Re: Security for Traveling?

There is a small amount of fire walling with ufw (Ubuntu Fire Wall), which will probably serve you well.

When you connect at a wifi hot spot you can make grc.com your first stop and run "ShieldsUp!" on "ALL" your ports (1056 of them). If it shows you all green boxes you're good to go. If it doesn't then a firewall is in order. You can install the gui to ufw, called gufw. Or, you can install one of the other GUI interfaces to iptables.

GuardDog is the KDE gui to iptables, not to be confused with GuideDog, it's NAT/ipforwarding assistant.
KMyFirewall is another KDE gui.

Some like Shorewall, which is not a KDE app.

Re: Security for Traveling?

*buntu distributions come with a built-in firewall and you can study iptables if you really want to geek out. Also, your hotels will probably have a firewall with the wifi router. If you'd like to test your firewall security, there are a number of online tools you can use, such as:

https://www.grc.com/x/ne.dll?bh0bkyd2
http://www.auditmypc.com/
http://www.pcflank.com/

This is a question I have considered in the past. I am pretty convinced that as long as the sites you are logging into provide decent encryption you are okay and you have setup your email client with secure encryption for both incoming / outgoing email and you don't accept any spooky looking security warnings (even with unecrypted wireless hotspots). Of course, there are no givens. I have done important work on my laptop running *buntu at unencrypted wifi coffee shops for the past two years or so and I have gotten away with it. I don't do this anymore because the stakes are too high, I'm slightly paranoid and I can tether my cell phone. However, I would do it in a pinch and not worry too much.

Just beware the lurking, overcoat-wearing packet sniffer in the corner

And, beware Google :

http://www.bit-tech.net/news/bits/20...ifi-sniffing/1
http://www.consumerwatchdog.org/corp...?storyId=35100

Re: Security for Traveling?

Hi...

I would be inclined to think that you're good to go as is. Kubuntu already comes with a firewall installed (be sure it's configured properly) and the vast majority of computer viruses are coded for Windows. I'm not saying there aren't threats out there (for linux,) just that I think they are quite rare. However, if you would feel better about having security software installed, there are a few antivirus programs out there for linux. However, you mentioned that you are going on a business trip and the ones available for free are for private, non-commercial use only, except for Clamwin or ClamAV, which doesn't have a realtime scanner.

If you have a 32 bit system and don't mind paying for a license, Kaspersky is one of the better ones out there.

But wait...

If you don't mind your system playing the role of a guinea pig, you can try the linux beta of NOD32 here. There are version for 32 and 64 bit. I don't see anywhere on the page that it's only for private use but you should contact them just to make sure.

Hope this helps...

Regards...

Re: Security for Traveling?

ALL GREEN BOXES on your PC from grc.com's "ShieldsUp!" means that your box is NOT even responding to the first SYN-ACK. Most hackers run a kind of "war driving" program which cycles through IP addresses by incrementing a counter and then trying a handshake on some ports which their tool is pre-programmed to attack. With all green boxes their blind assault yields no response to their first ACK, so their program assumes no PC at that IP address, increments the address counter and moves on to another PC. When your box don't even acknowledge their first SYN-ACK with an ACK they have no choice but to move to the next IP number in their counter. Green boxes also prevents trench-coat types at wifi hotspots from hacking into your PC through your wireless. And, to create an ad hoc link with your box requires your help, so don't help, and don't put your wireless into a promiscuous mode.

That leaves one other threat, email, which is no threat at all if you do not a) save the attachment, b) mark it executable, c) run it. Without those three steps an email attachment in Linux is just extra bytes hanging off the email.

Re: Security for Traveling?

Gibson is a true and (likely) unequaled 'resource extrodinare' of the highest order. The guy is just flat-out good. Period. I purchased his Spinrite v6.0 program years ago. This guy knows computers - really knows computers. His company, and the apps he has made available are very, very, very good.

Results of All Service Ports ShieldsUP! scan on my laptop:

And that with only the default IPTables that comes with U/Kubuntu installation.

Re: Security for Traveling?

Hi all...

Disregard, I will post a new thread.

Regards...

Re: Security for Traveling?

What's the big secret? I'm dying to find out!

Re: Security for Traveling?

I was just trying to be a little security conscious.

Disregard anyway, i will start a new thread.

Regards...

Re: Security for Traveling?

Sorry, I guess I don't get it - still don't know what port. However it sounds like you should set up a firewall if you don't have one already. Anyway, you need to have some port open to use the internet.

Back on topic: For travelling I would think that it is enough to invoke iptables like GG is sugesting. I personally rely on a good firewall in my router, but if I was travelling I would do "sudo ufw enable" first. More here.

Re: Security for Traveling?

Hi...

Disregard, I will start a new thread.

Regards...

Re: Security for Traveling?

I see, you're looking at the Shields Up service. (Nice service by the way.) I get a red one there too, but it is meaningless. Perhaps this is the same situation as you have.

In my case the port is 23 which is for telnet. For some reason that one is always focused on as being "bad". What is not considered is that almost every box from here to there has an open port 23 because no sysadmin is going to get in his car and drive up (in the snow) to some mountain top to reset or reconfigure some router while her customers are waiting for the service to come back on. That is why telnet is there and is not going away. I notice that a lot of equipment used by ISPs has a built in telnet server.

The telnet port that Shields UP is seeing is far from here. I know that because they also take my IP as 66.244.241.250 which is my outward facing IP. That is the same IP as all the other people in my town. It is also the same one that all the people in the next town up the valley have. That IP is about 5 hops, and probably 3 firewalls, from my computer, so I am very unconcerned about what Shields Up finds there as long as it is managed properly by the responsible sysadmin - and it looks like it is.

Edit: I'll follow ardvark71 to the new thread.

Re: Security for Traveling?

Thanks, Ole.

Re: Security for Traveling?

Err, I don't know a single sysadmin that still uses plain telnet for remote connections (unless they are using a secure tunnel, and even then the use of telnet is an exception rather than a rule).

The (plain) telnet protocol is very insecure, and it is nearly always preferable to use more secure methods of remote access, like telnets (telnet over ssl) or ssh.

Re: Security for Traveling?

I'm just reporting what I see. Perhaps some stuff responds to both and the admin has a choice - I don't know. The radio on my roof which contains a MikroTik v3.30 unit responds to telnet and so does a lot of other stuff around this neck of the internet. All fairely new equipment and I notice MikroTik is dominant. I guess what's a problem for some, isn't for others. Nobody's hacked my radio yet and the network keeps on going just fine around here. However, nobody knows where Coalmont is, so perhaps it's security by obscurity.

PS: I think we're had this discussion before, but you are welcome to try my outward facing IP: 66.244.241.250 so you can see for yourself.