• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Are You Paranoid About System Security?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
AngelfireUk83

AngelfireUk83

Member
Joined
Nov 7, 2004
Right just wanted to know if all or most of you take system security a major deal I sometimes do I always make sure I'm up to date with the latest virus defintions and security patches. But do you go that little bit further I know people who IP blockers in there system along with Virus scans & firewalls.

Out of 10 what would you say you are hmmm I'm an 8 I reckon sometimes I do miss updates for about 2 weeks I don't have any auto update turned on I like to know whats downloading first.

Oppps that makes me a 9 then.
 
people are too paranoid, no one gets hacked unless they **** people off.

hackers don't give a crap about some dolt on a cable connection. they go for valuable targets with information/bandwith thats usable.

if someone was REALLY hacking you, definintions and security logs wouldn't do jack, they would have a private exploit.
 
hackers don't give a crap about some dolt on a cable connection. they go for valuable targets with information/bandwith thats usable.
Click to expand...

Then all those spams I get from broadband users machines must be a figment of my imagination
 
klingens said:
Then all those spams I get from broadband users machines must be a figment of my imagination
Click to expand...

You could also list all the trojan bot nets that are used in DDOS attacks too. People trying to exploit your box on your cable connection is real, it is not a figment of peoples imagination:eek:
 
i like my network configured like a crab, armored up the wazoo on the outside, soft on the inside. However, a setup like that do not protect against trojan/exploit being downloaded by the internal users and infect the whole network, or worse, having a hacker use the internal network. To be bluntly honest, how users operate their workstation is more important than anything else. Yes, it is possible to remain relatively virus free if a user knows what he or she is doing without having a virus scanner/cleaner. I ran a windows 98 box for over 5 years without reinstall, and the longest uptime was over 6 weeks. load a system full of real time background processes degrades system performance and increase chance for instability. for home uses, especially gaming, this is not a good way to go about things.
 
elfiena said:
i like my network configured like a crab, armored up the wazoo on the outside, soft on the inside......
Click to expand...

Here, here. I agree except I run an anit-virus (AVG free edition) and nice little trio of spyware protection (Spybot, Ad-Aware, Spyware Blaster). Lock the outside world out with a good hardware firewall, use NAT, and with a little configuring, you're good to go.

However, on clients networks, it's all about Fort Knox. Active Directory, DNS, DHCP, Domain Admin is the only one with "god rights", Norton AV Corporate edition, etc etc etc.

So I'll average myself out to an 8.

BTW: Attacking home users for hackers is like adding an army of zombie machines versus attacking a big corporation single handedly. If one hacker can make a trojan that will do search, infect, and deploy, he can hit with much more power as greats masses of machines send their DOS/Brute force/flavor of the month simultaneously. There have been numerous examples of this in the news over the years.

For instance, I believe one of these attacks that happened sometime last year forced Microsoft to redesign their windowsupdate website, software, and access methodology. Thus, v5 was born and you get a 404 when trying to access http://windowsupdate.com/ when using IE.
 
Paranoid? No.

I do enjoy setting it up though (does that make me weird?)

A 1-10 scale is difficult to use.. for example, at home, I would rate myself a 7 or 8... Fairly secure, not very many services exposed, but less maintained due to lack of process.

At work, I would rate us about a 9, still with room for improvement. A lot of services are visible, but a patching process, solid firewalls, and other controls are in place... however, even in our ideal 10/10 situation, attacks would still get in. We had an intrusion the other day, resulting in a rootkit from a customer's phpBB2 that had a vulnerability.. We caught it quickly, but it's a real big resource hog for mitigating the attack, rebuilding, and incident investigations.
 
I would post but I'm not sure who's listening......


I would have to say I'm about a 7. I like to have my antivirus and antispams up to date but my apparently relaxed ability to use the Windows firewall without panicking reduces my score :-D
 
I never update :-/ i dont run anti virus, no firewall :D I go old school.
Firefox + Spybot = gg

If you are going to be hacked, you will be hacked, nothing you can do about it. Firewalls will only delay it for a very short period. As above, only people have something the hackers find worthwhile to waste there time trying to get are going to get hacked.
 
ps2cho said:
I never update :-/ i dont run anti virus, no firewall :D I go old school.
Firefox + Spybot = gg

If you are going to be hacked, you will be hacked, nothing you can do about it. Firewalls will only delay it for a very short period. As above, only people have something the hackers find worthwhile to waste there time trying to get are going to get hacked.
Click to expand...

