Jump to content
chocobanana

Is mandrake really secure?

Recommended Posts

Greetings

 

I've been reading some posts about security and firewalls and I'm still not sure if i'm properly secure

I have the firewall activated in mcc (in mandrake v10.1oe), but I tryed the "shields up" test and it said I'm completely vulnerable (it also says it's a windows machine, but I guess it must be just having windows users in mind)

 

Can someone give advice?

 

Thanks

Share this post


Link to post
Share on other sites

the shields up test (and others) doesn't test you....your firewall stops it.

 

secure? well, any OS, properly administered, can be secure...even windows :cheeky:

Share this post


Link to post
Share on other sites

I have a Netgear router/firewall - the following should prove useful if you want an idea of how secure you are. This is taken from one of the support pages.

 

 

Here are three programs to test if your router or computer's ports are secure. The first gives the simplest "good / bad" results.

 

Symantec Security Check (Once on the page, click Start under "Security Scan".)

 

Gibson Research Corporation (On the page, scroll down, and click ShieldsUP!)

 

Sygate Online Services (On the page, click Scan Now.)

 

Since these programs are concerned with any possible threat, they may report things that are in practice usually safe. For example, although the Sygate and Gibson sites note ports that are not "stealthy", in practice ports that are "just" closed are usually quite secure.

Edited by ChrisM

Share this post


Link to post
Share on other sites

this isnt a question of mandrake security. as mandrake is linux. there are a number of things that can be done to tighten security. a good rule of thumb is, turn off any services you dont need. i did write a "linux security overview" in the FAQ section of this site. give that a look and you'll understand alot more.

 

linux isnt like windows. to go into more detail, i might as well write a thesis. the security overview will give you some good information though. how deep you want to go is up to you.

Share this post


Link to post
Share on other sites
I have a Netgear router/firewall - the following should prove useful if you want an idea of how secure you are. This is taken from one of the support pages.

 

 

  Here are three programs to test if your router or computer's ports are secure. The first gives the simplest "good / bad" results.

 

  Symantec Security Check (Once on the page, click Start under "Security Scan".)

 

Gibson Research Corporation (On the page, scroll down, and click ShieldsUP!)

 

  Sygate Online Services (On the page, click Scan Now.)

 

    Since these programs are concerned with any possible threat, they may report things that are in practice usually safe. For example, although the Sygate and Gibson sites note ports that are not "stealthy", in practice ports that are "just" closed are usually quite secure. 

 

 

the symatec site only scans windows (makes sense ya know). the other two are good though.

 

here is one that may freak you out a bit. http://browsercheck.qualys.com/index.php if you wish to attempt the tests, like a cookie test, then you'll need to change your user agent to IE 6 on winXP.

 

heres the results of mine with my UA set to IE 6:

 

  Browser Info: 

 

 

Type:  Microsoft Internet Explorer

Version:  IE6

Browser Language:  undefined

Cookies:  true

Java:  true

 

 

 

  JavaScript and Engine Info: 

 

 

JavaScript Version:  1.3

Script Engines Version: 

IE 4/5/6 Script Engines: 

 

 

 

  Browser History: 

 

 

Sites visited in this window:  10

 

 

 

  System Overview: 

 

 

Platform:  Win32

OS:  WinXP

CPU Class:  undefined

IP Address:  *********

Host Name:  *********

System Language:  undefined

User Language:  undefined

System Time:  Thu Jan 06 2005 17:19:13 GMT-0700 (MST)

 

 

 

  Display Settings: 

 

 

Resolution:  1024X768

Max Window Size:  966X722

Color Depth:  16 bit

 

i edited out the ip address. the results are similar under linux. it just cant hack linux :thumbs:

Share this post


Link to post
Share on other sites

an impropoerly secured linux can be just as insecure (or even less secure) than windows. it all depends on your knowledge of your system.

 

Linux can be as secure or insecure as you want it to be. However in Windows you have no choice in the matter.

 

Shields UP!! (www.grc.com) fails you in the test if:

a) you have an open port (really bad)

b ) you have a closed port (not really bad...but it's better to filter it)

 

You only pass the test if you got ALL ports filtered. IMO, that's a bit strict and useless.

