The safe 3. profile configuration.?

[Jakob77]

CharlesV

Thank you. That was also very interesting.

If the phone had attacked clients instead of the server and the goal was to steal data, how much safer do you estimate the clients would have been if they were using a profile with no important private data.?

[CharlesV]

CharlesV

Thank you. That was also very interesting.

If the phone had attacked clients instead of the server and the goal was to steal data, how much safer do you estimate the clients would have been if they were using a profile with no important private data.?

Well, if the goal was data, then a profile with no important data would thwart that attempt.

In my experience there are two actual threat areas:
1) The user profile data, and
2) Data in other areas on a machine

Data that matters can be everything from passwords, bank and other data saved in the profile or browsers...(saving data in a web browser is a HUGE problem for most people - yet many never think through this! ) ... all the way to saved statements and or text files. And in today's environments ransom data (pictures, documents and mail as well - ie data you want, but holds no real 'privacy or $ value'.)

Encrypted partitions can help this - and especially the sideways hit! However if your ON your computer or logged in at the time, then your still vulnerable. Your best protection, in my opinion, is to a always have your machine locked if not using it, and then store any data of a real nature in an encrypted, locked vault.

There are many lengths that a person *can* go to and be safer, the question is always what that person is willing to do, and then what methods and tools they choose. The reality is that many people just dont know, or dont protect themselves from whats out there. I have quite a few 'tech talks' with businesses about security and the current threats and every single time I have people approach me afterwards to get more info and tell me how shocked they are and never realized.

[Jakob77]

CharlesV

Thank you again.
It seems like if I am using a safe profile it is mostly 2 and sideways hits I have to be concerned about.
Do you agree if I say that is where the firewall can make the biggest difference because it is supposed to reject all input that is not sent to the active profile.?

[CharlesV]

I have not read much about the firewall that comes with MX, however most firewalls are all about incoming and outgoing protection and not about sideways activity. In the cases I have seen, once someone got ahold of a profile, the machine was compromised and all areas of the computer were compromised - other than encrypted partitions that were not open at the time.

[Jakob77]

I see now that I did some wrong assumptions about side attacks.
It is much more complicated.

Side-channel attack
https://en.wikipedia.org/wiki/Side-channel_attack

I don't understand much of it but they don't mention the internet.
Is it more a local network risk if a client has installed a bad program.?


If I close Firefox and log out from a profile I expect the firewall to stop all further inputs from the internet to that profile.
I don't know if it actually does that but in your opinion is it wrong to expect that from a firewall.?

[CharlesV]

I see now that I did some wrong assumptions about side attacks.
It is much more complicated.

Side-channel attack
https://en.wikipedia.org/wiki/Side-channel_attack

I don't understand much of it but they don't mention the internet.
Is it more a local network risk if a client has installed a bad program.?

A compromised computer on a network could have consequences both local to the computer or to anything on the network. ( depending upon how the other computers are setup, how the network is setup and how protection on that network is setup(or... not setup.))

This is HUGE topic.. and once network sharing starts to take place the topic expands rapidly!

If I close Firefox and log out from a profile I expect the firewall to stop all further inputs from the internet to that profile.
I don't know if it actually does that but in your opinion is it wrong to expect that from a firewall.?

Yes that it wrong.

You have some reading to do :-) Firewalls, how they work, what they prevent etc is far too wide a subject for here.

Basically, a firewall prevents or allows traffic coming in and out of the network connection of a network or computer. Incoming is fairly easy, but outgoing is not, and either when incorrectly setup can decrease security. But a web browser is a user requested action, and in order to function properly IPTables must be setup properly to really map out what you want - and even then, there is a method to slip through these channels.


But, a firewall does NOT prevent things from happening if something reaches your computer - And, much of the time the user has requested something (usually not intending too, or doesnt know better, or something with a hidden 'payload' was brought in), which could havoc ON the machine.

Often, something is downloaded or has infected a web browser, is then local and has the ability to do something on the machine. ( including possibly jumping profiles, infecting a machine etc.)

If you have multiple profiles which are not encrypted, then you have the potential for one user to 'infect' or have other profiles affected by something.


Some links for you:
https://www.fortinet.com/resources/cybe ... y/firewall

https://phoenixnap.com/kb/iptables-tuto ... x-firewall

https://itsfoss.com/set-up-firewall-gufw/

And there are many more useful tutorials out there.

[Jakob77]

CharlesV

Thank you.
You are right it is a huge and complicated subject.
I want to measure how much safer I am with my new configuration but I realize now it is not possible.
I am sure it is safer but not how much. It will all depend on what kind of attack.

When I turn off the internet connection and log of from the profile (use log out instead of switch user) I believe it is safer than before.
Also if I log on to another profile and restart a internet connection from there.
But it will not protect against any attack.
The only real solid protection available is to be off-line.
Therefore it is actually my main strategy to be off-line as much as possible (especially Friday the 13. lol).
And when I am on-line for entertainment it is always on a computer with almost no private data and using a profile with even less private stuff.

If we look at the internet connection most people just wants it to be as fast as possible but not me. I don't want any more speed than I need mostly because I believe more speed will make it easier for a cracker.



I can turn the internet connection off by:

1) using nmcli

2) deactivating the network

3) use a mechanical switch on the computer


3 is very unpractical and I don't know a command for 2, so I use 1

Am I in your opinion right if I believe 1 is enough or should I better look for a command for 2 ?

[CharlesV]

You forgot one ... turn the computer off.

While your effort to turn off networking is good for being safe, its really only doing a little for safety, unless your computer is on a hostile network. (or a very busy one that you want to protect against.) And right here is where a firewall, properly setup will help you.

However, if you look at a simplified list of the attack vectors for computers, you will find they are:

1) User actions - clicking the wrong email, going to the wrong web site, downloading something bad, installing something.

2) Network attack - typically from the internet, but also from other computers on the same network.

3) Supply chain – updates to the OS, or some application already on the computer.

4) Connected media – a pocket drive, network share etc.

And the largest issue by far is #1 above, depending upon where you read, its nearly 95% of the problem. So, truly “locking down” a computer is really mostly about protecting the user from themselves, which presents a real challenge for a busy office or person.

As far as I can tell, your 3 profile idea is to keep one profile from being affected by another, restricting rights along the way. While this works for a restricted user, the real task is to not allow users to *have* the ability to affect the machine - not really 'turning the machine's networking off'. Although, no network is a good step for preventing #2 above :-)


The best thing I have done, in my opinion, to combat the “user issue” is to not provide them with the ability to *have* any chance to infect a computer. Second to this is to *highly* control things like email and web site use.

Using a specially built liveUSB, without persistence, (even better, written to a CD/DVD) you can provide an environment that they cannot hurt. The next chore is to have an area where they can create documents, and files they need to keep – all heavily watched, scanned and monitored by some OTHER clean machines processes. And then move critical work areas off to cloud or other highly controlled computers.

I have gone as far as to create VM’s which are highly tailored to use for a specific person, then when they log out, the VM image is destroyed, and a new image recreated for them for their next use.

[j2mcgreg]

@Jakob77

It would help us a lot to know, in general terms, about your situation. Is this for your own home network? For a small business? For big business? For a group sharing an internet connection? etc

[manyroads]

I am the only one to ever use the computer, so, not common here. One user with pass. People who come to visit can get my Wi-Fi pass, and use their own stuff. I don't like other folks using my things so no-one gets to touch it, unless I am dead.

I think @Eadwine Rose has the much more common setup.
I never, never, never let anyone onto my machine unless I am sitting with them and watching every keystroke. Like Eadwine, I don't care who uses my machine when I'm dead.