Security of net install?

Help with issues regarding installation of Debian

Security of net install?

Postby caerolle » 2017-02-24 04:23

Hi, not sure where to ask this, going to try here.

I have done a net install, as that seems to be a good way to get a minimal system. I have done net installs in the past, and always worried about exposure of my system during the install. I have spent a fair amount of time digging about in the Debian pages, and the only thing I have found was the advice in the Securing Debian wiki to (if I understand correctly) NOT do a net install (essentially to not connect to the internets until the install is complete and security is in place). OTOH, the net install (minimal CD seems to kind of be recommended?

Immediately on the install stopping I installed ufw and enabled and configured it, and also installed rkhunter and chkrootkit and ran those. Anything else I should do?

Thoughts? Suggestions? Advice?

Thanks!

Carol :)
caerolle
 
Posts: 4
Joined: 2017-02-24 04:15
Location: USA

Re: Security of net install?

Postby Bulkley » 2017-02-24 05:44

Sure. Choose the maximum security setting for your router/modem firewall.
Bulkley
 
Posts: 5045
Joined: 2006-02-11 18:35

Re: Security of net install?

Postby caerolle » 2017-02-24 14:11

Thanks! I am ashamed to admit it, but I avoid messing with the router, the interface on those things is horrid. I really need to download something other than the firmware that came on it, too.

Carol :)
caerolle
 
Posts: 4
Joined: 2017-02-24 04:15
Location: USA

Re: Security of net install?

Postby Segfault » 2017-02-24 14:35

I do not see how someone could install a rootkit during install, you are behind NAT router and you are not offering any publicly accessible services in your box you are installing to. The only way to get hacked during netinstall is if your router is owned and the DNS resolves into a fake Debian domain letting you install tampered deb packages.
Segfault
 
Posts: 402
Joined: 2005-09-24 12:24

Re: Security of net install?

Postby caerolle » 2017-02-24 14:48

Thanks, Segfault! :)

I am actually behind a couple of routers: I have ATT uVerse, so have hopefully some protection from their modem, then have a good router plugged into that which feeds everything (with a strong password), and provides my wireless (I don't use ATT's wireless). My computer is directly wired to the model, so no worries about wireless wrt it.

My worry was less about getting bad packages than having something get in and install before I got the firewall up. I didn't install SSH or any server stuff, so I would think that should cut down on the risk that exists between the time I have a working system and when I got the firewall up.
caerolle
 
Posts: 4
Joined: 2017-02-24 04:15
Location: USA

Re: Security of net install?

Postby Segfault » 2017-02-24 15:02

I've never used firewall behind NAT. Are you doing double NAT? Won't do any good. I had a modem setup once, I put it in bridge mode so I could manage my own network in my own router. The other option would be using NAT provided by modem and use a network switch for wired and an access point for wireless, if required.
Segfault
 
Posts: 402
Joined: 2005-09-24 12:24

Re: Security of net install?

Postby caerolle » 2017-02-24 15:48

Ah, ok, thanks! I seriously need to learn more about the network stuff… :oops:
caerolle
 
Posts: 4
Joined: 2017-02-24 04:15
Location: USA


Return to Installation

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable