in Wine only trusted apps from trusted sities u should be safe (Wine is not windows it gives for app only an illusion that it runs on Windows), if u will get eg. some macro virus for Outlook it will only work if u will work with Outlook in Wine, Windows viruses or macro scripts (jscript, vbscript etc.) will not work in Linux

but it is possible to write a virus that will compatible with Wine, it will use Wine holes etc.

http://linux.slashdot.org/story/09/10/2 ... s-via-wine

http://forum.winehq.org/viewtopic.php?t ... 47fe12ac85

http://superuser.com/questions/187548/w ... ws-viruses

http://forums.fedoraforum.org/showthread.php?t=269419

http://www.linuxquestions.org/questions ... em-851808/

http://www.linuxforums.org/forum/wine/1 ... ruses.html

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#19 Post by Barkin »

Barkin wrote:password generation
["+salt" is any character sequence which you commit to memory and never write down,
character sequence preferably not a word in any dictionary, "+salt" isn't , "salt" is , the longer the character sequence the better ]
The character sequence can be another MD5 ...
Attachments
use MD5 of ''+salt'' as salt.png
screengrab
(8.2 KiB) Downloaded 731 times

shoutcrown
Posts: 84
Joined: Sat 12 Mar 2011, 16:21

OK!

#20 Post by shoutcrown »

Hi guys!. Thanks a lot for continuous advices!
Lobster:

password generation
http://www.murga-linux.com/puppy/viewto ... 884#316884

For all you budding tin hats
Why not order a Raspberry Pi
http://puppylinux.org/wikka/Puppi
and create
a password generator and changer?
Lobster those password generators seem to be good. Also I think I don't order a Raspberry Pi, because I might have some troubles creating a password generator... (What do is the meaning of budding tin hats?)
Barkin:

With my method you can safely write down ...
Barkin MD5 seems to be a good password generator, but:
A 2009 attack by Tao Xie and Dengguo Feng breaks MD5 collision resistance in 220.96 time. This attack runs in a few seconds on a regular computer
Does it mean MD5 is not enough strong?. Also I can't find a link to download it

Sylvander, like the others guys I prefer to use Linux rather than Windows because of more security...

nooby, I think the same as you. Just everybody should use Linux

puppy_apprentice, you know? I didn't use Wine yet, because of there are so many useful packages for linux distributions

Barkin, I appreciate your continuous support!, Where can I get MD5 password generator?

Thanks a lot! Best wishes all of you :wink:

Post Reply