Login    Forum    Search    FAQ

Board index » Upgrading and Repairing Forum » Laptop Hardware




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: block wireless access while installing OS: BIOS solution
 Post Posted: Sat Aug 18, 2007 11:36 am 
Offline

Joined: Sat Jun 30, 2007 10:36 am
Posts: 208
My laptop insisted on opening me to the Internet when I didn't want it and hadn't yet set up security against hackers. I was installing Linux and discovered Linux helpfully visiting the Internet on its own (to tell me about updates available) (a help screen looked like it, too, might be from the Internet) and then I test-browsed an obscure website (my own, so I know it's obscure and safe) before I'd set up a firewall or an antiviral. It used internal wireless. I don't have an access point, but it found three outside my home (I haven't asked their owners for permission and recognize only 1 of the 3 (a neighboring store), all 3 IPs listed are Cablevision's, & someone essentially pays for bandwidth I'd be using while they'd lose signal strength) and connected me without asking. Supposedly, this Linux has firewall iptables set with all ports off by default, but that may be false: after installation, I found iptables seems set to accept everything in, out, or being forwarded. I installed from an old original bootable CD. I tried disabling wireless access at the OS level but one cold reboot later it was back.

Details before solution:
Dell Latitude C840 laptop.
Ubuntu 6.06 Linux, newly installed.
Firefox 1.5.0.3 browser, set to flush cache after every Firefox session.
Pre-install prep included DBAN 1.0.6 hard drive 28-hr. wipe of WinXP and everything else.
No hidden partition on hard drive (40.0GB in BIOS consistent with Linux Device Manager reporting 37.26GiB for the 2 Linux partitions (root = 35.71GiB & swap = 1.55GiB); 1024*1024*1024*37.26 = 40007620362.24 accounts for 40GB).
BIOS revision A13.
Only relevant BIOS entries: "MiniPCI Device: Wireless", not alterable, and "MiniPCI Status: Enabled".
Visits to Internet performed by browser and by Ubuntu reporting just after login on quantity of updates available.

Detail of iptables as installed from CD and read from root terminal (here as blockquote):
root...[prompt]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root...[prompt]#

Failed solution attempt: Ubuntu 6.06 > System > Administration > Networking (Network settings dialog) > Connections tab > Wireless connection eth[n] (active) > Properties > uncheck Enable this connection. Disabling failed in that on the next bootup this re-enabled itself. No one else uses my laptop.

Solution, partial: Ubuntu 6.06 > System > Administration > Networking (Network settings dialog) > Connections tab > Wireless connection eth[n] (active) > Deactivate. Doesn't reach Internet using Firefox after this. This works, except that it can't be relied on while an OS is being installed or before.

Solution, stronger: I entered the laptop's setup, disabled MiniPCI, and rebooted. After that, wireless is not listed by Linux in Network settings, and browsing a major site failed. Being in BIOS, it won't matter whether an OS is installed or not. This solution is the one to use while wiping the hard drive or installing a new OS, for example, to maintain security against hackers. However, I didn't see it in lit.

Consequence: Worrying that I might have been infected without notice during hours of exposure, I repeated the OS installation, including another 28-hr. DBAN wipe. In future, to switch wireless on or off, I have to do it in BIOS and reboot, although that's unorthodox, cumbersome, and easily forgotten (I don't remember having to adjust a BIOS on any machine every time I wanted to install an OS). Hopefully, once a firewall GUI is in, I'll be able to leave wireless on all the time in BIOS and use the firewall to block all access, except when installing an OS.

Since setting time through the OS changes it in CMOS, one might argue an OS setting could enable wireless in BIOS. But if BIOS-disabled wireless doesn't list as an OS network interface option, it can't be enabled in the OS list.

Design implication: I don't know whether Dell ships with wireless enabled in the BIOS, since I bought my machine used. Even if they don't, the problem occurs whenever an OS is newly installed or reinstalled. It shouldn't occur with upgrades and patches, but we can't be sure even then, since firewall settings might be lost in the process, and then BIOS-enabled wireless would present a risk.

Unless someone has a better hypothesis, building a machine to run on wireless before an OS is on it and before a user opts to use it with firewall protection looks like bad design. It also means that machines with OEM OSes (hint: Windows) are susceptible to having been hacked before shipment, since I assume every machine may be turned on for at least cursory factory testing, the only protection being the lack of an access point near the test location, rather unlikely (managers walking around may want wireless access for their own machines) unless this risk is specifically recognized by the tester and access points are banned.

Review of feature: Ugh. Review of security: Ditto.

Thanx.

--
Nick


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 1 post ] 

Board index » Upgrading and Repairing Forum » Laptop Hardware


Who is online

Users browsing this forum: Bing [Bot] and 2 guests

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: