Major security issue

[vertigo262]

At least in my eyes

So, I have my untangle locked down pretty tight. First off, I want to say, I love untangle. Great product.

I started off experimenting with all different linux firewalls, and I ended up using untangle for everything.

But I do have one concern.

I put untangle in our office, and it is running circles around our old sonic wall.
From every standpoint. reports, usability, catching spams and viruses.

But yesterday, I left the office around 4 pm. and when I got home I noticed my untangle was down. Thinking, maybe it's nothing but maybe I should figure out why it shut down.

Just logging in, it appears as 4 -5 adapters had appeared in the network interfaces. Untangle asked, "these devices no longer exist, do you want to save configuration" Which I found to be very strange.

Well before I had a chance, today at about 1:45 pm, I stepped out of the office for about 15 - 20 minutes. to grab some food, and when I got back to the office, i noticed that it was down again.

Now the strange thing is, not only was my firewall down, but when i stepped out of the office, I left the KVM on untangle. When I came back, it had been switched to another server.

Now , with my curiosity at the level of, KVM's don't just switch on their own. and on 2 occasions, as I left, the firewall has shutdown.

I sort of feel it would be nice to know what's going on.

Now, at this point. I figured, it would be nice to look at some tamper logs, or logs of shutdowns and why it was shutdown etc. But at this point I had to enable ssh and d/l the logs from console.

now looking at the logs, not only are there logs all over, and I have no clue what's what. but when I open them, seems like jumbled text that I have to try to figure out what it's saying and what files are what.

This leads me to the features which I believe untangle really should have. And I believe are needed.

The very first is that even though untangle boots to a pretty screen with menu's , restart, terminal, etc. I believe that like all over OS's , or firewalls, their needs to be a login to get into anything. To me that seems extremely important. so some pissed off employees can't just walk up to console and shut down. etc.

second, it would be nice to just log in to the web interface, and look at if anything has been tampered with. When shutdown, by who, was it a OS fault, was it intentionally shutdown. Also, was a device plugged in to any of the ports. Like a usb device.

Now it's rare that your threats are internal people, but from time to time you have disgruntled employees.

And the ability to just walk up to console, now disturbs me. So most likely I will have to unplug it from the KVM.

But I think this needs to be addressed.

Out of all the features i've posted in the past, those were all nice to have. This to me seems like something untangle needs.

[pazza3564]

If you think its an employee, maybe try setting up a video camera, or a lock on the server room.

[M.I.B.]

@ vertigo262
this was discussed before. I for myself want to have this locking feature also. But most guys in this forum think it is better to lock the room instead of Untangle
True is: if you can get a hold on the hardware you can do nearly anything to the particular machine. Windows Server: reset every password, get access to any file.
But you need to have the knowledge to do this - I doubt any usual employee has.
So I see an easy way to prevent misuse in the ability to lock the console of any system.
Next step is to lock the room door where the system is located plus security cameras.

And by the way: if someone really wants to get a hold on your system he will find a way. But that is an other story.

MIB

[f1assistance]

Clearly you have bigger issues in this company than just Untangle going down. Good luck with that. But, there is another choice here...don't leave! :-)

[vertigo262]

despite the fact that the employees, AS WE ALL KNOW, want me out. and will do the same at the next company I work at. and the next company until I'm put in the ground is not the issue here.

The issue is security. Yes, as we all know. anyone with knowledge can get into hardware or software. But not even having a password to log in, makes it a field day for whatever you want to call them. Predators.

While on cam, pushing a restart button is not a huge deal. Being on cam, pulling out a servers, or pulling a hard drives, or popping in a utility to do something drastic will result in their explosion, or lawsuit if damages.

Giving them the ability to walk up and shutdown with not even a password to get in is almost like asking them to do it, it's so simple. and knowing that untangle has nice pretty huge buttons that say, restart me, shut me down, is very inviting to scumbags.

Every operating system I've ever seen have passwords before doing anything. This makes their lives a lot more difficult and will result in them doing something drastic. if they have to hack the password, or put in bypass discs. they will be on cam for quite a while.

And tamper logs are very beneficial to see what people are trying to do. I mean I can buy a cheap dell desktop, and if someone removes the case, I will know.

Untangle is an enterprise level product and I think despite my situation which is extremely rare, and i will be pursued until the end of time, people and myself could benefit with such features.

It's nice to know that when your servers are sitting in a building. Any random person can't just walk up and screw with your equipment. or you have to pull the KVM, or lock the door, or put cameras on it because they are invited to screw with it.

Untangle has proven itself in my eyes as a top level security device. but I believe there are things missing. This latest incident confirms that something so simple should be resolved.

also, if someone gets in the device from a workstation, or outside, these are things that only tampering logs would tell you.

[sky-knight]

Let me tell you why what you're asking for is foolish...

Physical access to a windows server, I boot it with a CD, and WITHOUT A PASSWORD, I can change the admin password "AD or local doesn't matter". Boot the server and gain full access.

Any linux machine I make a 2 second edit to the kernel parameters of the loading kernel, I'm dropped to a root shell with full control. 1 command later I have read write access to the local file system, and a second line I've reset the root / whatever password I want and I'm rebooting.

There is no system on the planet that is physically secure. All of them are trivial to breach with a quick Google search.

Secure your stuff! Physically, lock it up. You have zero choice, you have no security without physical security. If your employees are busy screwing around with business equipment you have a HUGE disciplinary problem to deal with. The suggestions in this thread that involve putting in things to catch them are good. However, before you go down that road, I suggest you get a lockable cabinet with appropriate ventilation and put stuff in there.

P.S. The Dell example you used is a bad one, that is a function of the system's BIOS, not a function of the OS.

[bigdessert]

I remember posting this howto a while back....not sure if it is the same any more, but could easily be modified for all of the buttons on the kiosk.
http://forums.untangle.com/hacks/159...y-console.html

But again as others have said here.....there is nothing stopping them from holding in the power button on the machine.

[vertigo262]

Sky-night,

I'm not saying it would make it invincible, all I am saying is. someone who has no computer knowledge, or little knowledge, can't just blindly walk up to the console and shut it down.

like my situation. these people aren't going to screw with my servers if they have to crow bar it apart. or figure out what software to bypass.

Someone that has to bypass a password has to take the time and energy to do it. and that means they have serious motive.

It's like a car alarm. the real thiefs are going to get your car if they want it. but it detours everyone else from having a freeforall.

Your guys thinking is wierding me out man. Put a stink'n password on it. lol

[vertigo262]

Ahhh big-dessert,

good idea. and a power button bypass!!!!!!!!!! which might be doable in bios.
then at least they are stuck behind a rack of servers figuring out which power to pull and hoping it's not the ones they rely on :O)

[sky-knight]

A fully deployed Untangle server doesn't have a monitor, keyboard, or mouse even attached. It's a network device, just like a swtich and managed only by the web UI.

The issue here, is the choice of hardware deployment you've made. I've asked for a password prompt for the console since I got here. The Devs don't like the idea for whatever reason and there it is.

Heck, if you're lucky your box will get the "console" bug and stop loading the UI entirely.