Making Irix safe for Internet Banking

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
indy_tigger
Posts: 58
Joined: Sun Apr 24, 2005 1:19 am

Making Irix safe for Internet Banking

Unread postby indy_tigger » Mon Nov 13, 2006 10:30 am

Hi,

I currently Internet Banking from my Xp PC (nod32,router and firewalled) and was wondering if It could be safer under Irix or turn another PC into an up to date Linux box?

The XP machine is used by all and even though I can tell them what to watch out for I rather not risk it anymore.

Only I use my SGI machines and are connected to the net via a router, but it's a system I know much less about than XP (even though I had one a while :0) ) so I not worried about local exploits only remote access exploits that can install "naughty" software on my machine.

Chances seem pretty slim on my SGI boxes being exploited but I would like any input you guys might have.

Wise or Not?

Cheers

User avatar
foetz
Moderator
Moderator
Posts: 6592
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Unread postby foetz » Mon Nov 13, 2006 11:41 am

of course irix is the better choice by far.
there's no spyware, adware, virus, trojan whatsoever.
further if you're the only user it's the better bet anyway.
if you're really concerned run the browser as some very restricted user only used for that.
you could also use a proxy to suppress several information transmitted normally and you could tweak some stuff inside the browser. mozilla's about:config for example.

User avatar
pub_bronx
Posts: 179
Joined: Fri Jan 13, 2006 10:39 am
Location: Switzerland

Unread postby pub_bronx » Mon Nov 13, 2006 11:44 am

Hello indy_tigger,
I'm running IRIX 6.5.27, and I use this box for all my e-banking (I come from Switzerland ;-) ). Maybe I'm a bit naive, but since your transactions are encrypted (ssl, https,...), and you box is secured (the unused ports are close), I don't think you have much to fear, do you?
Of course, as always, if someone really wants to bother you...
Hope this helps,
PB
Octane R14k 600MHz, V6, 2048 MB RAM, 73GB HD0, 18GB HD1, 73GB HD2

indy_tigger
Posts: 58
Joined: Sun Apr 24, 2005 1:19 am

Unread postby indy_tigger » Tue Nov 14, 2006 10:04 am

Thanks for the replies, I was pretty much convinced before.

I've install ipfilter and I'm going to lock down all the ports apart from http 80 as I don't need them open apart from sharity (what ever ports it uses)

Thanks

User avatar
pub_bronx
Posts: 179
Joined: Fri Jan 13, 2006 10:39 am
Location: Switzerland

Unread postby pub_bronx » Tue Nov 14, 2006 10:09 am

indy_tigger wrote:Thanks for the replies, I was pretty much convinced before.

I've install ipfilter and I'm going to lock down all the ports apart from http 80 as I don't need them open apart from sharity (what ever ports it uses)

Thanks


And what about https?

PB
Octane R14k 600MHz, V6, 2048 MB RAM, 73GB HD0, 18GB HD1, 73GB HD2

indy_tigger
Posts: 58
Joined: Sun Apr 24, 2005 1:19 am

Unread postby indy_tigger » Tue Nov 14, 2006 10:31 am

Yep https to, thanks for the heads up.

What start up file would I add the command to load the rule set? can I have them loaded before I get to the visual login so that all the accounts have them?

I've not read all of the ipf man file, but is there any way I could allow only traffic thats been ask for on a port?.

ie firefox uses 80,443 etc but I only want those ports open for apps I allow (not just leave them open as I have now) basicly I'd want them not showing on a port scan, is ipfliter able to do this?

Cheers

User avatar
pub_bronx
Posts: 179
Joined: Fri Jan 13, 2006 10:39 am
Location: Switzerland

Unread postby pub_bronx » Tue Nov 14, 2006 10:46 am

indy_tigger wrote:Yep https to, thanks for the heads up.

What start up file would I add the command to load the rule set? can I have them loaded before I get to the visual login so that all the accounts have them?



Some pointers :
http://stuff.mit.edu/afs/sipb/service/i ... STALL.IRIX
http://docs.hp.com/en/B9901-90009/ch01s08.html
http://techpubs.sgi.com/library/tpl/cgi ... 936-PARENT

I would start having a glance at those pages, just to have some good ideas.

Hope this helps,
PB
Octane R14k 600MHz, V6, 2048 MB RAM, 73GB HD0, 18GB HD1, 73GB HD2

User avatar
regan_russell
Posts: 888
Joined: Tue Jul 18, 2006 9:32 pm
Location: Sydney, Australia
Contact:

Unread postby regan_russell » Tue Nov 14, 2006 12:40 pm

If you really want to be paranoid you can use open source security tools, tcpdump, ethereal, etc..
(http://www.phptr.com/bookstore/product.asp?isbn=0321194438&rl=1) and also "attack" your own machine, turn off telnet for starters and use ssh for logins..

At least one bank here offers a service to send via SMS a (RSA?) key to be typed in before login completes(aka one time password). All banks here offer tokens (little LCD to put on your key ring), which are sync'd to a (RSA?) server.

User knows something(password/PIN) and user has physical posession of something (token, phone, etc) is safer than just user knows something..
Banks need to shoulder at least partial responsibility on managing ID theft.
Ask your bank what they use or switch to a bank that offers a more secure service if you need.

Regan
:Onyx2R: :Onyx2R: :0300: :0300: :0300: :O200: :Octane: :Octane: :O2: :O2: :Indigo2IMP: :Indy: :Indy: :Indy: :Indy: :Indy: :Indy: :Indy: :Indy:
:hpserv: J5600, 2 x SUN, 2 x Mac, 3 x Alpha, 2 x RS/6000

indy_tigger
Posts: 58
Joined: Sun Apr 24, 2005 1:19 am

Unread postby indy_tigger » Tue Nov 14, 2006 12:51 pm

Thanks for the replies guys, I've got ipfilter working and he seems to work well.

I've got some port scanning software (like superscan 4) and the machine did not show up so ipfilter seems OK

Cheers


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest