IPFW How to protect

[Franklin]

My system was hacked and crashed
How to protect

Please step by step

 

[SirDice]

My system was hacked and crashed
How to protect

Step 1; don't connect your system to the internet
Step 2; Use proper passwords for everything
Step 3; don't connect your system to the internet

 

[Franklin]

Um, is there really no way to protect?
Is MAC OS the same?

 

[SirDice]

Every OS is the same. Do NOT use easily guessed user accounts. Do NOT use easily guessed passwords. Do NOT reuse passwords (using the same password for everything).

Most of the "hacks" these days happen because people use easily guessed passwords. There are literately hundreds (if not thousands) of bots scanning the internet every minute. They're continuously looking, prodding and trying those easy to guess accounts and passwords.

 

[Mjölnir]

A way to create and remember good passwords: Use the initial characters/letters of an easy to remember sentence. E.g. "my mother's birthday is January, 13th" -> password: mmbiJ13th

 

[rootbert]

did you find out how the intruders found a way in?

 

[a6h]

What do you mean by "It was hacked"? What's make you think, it's hacked?

 

[jomonger]

Standard bot vector attacks are SQL injection and admin panels for things like wordpress, myphpadmin etc. If you have huge priviliges for database user they can quite easy run commands on your os (PLSQL).

If you have unsecure SQL input on hosting like aws you will get hacked within week. If its not easy password, then it propably is not OS hack.

 

[Franklin]

Every OS is the same. Do NOT use easily guessed user accounts. Do NOT use easily guessed passwords. Do NOT reuse passwords (using the same password for everything).

Most of the "hacks" these days happen because people use easily guessed passwords. There are literately hundreds (if not thousands) of bots scanning the internet every minute. They're continuously looking, prodding and trying those easy to guess accounts and passwords.

Is MAC OS the same question?

 

[gnath]

hacked and crashed

Both can happen due to different cause. You have not described the symptom of hack and crash. Also to protect any OS follow SirDice's advise and Freebsd Handbook.

 

[a6h]

Is MAC OS the same question?

Mac OS is The answer. Furthermore, you don't need password on Mac, you can use your finger. By the way, did you contant NomadBSD core team?

 

[richardtoohey2]

The OS doesn't really matter.

Follow any of the good guides on the internet e.g. https://www.cyber.gov.au/acsc/view-.../strategies-mitigate-cyber-security-incidents

Find out how to do each of the recommended steps on the operating systems you have facing the threats. Reduce your exposure to the threats if possible.

 

[SirDice]

The handbook is available in other languages too.
This should be the Taiwanese version: https://www.freebsd.org/doc/zh_TW.UTF-8/books/handbook/
There's also a Chinese version: https://www.freebsd.org/doc/zh_CN.UTF-8/books/handbook/
I have no idea how good the translation is though, I can't read it myself.

 

[rashey]

My system was hacked and crashed
How to protect

Please step by step

First of all keep your software up to date, ipfw was vulnerable among others to CVE-2019-5614.

Stop all services you don't use, close all ports you don't need or make proper firewall rules to restrict access if possible.

 

[Mjölnir]

My system was hacked and crashed
How to protect

Please step by step

A "real" firewall setup with a manageable switch, packet filter firewall-host, DMZ (de-militarized zone) & service host in the DMZ. On that host, run all services jailed or in VMs (bhyve(8)). Secure it with ipfw(8) (see /etc/rc.firewall) or pf(4) (beware pf is different...). Strictly speaking, some services (e.g. DB for a web application) should be on their own physical host, a VM is not enough. The packet filter firewall-host and the services host (inside the DMZ) must be physically separate machines (in any case). Physically sepatate the networks for management and ordinary traffic, some also have a dedicated machine (terminal) for network management. Install a virus scanner at least on the services host, integrate that into mail and web/FTP proxy. Best practice is to have a socks gateway/proxy, espc. if you need to access the internet e.g. with SSH. Consider one of the FreeBSD-based firewall "distros" for the packet filter.

 

[Alex Seitsinger]

Physical security is just as important. Social engineering is often the easiest way to gain access. Be careful who you give WIFI access, etc.