Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hack Proof Computer/Server


  • Please log in to reply
6 replies to this topic

#1 RossCann

RossCann

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Penfield, NY
  • Local time:06:32 AM

Posted 15 May 2017 - 09:11 AM

I am a brand now member with a question.

Does any company make a computer-server that will not allow admin control to be gained except locally at the computer or over a totally secure LAN ?

This would mean the processor is completely hack proof outside of individual user account space. So this ransom-ware attack, for example, would be totally impossible.  The operating system could provide for user account security through means such as double or triple password access to protect the user admin instruction space, if desired.

If the answer is no, why hasn't it been done to eliminate any attacks such as the current ransom-ware attack.

Any ideas here ??



BC AdBot (Login to Remove)

 


#2 Just_One_Question

Just_One_Question

  • Members
  • 1,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:32 PM

Posted 15 May 2017 - 09:36 AM

The very definition of a network presumes some degree of connectivity with other devices/people, which means that there always is a weaker point of potential breach in any network ever.

The only 100% sure way of keeping a computer hack-proof is not to be connected to anything at all - the Internet, bluetooth, the power grid (you can use batteries), etc.:)

#3 RolandJS

RolandJS

  • Members
  • 4,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:32 AM

Posted 15 May 2017 - 10:03 AM

As Quietman7 often posts: the most important, sometimes the strongest and sometimes the weakest, security component are the end-users.

 

Addendum:

"...Now, if someone compromised one of those local systems, they could use it as a relay for sending commands to the server, so again, not PERFECT security..."  --dantose

"...If this is a server for many users, then a ransom-ware attack would only be possible for a user account that doesn't guard access to their password secrecy..." --rosscann


Edited by RolandJS, 16 May 2017 - 09:00 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 RossCann

RossCann
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Penfield, NY
  • Local time:06:32 AM

Posted 15 May 2017 - 03:40 PM

What I am talking about is a computer-server with no outside connection to the admin level of the processor or from user space within the machine. So no outside source can gain access to the admin level. If this is a server for many users, then a ransom-ware attack would only be possible for a user account that doesn't guard access to their password secrecy.
Ross

#5 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:10:32 PM

Posted 15 May 2017 - 06:36 PM

Abyss Web Server. https://aprelium.com/abyssws/

https://aprelium.com/abyssws/screenshots.html
win_window.png

The console is a web based remote configuration interface. It can be accessed from the computer Abyss Web Server runs on and from any computer connected to your network.
A standard web browser is all you need to view and use the console.

When the console is accessible through http://127.0.0.1:9999 only, from the computer running the Abyss Web Server software, then it's isolated and secure to a greater extent, but not absolutely 100% secure?

Edited by Crazy Cat, 15 May 2017 - 06:37 PM.

 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#6 dantose

dantose

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 15 May 2017 - 08:52 PM

What I am talking about is a computer-server with no outside connection to the admin level of the processor or from user space within the machine. So no outside source can gain access to the admin level. If this is a server for many users, then a ransom-ware attack would only be possible for a user account that doesn't guard access to their password secrecy.
Ross

Disclaimer: "total security" does not exist. security always exists on a spectrum. Security decisions should always be approached as a cost/benefit question: what is the cost of the security measure? What is the cost of compromise? How much does the security measure reduce the likelihood of compromise?

 

That said, disabling admin rights over network could be accomplished a couple of ways. Group policy would be one approach, you could also set firewall rules blocking traffic. For example, if you are controlling a server via SSH on port 22, your firewall blocking all external port 22 connections would prevent direct access from external attackers. Likewise, the server's software firewall could reject all SSH connections except from whitelisted IPs on the network. For example, say your router has 192.168.0.1-20 set aside for wired connections, and DHCP's 192.168.0.100-255 for wifi. setting your servers software firewall to accept SSH traffic only from 192.168.0.1-20 with an implicit reject of all other SSH traffic would limit it only to those wired systems. 

 

Now, if someone compromised one of those local systems, they could use it as a relay for sending commands to the server, so again, not PERFECT security.

 

You would also need to look at preventing escalation of privilege attacks, if you are allowing non-admin permissions for the server, and of course all the usual stuff with SQL injection, buffer overflow, etc. 



#7 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:10:32 PM

Posted 15 May 2017 - 11:11 PM

dantose has given you a few examples, another would be the now patched NSA Zero-Day SMB exploit.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users