How to hide/anonymise/defend a computer when on hostile networks

networkingprivacySecurityservices

I connect to a lot of open networks when I'm pootling around. I'm fairly careful to VPN home for anything important but that's not really my boggle. The laptop runs several services (nfs, dev http server, samba, avahi).

Not only do I not want people on open networks connecting to these services, some of them (samba and avahi) are extremely slutty and advertise themselves all over the place to other computers.

I also don't want my computer name available in public places. I already rotate random MAC addresses so hotspot owners can't track where I go on a day-to-day basis. Yeah, I'm pretty paranoid sometimes.

Is there any way I can stop these services communicating (either way) on any network that isn't home?

Best Answer

This sounds like a job for dramatic pause, Iptables!

You can drop packets for those services using the OUTPUT chain, and can use the INPUT chain to block people from communicating with these services while still allowing yourself to communicate with them (eg. Via loopback address).

There are enumerable howto's and documentation pages out there about configuring Iptables, so I won't go into extensive detail here.

Related Solutions

PS Command Security – How It Hides Passwords

ps does not hide the password. Applications like mysql overwrite arguments list that they got. Please note, that there is a small time frame (possible extendible by high system load), where the arguments are visible to other applications until they are overwritten. Hiding the process to other users could help. In general it is much better to pass passwords via files than per command line.

In this article it is described for C, how to do this. The following example hides/deletes all command line arguments:

#include <string.h>

int main(int argc, char **argv)
{
    // process command line arguments....

    // hide command line arguments
    if (argc > 1) {
        char *arg_end;    
        arg_end = argv[argc-1] + strlen (argv[argc-1]);
        *arg_end = ' ';
    }

    // ...
}

Look also at https://stackoverflow.com/questions/724582/hide-arguments-from-ps and https://stackoverflow.com/questions/3830823/hiding-secret-from-command-line-parameter-on-unix .

Linux – How to defend against a Live USB computer hack

Don't allow USB access.

Truth is that if someone has physical access to the machine, there's not a lot you can do. In this narrow case your best bet is to disable booting to USB and lock the BIOS (or whatever EFI setup utility is being used) with a password. It's a bit like putting a pad lock on a garage door, there are ways around it, but it's an easy step that keeps honest people honest.

Best Answer

Related Solutions

PS Command Security – How It Hides Passwords

Linux – How to defend against a Live USB computer hack

Related Question