Is your home network secure, or open to hacker?

I have been hacked a couple of days ago, and reviewed my security up. Here is my experience :

I am running Ubuntu Linux. For my convenience I activated the Remote Desktop capability without paying too much attention to the setup. It turned out I made a big mistake.

Two days ago, just when I was about to go to bed, I saw a pop-up telling my user cablemodem-xxxxxxxx was logging in.

In a hurry I went to disable the capability, disabled my network connection and started my own "audit" of my network. It turns out that the software was using "uPNP" to open port automatically in order for me to connect from the Internet, which I don't need. After deactivating the functionality from the router and the remote desktop server from my machine I reconnected everything.

Not happy by just doing that I dug up a little. I found a tool called "Bastille" that help users secure their Linux (or any other Un*x) with an astounding level of granularity. I also installed some packages named harden, harden-client, harden-server, harden-nids.

My machine is now capable of withstanding about any kind of attack. The amount of running process is limited, firewall installed, and software monitor all my network traffic for exploits and intrusions.

Then I came across that article : Millions Of Home Routers Vulnerable To Web Hack.

Be sure you changed your password on your router, if you do not know how to do it, ask around you for help.

My intrusion turned out to be benign, but it scared the bajesus out of me. Be safe, changes your passwords.

if someone really wants to get him, he will do it

thats the problem

well,
first~ Ubuntu already has a firewall installed 'out of the box'.
but it is "off" by default.
you simply have to turn it on. (and probably should)
If you like a GUI, you can install UFW firewall, it is just an interface to easily turn your firewall on and off.
you can find it in software center.

2nd, you should not have "remote" anything enabled if not absolutely necessary. ( for most people, it is not)

3rd, Yes, Im ' secure.'lol

Glad you caught it before it got out of hand.

just for conversation sake~ what version of Ubuntu you running? 10.04?

The worst part is, most people (especially those running windoze),
would have been clueless.

[edit on 1-8-2010 by Ahmose]

reply to post by Faiol


It's like anti-theft for your car, the point is to make it as painful as possible to get in.

You can choose to leave your car unlocked, with keys in if you want... but I would not advise it. I choose to make it a challenge to get in my network.

reply to post by Ahmose


Yes, 10.04 with the latest updates.

Believe it or not, I worked in and around IT departments for more than 10 years. Stupid miskates happens.

Originally posted by gagol
reply to post by Faiol

 

It's like anti-theft for your car, the point is to make it as painful as possible to get in.

You can choose to leave your car unlocked, with keys in if you want... but I would not advise it. I choose to make it a challenge to get in my network.

and as long as you do make it as difficult as possible,
with soo many people out there being truly clueless,
it does pretty much mean that those who make it difficult wont be touched.
Why bother?
There are billions of open doors just waiting to be 'walked through'. lol

Yes, 10.04 with the latest updates.

Believe it or not, I worked in and around IT departments for more than 10 years. Stupid miskates happens.

niice,

lol, yeah definitely bro.



[edit on 1-8-2010 by Ahmose]

no one is technically "hack-proof" not even the military, they have processes to make hacking into very very hard, but never 100%
Turning your router off though when your not using it if possible is the only way to avoid it.

Originally posted by Quasar_La-Zar
no one is technically "hack-proof" not even the military, they have processes to make hacking into very very hard, but never 100%
Turning your router off though when your not using it if possible is the only way to avoid it.

You can be hack proof (unless someone gets to your computer physically) by not using internet. There is no fun in that though, that is one of the only reason people have computers, unless it is work related.

reply to post by gagol


S&F OP !

I run a dual boot windows xp (because of some programs i need) and ubuntu like you do and i did not know that could happen in Linux .
Thanks so much for Posting that as we are never as secure as we think !

Pardon my (possible) ignorance, but... How hard is it to register MACs of all devices in your house with the router? It's frankly as bullet proof as it will ever get.

Security is an illusion.

There is a window by your locked door. This is true in all walks of life. The illusion of security is simple another control mechanism.

With technology there are a number of ways to access your data. For example, cable is a shared connection that runs standard protocol over a standardized network. That number can by sniffed in several places. This is how viruses propagate so quickly through one ISP.

All wireless protocols are fairly insecure. Don't worry too much about it. Just think twice and pay the $10 for identity theft protection through your bank.

reply to post by buddhasystem


I guess that depends of your router... I did not do it. There is some balance of usability I want to retain.

But just for you, and all ATS friends, I checked on my router.

I went to Advanced, Network filter, and there is an option to turn MAC filtering on and enter the MAC address's. You can DENY by default and then white list your computers, or ALLOW everything and blacklist others.

I have a D-Link router DIR-555.

That router was not cheap and is very capable. Even supports QOS to priorize traffic, a must if you use VOIP like I do.

