Open source software security

Madirish Tutorial 04

30 November -0001
Ok, by this point I'm going to assume you've got a computer you can use with at least one operating system properly installed. Hopefully its Linux, but if not don't sweat that. Now you've got to make sure you can get online. Unless you want to set up a home lab and do all your hacking on your own LAN (Local Area Network) you're going to need to get out there on the internet.

The first thing you're going to need to do is get an ISP. Finding an ISP is easy, finding a good ISP is tough. If you're really cheap you can get one of the free providers such as Juno or NetZero. I wouldn't advise this though since you'll have to deal with their ads and their crappy service (you get what you pay for). I'd also shy away from AOL since it's a breeding ground for lamers and morons. AOL uses a proxy server for all its connections which is nice, but they also turn over confidential information about their users to the government without any fight at all. Bottom line, AOL sucks. Ok, so we've weeded out the bad choices, how to find a good choice? Well, used to be there were lots of mom and pop type operations that would give you a great account for really cheap. Not so much any more. Look in your phone book. I wouldn't pay more than $20 a month for a dial-up, but you'll find most services cost about that much. Ideally you'd like an account with shell access. This means that you'll get a regular dial-up account, plus an account on a Unix box that you can telnet into. Now, since shell accounts are used primarily by hackers these days, chances of finding one are slim to none.

You're going to want to keep in mind that any ISP will automatically log all of your activity online. This can be very troublesome for home users. Try to find a service with a good policy about turning over your records to the FBI or other authorities. Make sure they have a policy against Carnivore (or whatever the FBI is calling their wiretapping device these days) and make sure they'll notify you if ordered to turn over any records. Also be sure to read your TOS (Terms of Service) agreement VERY carefully so you don't violate it. Find out policies about complaints against your account. Some ISP's will terminate your service if you scan a remote computer (perfectly legal) and some will give the finger to people complaining to them about a break in by a user. Look for the latter. You may have luck with a big ISP simply because they've got so many customers. Just make sure you remember that your activities when you're logged into your ISP *are* monitored and logged somewhere.

If you can afford DSL or cable I'd get that. Keep in mind though that most high speed providers will not support Linux. If you're going to use Linux from a home connection your best option is a dial up since any modem will work with such a connection. I have a DSL line and a dial-up at home (the dial-up is good for use on the road as well).

Once you've decided on a service you're going to need a few things from your provider (especially if you're going to use Linux). You're going to need, of course, your login ID and password. You'll also probably need the IP addresses of your Primary and Secondary DNS servers. You may even need a gateway or proxy address for your account. Its also a good idea to find out what protocols and authentication schemes your ISP uses if you're going to set up a modem on a Linux box. If you call tech support and ask for these the operator will figure out pretty quick that you're using Linux. If they give you a hassle just tell them you've got a weird old modem and you're writing your own drivers and initialization codes (those are the codes sent to your modem (basically commands issued to the modem to make a connection)) and they'll leave you alone. Don't take "no" for an answer, after all you're paying for the connection, not their opinion of what operating system you're using.