Sunday, November 12, 2006

Recurring interests, (useful?) obsessions

Several times, over the years, I've become interested in computer security. Each time, I eventually wound up getting tired of the subject and consciously decided to drop it. Security being just an illusion anyway, why not move on to something more entertaining?

For example, seven or eight years ago it occurred to me that computer security at work was lacking because senior management and employees generally didn't place much importance on it. Everyone thought things were fine because we had a perimeter firewall and Norton anti-virus. I did what I thought I should do to raise awareness, but wound up pissing off the poor security manager (at that time it was just a grunt position with no authority) so I backed off.

A few years later I had a run-in with a scamming fraudster. During this episode I again became interested in computer and network security. I learned a little about packet sniffing, port scanning, protocols and so on (emphasis on a little). Eventually, after failing to resolve multiple signs of unwelcome guests in my computer, I simply nuked it and all backups, adopted a new paradigm and left my sniffers and scanners behind. I still tried to practice safe computing, but paranoia gets tiresome.

My most recent interest in cyber security was sparked by a little toy I bought a few months ago, DU Meter. One night I decided to start DU Meter's stopwatch before going to bed. The next day I was surprised to see that there had been a lot of outbound traffic overnight. (I might have mis-read DU Meter. I've not seen such a thing again.) I could understand occasional inbound peaks from automatic updates to this or that, but an unattended outbound peak seemed, well, interesting.

Now I've got a few new toys and interests. I replaced my router with an old 600 MHz PIII computer running the Smoothwall firewall. I've learned how to run the tcpdump sniffer on the firewall machine, how to transfer the capture file to a PC, and how to analyze it with Wireshark. I've learned how to compare what's captured on the firewall machine with what's captured on the PC using Port Explorer, and now I'm assisted by the macro functions of my new text editor, EditPad Pro. Along the way I became interested in "regular expressions" and now I've started doing the tutorials to learn a little Python programming.

I've also upgraded my internal network to gigabit, and converted another old computer into a network file server using NASLite+. It's just the main PC and the NASLite box that are running gigabit so far, but the cabling and switches have been changed out.

When I set up the Smoothwall box, I included the unprotected DMZ option. I keep thinking about getting another old PC to set up a honeypot in the DMZ, but I don't think I'll go there (at least not yet). Any script kiddie can run circles around me, and while a honeypot might be interesting, so are matches and gasoline.

I won't go into the books I've started reading but not finished, or the various things I should be doing but am neglecting. Hey, I'm getting old, OK? I'll do whatever the hell I want, responsibility be damned. (I can't believe my KMA day (Kiss My Ass day - early retirement eligibility) is less than four weeks away!)

OK, now for an hour or so of Python tutorials, and maybe some paying attention to the world. Bye!


jj mollo said...

Congratulations on your KMAD.

I'm in the process of building a new computer. Do you have any advice for what software I should install.

My nephew, who has some sort of web space company, tells me that the best way to protect a network is to make data pass through an Apple computer before getting to the PC network.

Steve said...

Thanks JJ.

I had not heard of using a Mac that way, to defend a network. I'm no expert, and I've unfortunately not been a Mac man since the stone ages, but I gather the Mac is pretty strong and has its roots in Unix. In that sense, I suppose that's roughly equivalent to what I'm doing with the Smoothwall firewall, except that with Smoothwall it's Linux rather than Unix, and the Smoothwall machine is dedicated to that function (which I gather a Mac probably would not be).

I don't know. In my ignorance, if I had a Mac, I'd still protect the network with a dedicated router/firewall and place the Mac there, just like any PC, protecting itself from whatever might get past the firewall.

Software? I'm running Kaspersky Internet Suite 6 for anti-virus and firewall, along with Windows Defender. Seems fine. My kid bought Windows One Care from Microsoft, which seems fine, too. He and I are both prejudiced against Norton, which I've run a lot before.

I don't run an email client any more, opting instead for webmail (I use GoDaddy and Gmail, both of which seem fine. The only disadvantage is speed, but I'm pretty slow anyway.

Are you going to go with Vista? Now that I think about it, you didn't say you were building a Windows box, just a box. Are you going to go with Windows or Linux or Unix or...?

Good luck with the project.