Hope it sjined some lights on your questions.

reply to post by zroth


Security is a process, a state of mind. Of course a firewall will not help keep you CC safe on Internet.

I like to think Internet is like a street, it's a public place where most people don't like to get naked. You do that inside your house, where you have some privacy and basic security. My home alarm may not stop a thief from entering, but if my neighbours do not have one, the thief is more likely to enter their home first. That does not mean someone with a bulldozer cannot enter my house, it means I make it as difficult as possible, or else my insurance company may not pay if someone breaks in.

reply to post by gagol


I have used Bastille and do like it for the most part. Though in my opinion it does suggest things that go too far. Good thing the prompts give you the options.

Anyway, my network is moderately secure. However the router itself and the modem itself are not very secure.

I will be changing that soon enough anyway as this time I went with the crap the ISP gives out, because my router was about to go.

reply to post by Zaxxon


What I love about Bastille: it let you be as secure as you want/need. But more importantly, it educates the user about vulnerabilities instead of just "installing a package".

Scaremongering....

i have 17 years IT business experience and security is serious big business for businesses... but for the normal personal network????

The chances of a hacker actually hacking you specifically is so remote that it's hardly worth worrying about.

A standard wpa2 encoded network is more than o.k. all you need to do is prevent your neighbor from hogging your bandwidth.

Even then you can do that without encryption anyway by deactivating DHCP and assigning IP addresses to your devices manually.

You are far more at risk from phishing sites or keylogging viruses than actually being hacked.

Rest assures there is solace in the sheer number of networks out there.

I say we should all open our networks and encrypt files instead.

Korg.

[edit on 1-8-2010 by Korg Trinity]

I have a unique situation at my house. I have 4 computer, 2 of which never "sees" the internet and two who are internet bound, then another 2 computers for the wife, and another 5 computer between both my daughters. That's 11 computers at any given moment, then , THEN, I have my boys over and their laptops which can tie into the wireless.

My youngest son set this home network up with a couple of routers, one as a gateway for internet and the other for our own intranet.

The real problem we ran into is MS dumbed down network key codes. XP could use anything up to 64 characters. This makes it very, very difficult to break the encryption because of the number of possible character combinations.

Windows Vista and 7 uses only the letters a-f and numbers 1 through 9 with no other characters. If you read MS propaganda, it's more secure because of higher standards. No, it's much easier to break due to using just 15 characters. There was also a compatibility problem with Windows 7 and XP, which we did find a work around for network sharing.

I think this was done purposely by MS, but who am I to make an accusation about weak security with any MS product.

My youngest son should be the one explaining this as he is a network engineer for a web hosting - data storage site and does whatever one does with refrigerator sized servers and cables. Anyway, we have built in all types of software, more involved than firewalls, for a secure network. It seems to work and I'm really tired of the Chinese Railroad Ministry pinging me several times a day.

reply to post by hinky


You have way too much computers!!! Who I am to talk, I used to have three for myself...

About your concerns I found some explanation:

A wireless network with WPA-PSK encryption requires a passphrase (the pre-shared key) to be entered to get access to the network. Most wireless drivers accept the passphrase as a string of at most 63 characters, and internally convert the passphrase to a 256-bit key. However, some software also allows the key to be entered directly in the form of 64 hexadecimal digits.

It seems that the passphrase is encoded into hexadecimal key (0-9 A-F), and newer versions of windows are only asking for the key. I cannot validate that as I had not used windows for quite a while.

Security-wise it like, potato potahto...

The only real key is education, education, education. Most people are so blissfully stupid of even the simplest measures that I can break their WEP protected wireless and compromise their computer before I can finish a single cigarette. Every day tons of people without a shred of common security sense click links in their email and infest their computers with all manner of nastyware. I could lock a network down and still have an uneducated user bring the entire thing crashing down around my ears because they don't know any better.

If there is one thing that would benefit every man, woman and child on this planet it would be to have to take an introductory course to computer security from the end-user standpoint. Just being aware of the risks would decrease virtual casualties; people might actually run updates, use strong passwords (and not write them down on a sticky note), challenge people who seem suspicious (social engineers) and the like. But unfortunately folks like to skate through life and not have a care because there is always some dutiful IT employee waiting to fix their easily prevented mistakes.

reply to post by hinky


Hinky, your son needs to really help out,
and get some Linux going on those machines. lol
Seriously, that many PC's, and all controlled by MS?

Seriously man, You should look into Ubuntu,
best Linux OS out there.

and better than any OS out there, Period. lol

My Dad and his family, altogether had 8 PCs, all running windoze to, they were all kinda iffy about ditching it to use Ubuntu (or anything new),
but I converted them all,
and completely killed MS on all of them
and they are loving it, and doing great with it!

[edit on 1-8-2010 by Ahmose]