If you have port 113 unfiltered (which happens often and is completely safe) you still fail the test.

 

here is one that may freak you out a bit. http://browsercheck.qualys.com/index.php if you wish to attempt the tests, like a cookie test, then you'll need to change your user agent to IE 6 on winXP.

 

heres the results of mine with my UA set to IE 6:

 

er, that's just from the GET requests crafted by the browser, NOT from any covert scanning done by the server - it means you (your browser) sent that info. Sure, they give a lot of information, like screen res and all, but servers NEED such info to display webpages properly...but the OS and the like isn't needed...you can probably disable these in Firefox, i'll look into it.

Edited by arthur

Share this post


Link to post
Share on other sites
er, that's just from the GET requests crafted by the browser, NOT from any covert scanning done by the server - it means you (your browser) sent that info. Sure, they give a lot of information, like screen res and all, but servers NEED such info to display webpages properly...but the OS and the like isn't needed...you can probably disable these in Firefox, i'll look into it.

 

 

yeah i know, but still freaky your browser gives that much out.

Share this post


Link to post
Share on other sites
the symatec site only scans windows (makes sense ya know). the other two are good though.
no they are not

SU is only certain you check your pc if ran from in windows and doesn't do a thing with my linux installs :cheesy:

 

Sygate:

It even tells you when the scan starts <your IP addy> and that if you have a router and/or firewall it may not be yours.

 

When it checks for services, do you think it's looking for linux services?

 

It's usless. It find the info you posted above but so what. Any site you visit can get that.

 

You have to run w/o a router, otherwise your router either isn't doing it's job or you're not really using it so why have it?

 

Do you think all crackers will only looking for windows services?

The scans are useless.

Share this post


Link to post
Share on other sites

IMHO this are the best steps to follow in order to make real useful security tests:

  1. learn how to set up your firewall and do it (and ofcourse read linux security manuals too)
  2. ask a friend of yours with linux to scan your own IP(1) with nmap
  3. interpret the results
  4. if you are satisfied break; else goto 1

you can skip steps 2-4 if you are confident with yourself and have a great ego (like me! :P )

 

(1) you can't get information about your firewall scanning your own computer from inside as it is obvious.

 

HTH

Edited by aru

Share this post


Link to post
Share on other sites

Doesn't a firewall give a false sense of security? It is better to know what is running on your PC than to trust a firewall (which btw is a nuisance when you install a program that uses not the default ports.). I think you would be safer of with netstat and ps than with a firewall.

Share this post


Link to post
Share on other sites
Doesn't a firewall give a false sense of security? It is better to know what is running on your PC than to trust a firewall (which btw is a nuisance when you install a program that uses not the default ports.). I think you would be safer of with netstat and ps than with a firewall.

Devries, I understand that as obvious, but is always good to point it out. My Golden Rule of my Security is, close what you wont need (that's your point, and by close I don't mean close ports, but remove useless services) and close to the others what you need but you don't want to be accessed from outside (which is what a firewall is meant to do). :D

Edited by aru

Share this post


Link to post
Share on other sites

AFAIK, by default Shorewall drops all unsolicited incoming connections and allows all outbound connections - if you've got the firewall on, and haven't explicitly allowed incoming connections to any ports then you should be ok - in addition it is always a good idea to disable any un-needed services and keep your system updated ;)

Edited by Rainer

Share this post


Link to post
Share on other sites

ok guys and girls

 

I think I got some interesting answers.

 

But definitely, one should take a deeper look some kind of linux security guide to become enlightened to this aspect.

 

Thanks, and be my guests to continue replying to this post, as other users are probably also finding this topic useful! :D

Share this post


Link to post
Share on other sites
the symatec site only scans windows (makes sense ya know). the other two are good though.

 

 

I'd not run any of the scans for months now (since I first got the router/firewall) so did not realise/forgotton at time of this posting this was a winblows only scan - doh! :P

 

Seems though that scans provide a false sense of security. :angry:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...