Well it actually works like this:

No firewall = door open

Worthwhile = zombie computer (DDOS attacks, proxy for illegal activity, etc...)

you = unlocked house with a sign on the front door saying come right in


I do agree with your statement about that if a profesional wants into your system they are going to get in. What I don't understand is why you would leave your front door open so that any newbie/script kiddie can get in:confused: My advice is to start at the very least start using a router (locking your front door). script kiddies are constantly scanning the net for computers just like yours:eek:


Have fun being a zombie;)
 
su root said:
We had an intrusion the other day, resulting in a rootkit from a customer's phpBB2 that had a vulnerability.. We caught it quickly, but it's a real big resource hog for mitigating the attack, rebuilding, and incident investigations.
Click to expand...

hehehe time to switch to OpenBSD :p

ps2cho said:
If you are going to be hacked, you will be hacked, nothing you can do about it. Firewalls will only delay it for a very short period. As above, only people have something the hackers find worthwhile to waste there time trying to get are going to get hacked.
Click to expand...

I beg to differ, it's exceedingly difficult to break into a properly configured OpenBSD box, and even if there is a case of breakin, you are "jailed" by chroot and can't access most of the resources. There are ways to make a box impossible to be rootkited. For example, install the kernel and all binaries on a CD, load the OS from a CDROM, or even better, use a ROM board.

The point of rootkit is that it replaces your old programs with trojans, but when an os boots from a media that is impossible to be written to, all you have to do is check the configuration files and remount. You can't do that with windows though :p
 
Xenocide said:
people are too paranoid, no one gets hacked unless they **** people off.
Click to expand...

I must have ****ed a ton of people off that I don't know about, cause every hour i'm getting a trojan blocked out.

I'd say my protection level is a 7. I run Norton AV and internet security, along with several spyware programs. But I havn't updated to SP2 yet, i'm afraid of what it may do, or not do.
 
Last edited:
Not sure how I would rate myself

I run Avast Home Edition, Pest Patrol Home Edition, Ad-Aware SE Pro, hardware firewall with NAT, and Windows firewall. I was running NIS 2005 for a while, but was constantly gettin false attack attempts in my logs. They never matched my routers logs, and most of the time that I was getting the attacks showing up in the logs, the only IP that it would show was my router. After seeing what most of the free anti-virus scanners would do compared to anything by Symantec, I have lost all trust in Norton products. I have even started using Acronis TrueImage for my backups instead of Ghost. After seeing my girlfriend try to save her resume to the computer and see Norton prevent the save of a Word file, I have started to think that they are just getting sloppy these days.
 
Kendan seems to be one of the few with the right idea in this thread. I don't quite follow the logic of all of you guys who slack off on security or say it's a complete waste of time because "a professional hacker will get in no matter what". That way of thinking can only harm your PC - and the Internet as a whole for that matter...

Sure a skilled hacker probably could get in, but the idea behind routers is to hide your IP in the first place. At the very least it will stop 99.9% of the no-talent script kiddies out there, which IMO are a bigger problem than the "real" hackers.

I'm probably a 7 or 8. I run an IPCOP box which I constantly monitor the log files of, I run a program to block known bad IP ranges from my system, run AVG, always updated WinXP Pro, and weekly scans with several anti-spyware and anti-trojan programs.

I also think smart computing is more important than running every scanner under the sun, but that doesn't mean there aren't certain steps/actions EVERY user needs to take. Especially if they have broadband.
 
Mr. Chambers said:
Kendan seems to be one of the few with the right idea in this thread. I don't quite follow the logic of all of you guys who slack off on security or say it's a complete waste of time because "a professional hacker will get in no matter what". That way of thinking can only harm your PC - and the Internet as a whole for that matter...

Sure a skilled hacker probably could get in, but the idea behind routers is to hide your IP in the first place. At the very least it will stop 99.9% of the no-talent script kiddies out there, which IMO are a bigger problem than the "real" hackers.

I'm probably a 7 or 8. I run an IPCOP box which I constantly monitor the log files of, I run a program to block known bad IP ranges from my system, run AVG, always updated WinXP Pro, and weekly scans with several anti-spyware and anti-trojan programs.

I also think smart computing is more important than running every scanner under the sun, but that doesn't mean there aren't certain steps/actions EVERY user needs to take. Especially if they have broadband.
Click to expand...

