1
   

Is anyone else encrypting thier hard drives?

 
 
trying2learn
 
  1  
Reply Sat 1 Oct, 2011 09:55 pm
@parados,
I haven't read your posts to know where you are and I was just curious.
0 Replies
 
parados
 
  1  
Reply Sun 2 Oct, 2011 02:26 pm
@BillRM,
Michigan? You think I'm in Michigan?
0 Replies
 
parados
 
  1  
Reply Sun 2 Oct, 2011 02:35 pm
@BillRM,
All your "tools" (or lack of them in your case) will end in New Hope. I am not assigned a static IP. My ISP provider controls the IP addresses. They are assigned to the particular gateway that assigns them to customers. They are not assigned by town but simply by renewal time and available addresses.

BillRM
 
  1  
Reply Sun 2 Oct, 2011 06:00 pm
@parados,
Your always on router IP address should not be changing that often as there would be no point/benefits in doing so fix or not fix with an always on router.

Now as soon as IP6 come online all addresses should be fixed as in the current IP4 protocol you only have 4 billions or so total addresses 2^32 for the whole planet and we are running low and that is way ISPs move their available pools of addresses around however IP6 had 2^126 addresses and all the suns in the universe should had burned out long before we could used that numbers of addresses.

Is not the internet wonderful.............


parados
 
  1  
Reply Sun 2 Oct, 2011 07:09 pm
@BillRM,
Quote:
Your always on router IP address should not be changing that often as there would be no point/benefits in doing so fix or not fix with an always on router.

That has nothing to do with how IP addresses are assigned.
Yes, the lease time is probably 3 or 6 months but I can turn off my router or simply reset the lease from the administration screen at any time with no guarantee that I will have the same IP address when I renew the IP.

Since the weekend is over, I need to reset it anyway so I can open up ports again.
BillRM
 
  1  
Reply Sun 2 Oct, 2011 07:28 pm
@parados,
As I said it could change but your IP assign address is unlikely to change in any short term and once the IP6 standard take over the whole issue will be moot indeed.

Hell if you ask for a 10,ooo block of IP6 addresses all to yourself there would be no reason not to grant then to you no question ask.

Lord what a mess however getting all the hardware on the net to be able to handle IP6 traffic.

I can see a lot of people pulling out their hair out in the next few years and a lot of work around as in tunneling IP6 traffic inside IP4 packets to get around areas of the net hardware that is not yet able to handle IP6 traffic.

This is a one time problem however as 2^126 addresses is more then enough for any future demands even if we burn them as is giving you 10,000 such addresses with no question ask.

Short term leasing of IP addresses concept will be a small footnote in the history of the net.

0 Replies
 
BillRM
 
  1  
Reply Sun 2 Oct, 2011 07:39 pm
@parados,
Quote:
I need to reset it anyway so I can open up ports again.


You need to reset your router to have it open up ports????????

Why........????????
0 Replies
 
BillRM
 
  1  
Reply Sun 2 Oct, 2011 08:11 pm
@parados,
Parados the more I think of your comment about needing to do a reset to open up ports the stranger it seems.

Ok to open a port you tell your router to forward incoming traffic address to that port to one of your computers on your router network.

You then tell your software firewall of that computer to allow incoming packets to that port through and then you make sure that you have the appropriate software/services running on that computer to listen for and then deal with the incoming port packets.

No where do I off hand see a need to do a reset, so what am I overlooking?
parados
 
  1  
Reply Mon 3 Oct, 2011 07:05 am
@BillRM,
Giving out your IP address and telling which services you accept is not good security policy. I closed ports when I posted my IP address here.
Now that my IP address has changed and is no longer public I reopened ports.

It's really pretty simple Bill.

BillRM
 
  1  
Reply Mon 3 Oct, 2011 09:28 am
@parados,
So you fear that just having your address known on this website and having some ports open is a large security concern and yet scanning for open ports can be done covering large blocks of IP addresses space in short order and any new IP address that your ISP will grant you is likely to be not far from your current one.

Seems kind of pointless to me in any case as if you have some security weaknesses in your system changing your IP address so a few people on this website will no longer know it seem not to grant you any significant increase in your security.

Any time your visit a website you are leaving your IP address behind so in short order tens and or even hundreds of websites will know it for example.

If I was all that worry about something getting into my system by way of attacks on my open ports I would just run the services for those ports in a sandbox or take similar precautions.

Hell as a matter of fact that what I do tend to do for running any software servicing an open port.

parados
 
  1  
Reply Tue 4 Oct, 2011 11:39 am
@BillRM,
Quote:
Seems kind of pointless to me in any case as if you have some security weaknesses in your system changing your IP address so a few people on this website will no longer know it seem not to grant you any significant increase in your security.

Of course it seems pointless to you. A targeted system is more likely to be compromised versus one attacked at random.

Knowing what a system is and which services it uses allows for attacking known or unknown security vulnerabilities. Sandboxing doesn't do you any good if you have a buffer overflow vulnerability that allows access to your system.
BillRM
 
  1  
Reply Tue 4 Oct, 2011 12:02 pm
@parados,
You got to be kidding me if you have a buffer overthrow attack on software running in a sandbox that allow someone to run code it would be limited to that sandbox.

