Have you ever been compromised?

ac_dispatcher · August 25, 2004

I'm trying to see how everyone has there setup and if they have been compromised ever. Maybe have some tips or tricks posted on catching and stopping it.

No I don't think I've been rooted but for that matter I feel I've been a bit lax or lazy on security lately.

Im not as secure as I should be but Im probably better than others. Here is my set up:

My house is hard wired with Cat 5E to a Hub (only 10baseT)

The hub is located in my Coyote Linux firewall box.

Wired Set up of my house:

INTERNET

>

Coyote Linux

>

10BaseT Hub

>

> > >Windows XP (nuclear)

>

> > > Windows XP (tiger) >>> Bridge >>> Gentoo Laptop (arora)

>

> > > Windows98 (vectra)

>

> > > Windows98 (elite)

Ok thats my basic setup. I put each computer name beside each to easier identify them. I run a network bridge (2 Nics) on (tiger) for two reasons: 1. the HUB only has 4 ports, 2 - So it has a 10/100 connection from arora to tiger for rsync backups. Now I know that its not to good of a setup. I need to do more about security.

Security:

Coyote Linux Box:

First and last wall of defense for me. Its a computer that runs Coyote Linux via a floppy. No hard drive just a P75Mhz, 12Mb Ram, and 2 Nics. Write protect the floppy and If I think I've been compromised I just reboot the box and change the password. I have ran port scans via GRC, Sygate scan, DSL reports, with full stealth. I have it set for no outside logins allowed. Good password used for root. No additional logins made.

I have remote logging to my Gentoo box enabled and check the logs at least twice a week (usually via grep)

All other boxes:

Wide open no firewall or security measures. No passwords.

Why ? Half lazy half easy of use. I know that its not the best but I tend to think the WindowsXP user with his new Cable connection and no firewall has more to worry about.

Additional Info:

I share folders from each computer to my Gentoo box via samba.

I run VNC from/to all computers

Each Windows XP box has a spyware and Anti virus software installed and up to date. Norton/ McAfee and Spybot/Webroot. I have different programs on each so I don't have all my eggs in one basket. Each box runs a virus scan on all drives over my entire network each night (takes about 3 hours). So the entire network is scanned via two different Antivirus programs each night.

My wifes computer (nuclear) is her work computer. I also block all outbound ports via coyote to the internet except a few choice ones (web, smtp, pop). So if she gets compromised or tricked into installing maleware her computer is blocked on the outbound.

>>>>>

Things I plan to do:

vectra - needs no outside access so I plan on blocking all outbound (internet) via the firewall

elite - This is my 7 year olds computer so I plan on blocking every outbound port except port 80 via the firewall.

Im thinking its time to tighten up all the computers behind the firewall. I thinking of downloading Zonealarm and installing it on all Window$ boxes. I have experience with it and how to set it to allow access. I stopped a while ago because I have trouble with Zonealarm and VNC, but Im going to try and give it a go again.

So how about some Links huh?

GRC - select shields up

http://www.grc.com/default.htm

sygate:

http://scan.sygate.com/

DSL Reports: (requires java)

http://www.dslreports.com/scan

Home PC Firewall Guide:

http://www.firewallguide.com/

Security Metrics

http://www.securitymetrics.com/firewall_test.adp

Other Links:

World of Windows Networking:

http://www.helmig.com/

http://www.practicallynetworked.com/