Well, the reason behind lacking internal security is as following:
1) Unified firewalling
if you have a hardware firewall already running for the entire network, there is really no point running software firewall on each and every workstation on your network, waste system resource as well as increase ping time.
2) do you really need this?
i suppose if you want, you can stick a hub between the cable/dsl modem and your router, then connect a box to the hub specifically run packet fingerprinting software to identify exactly what type of attack, who is attacking, what kind of software is that person using. however, it is just as easy to send a packet with spoofed IP address or attack from a hacked host. So IP based firewall rules are pretty much useless.
3) "ok, i got this logged, what do i do now?"
you can e-mail the business and/or isps the attacks originate, however it is entirely pointless in doing so unless the attack originate from the same ISP as yours. In most cases, IT managers ignore such e-mails. if you get ddosed, the most you can do is call up your isp and have them route away the attack. it doesn't matter if you block packets when data still being routed toward your host. your downstream will still be clogged.
4) NAT doesn't automatically forward incoming connections.
in order for a hacker to break into your network, he/she has to go through your router first since if you don't set up port forwarding, there is no way for them to establish connection to your internal network.
5) Trusted users.
if you run a network for your home, it is far better to educate everyone on your network rather than dedcate lots of network resources to run managed server solution, it is far better to not download the trojan at all than having the said trojan installed and running, then to be discovered and promptly removed. the later solution also doesn't guarantee that the said trojan wont attach itself onto the OS. no matter how new your virus/trojan difinition is, there are always custom jobs that can bypass the anti-virus programs.
 
there is a huge problem in the UK at the moment with 'zombie' PCs, about 1million and rising at the moment! They exist because people dont update their virus definitions, don't even bother with the windows firewall. They are attacked by pros using net scouring bots that dump sleeping trojans on your machine to genetrate Spam and to be used in DDOS attacks. Securing your PC is not a huge hassle and must be worth it if it saves only one reinstall
 
I am not paranoid, but I am vigilant and security consious.

I take the time to minimize the risk (basic firewall, and non stupid browsing and running unknown files), so I do what I need to to avoid becoming a bot, but thats it.
 
Never paranoid, well for myself atleast. Other people on the network (well, the only other person is my sister) I try to keep safe... why? because I trust in my own decissions, but I can't always trust hers on what to click and what not to.

I don't run an antivirus at all, no software firewall, no windows firewall, I'm completely open to my LAN. I have a smoothwall, which I trust with all my heart, even though I have a couple ports forwarded to me for torrents and some dcc.
 
I don't run software firewalls, but they have their uses - as they can detect when a trojan is sending outgoing packets, which consumer hardware firewalls.

I also didn't mean to imply I used IP-based filtering on my firewall, although it wouldn't hurt either really - I just meant I use a program such as SpywareBlaster to filter out known malware from my surfing.

Bottom-line is there are certain things that every user SHOULD do, and if they would - the internet would be a better and safer place. Then again, if that happened I wouldn't get as much business ;)
 
elfiena said:
hehehe time to switch to OpenBSD :p



I beg to differ, it's exceedingly difficult to break into a properly configured OpenBSD box, and even if there is a case of breakin, you are "jailed" by chroot and can't access most of the resources. There are ways to make a box impossible to be rootkited. For example, install the kernel and all binaries on a CD, load the OS from a CDROM, or even better, use a ROM board.

The point of rootkit is that it replaces your old programs with trojans, but when an os boots from a media that is impossible to be written to, all you have to do is check the configuration files and remount. You can't do that with windows though :p
Click to expand...
The system that got hit was a RedHat AS 2.1 box, with a chroot'd apache process. Although the rootkit was running, the system was not vulnerable to it, so it was successfully jailed to a specific apache user in the /tmp partition. BSD Jails would not have made any difference in this case... although we do make use of them on about 40% of our production systems. Lesson learned: Mount /tmp as noexec (and, as learned many times before, never trust customers as far as security is concerned).
 
You must log in or register to reply here.

Similar threads

rainless
nofltr Developer Diary
Replies
1
Views
132
rainless
rainless
TerranBrackiatt
September 2022 internet issues
Replies
1
Views
564
The_Jizzler
The_Jizzler
mackerel
Arc A380 impressions
Replies
7
Views
751
Niku-Sama
Niku-Sama
Al_bundy
Alucryl - 3DFX - CNC - Retro pc
Replies
2
Views
376
EarthDog
EarthDog
Zuzzz
SOLVED BIOS Update Mishaps. . . and its not what you think....
Replies
2
Views
949
Zuzzz
Zuzzz
Back