That the idea of having a sandbox....................

It not magic you know and what details do we have about your system other then it is running some version of linux and you might had ports such as 500 and 4500 open for running a VPN server.

No details about the VPN software etc....................
parados
 
  1  
Reply Tue 4 Oct, 2011 01:22 pm
@BillRM,
Quote:
You got to be kidding me if you have a buffer overthrow attack on software running in a sandbox that allow someone to run code it would be limited to that sandbox.

Except for when it breaks out of the sandbox.

http://www.nist.org/news.php?extend.238
Quote:
This Java Virtual Machine (JVM) vulnerability and can still be exploited even if Javascript is disable. Normally Java applications are run in what is called a “sandbox”. Within this sandbox the application has very limited rights and can not do damage to your system. But should the application be able to break out of it's protected memory area it then has the rights of the currently logged in user (which more often than not is full administrator rights).

Sun describes the current problem this way:
“A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.”
BillRM
 
  1  
Reply Tue 4 Oct, 2011 01:51 pm
@parados,
Good luck in breaking out of the sandbox type that they would need to defeat without knowing about. Not a sandbox that is part of the software they are attacking. A problem of a whole other magnitude
parados
 
  1  
Reply Tue 4 Oct, 2011 02:01 pm
@BillRM,
Yes, I can create an environment that is completely protected but it wouldn't have access to my system or my files. I'm curious why anyone would VPN into a system that does nothing that they need to do?
BillRM
 
  1  
Reply Tue 4 Oct, 2011 02:28 pm
@parados,
You do know what a sandbox is correct?

Any software running in the sandbox can not tell that it does not had free access to the system however if such a program try to change a file for example the sandbox will bring in a copy of that file and only that file is change. Some thing go for any changes in the register keys and so on

Now you are right you would normally wish to bring files and information out of the sandbox and you can do so either manually or by setting up rules of where on the drive and what file types can freely pass in and out of the sandbox.

For example mp3 files are freely allow out of my sandbox and to my doc podcast folder and jpg are allowed out to my picture folder and so on…………

If I had any question at all about a file I scan it inside the sandbox before I allow it out.

In any case a buffer overflow type attack that run code to try to change a system file for example or place a root kit would be out of luck.
BillRM
 
  1  
Reply Tue 4 Oct, 2011 03:25 pm
@parados,
Thinking of my sandbox I just decided to update my version and needed to granted permission 6 times to my real time security monitoring program before the update was install and working.

Security is always a layer process and no one piece of software is going to grant 100 percents protection.
0 Replies
 
parados
 
  1  
Reply Tue 4 Oct, 2011 07:59 pm
@BillRM,
I don't think you understand what a sand box is.

A sandbox MUST run on top of the underlying system otherwise it isn't a sandbox. A virtual machine is nothing more than a sandbox but it DOES use system resources.

Any program that runs on a system has the possibility of affecting the system. Hackers look for weaknesses to exploit that allow them to access the underlying system. No program is perfect and without vulnerabilities. It would be foolish to think one is. The best defense is to prevent attacks rather than relying solely on your software to stop them.
BillRM
 
  1  
Reply Tue 4 Oct, 2011 10:39 pm
@parados,
Quote:
Hackers look for weaknesses to exploit that allow them to access the underlying system. No program is perfect and without vulnerabilities. It would be foolish to think one is. The best defense is to prevent attacks rather than relying solely on your software to stop them
.

Hackers are looking for the low hanging fruit not fort knox.

So first good luck looking to defeat a sandbox they do not know about not the build in sandbox of a common program they are looking to attack.

Second as I already stated I layer my defenses one on top of the other.

After breaking out of a sandbox or during trying to break out they would then need to deal with my uncommon real time monitoring program that does not allow anything to write to memory or place hooks or drivers on the system or even run for the first time without my OK. Google earth wish to address video memory directly it is block from doing so until I OK it.

Oh this little dear hash everything allow to run on my system and if the hash had change it also block it from running until my ok.

That is the reason that every time I do an update of a program or when microsoft or java etc does an update I need to hit ok any numbers of times as the undated/change exe and dll files first begin running.

Oh just for ice cream on top once a month or so I run Microsoft stand alone scanner that boot from it own CD to look for root kits that are hiding by having the OS shielding them from detection.

Sorry the odds that anything is going to get through all my layers of software security in the real world is near zero.
parados
 
  1  
Reply Wed 5 Oct, 2011 04:48 am
@BillRM,
Quote:

After breaking out of a sandbox or during trying to break out they would then need to deal with my uncommon real time monitoring program that does not allow anything to write to memory or place hooks or drivers on the system or even run for the first time without my OK.

That seems a rather cumbersome way of working. So every time your sandbox has to write something to memory, which would be every time it pulls down information from the net or makes a calculation, you have to leave your sandbox and authorize your sand box to write to memory.

I don't think you understand how a sand box works Bill.
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
Copyright © 2021 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 09/23/2021 at 01:06:38