MX User Manager

Here is where you can post tips and tricks to share with other users of MX. Do not ask for help in this Forum.
Message
Author
Vincent17
Posts: 75
Joined: Tue Feb 20, 2018 1:07 am

Re: MX User Manager

#11 Post by Vincent17 »

If your PC is plugged into any network... and you have an open account, anyone with access to that network has free and open access to your machine.
You only have to look at the Windows platform to find your answer. …
I am none the wiser for those replies. If there is no server running on my machine, how is that access obtained?

I am not arguing for open accounts, just trying to get some understanding of security on a local network.

User avatar
manyroads
Posts: 2603
Joined: Sat Jun 30, 2018 6:33 pm

Re: MX User Manager

#12 Post by manyroads »

Pax vobiscum,
Mark Rabideau - ManyRoads Genealogy -or- eirenicon llc. (geeky stuff)
i3wm, bspwm, hlwm, dwm, spectrwm ~ Linux #449130
"For every complex problem there is an answer that is clear, simple, and wrong." -- H. L. Mencken

Vincent17
Posts: 75
Joined: Tue Feb 20, 2018 1:07 am

Re: MX User Manager

#13 Post by Vincent17 »

@manyroads Thanks for the links.

Let me try one last time to ask my question clearly. :p I'd like to understand how vulnerable a computer is on LAN.

Let's assume I have a strong password, I check https certificate fingerprint when contacting my bank, I'm running a firewall and have no ftp, telnet or other server enabled. However, I've accidentally written my username and password in large print on the back of my T-shirt. Could someone in the coffee shop easily access my computer via LAN? How would that be done?

User avatar
manyroads
Posts: 2603
Joined: Sat Jun 30, 2018 6:33 pm

Re: MX User Manager

#14 Post by manyroads »

Vincent17 wrote: Thu May 23, 2019 4:41 pm [...]

Let's assume I have a strong password, I check https certificate fingerprint when contacting my bank, I'm running a firewall and have no ftp, telnet or other server enabled. However, I've accidentally written my username and password in large print on the back of my T-shirt. Could someone in the coffee shop easily access my computer via LAN? How would that be done?
The short answer is "yes". The longer answer is it depends on your platform and the communication options. The best way to develop an understanding will require you study your device, software, and its vulnerabilities. You can do that by running penetration testing... kind of over kill for most. However someone sitting on the street with the requisite hardware & software & knowledge can easily access your device, especially if you leave a simple open account.

More reading:
https://www.webtitan.com/blog/most-comm ... k-attacks/
https://www.concise-courses.com/wifi-ha ... c-attacks/

If you really want to know more visit:
https://www.kali.org/news/introducing-k ... fessional/
https://www.eccouncil.org/programs/cert ... acker-ceh/
https://www.simplilearn.com/top-ethical ... er-article

I'll bow out of this discussion now... ;) :eek:
Pax vobiscum,
Mark Rabideau - ManyRoads Genealogy -or- eirenicon llc. (geeky stuff)
i3wm, bspwm, hlwm, dwm, spectrwm ~ Linux #449130
"For every complex problem there is an answer that is clear, simple, and wrong." -- H. L. Mencken

Vincent17
Posts: 75
Joined: Tue Feb 20, 2018 1:07 am

Re: MX User Manager

#15 Post by Vincent17 »

OK, thanks. Downloading Kali now ;)

User avatar
manyroads
Posts: 2603
Joined: Sat Jun 30, 2018 6:33 pm

Re: MX User Manager

#16 Post by manyroads »

Vincent17 wrote: Thu May 23, 2019 5:17 pm OK, thanks. Downloading Kali now ;)
+1
Pax vobiscum,
Mark Rabideau - ManyRoads Genealogy -or- eirenicon llc. (geeky stuff)
i3wm, bspwm, hlwm, dwm, spectrwm ~ Linux #449130
"For every complex problem there is an answer that is clear, simple, and wrong." -- H. L. Mencken

User avatar
figueroa
Posts: 1049
Joined: Fri Dec 21, 2018 12:20 am

Re: MX User Manager

#17 Post by figueroa »

Risk depends on the use case.
Andy Figueroa
Using Unix from 1984; GNU/Linux from 1993

User avatar
figueroa
Posts: 1049
Joined: Fri Dec 21, 2018 12:20 am

Re: MX User Manager

#18 Post by figueroa »

deepestfishguy wrote: Thu May 16, 2019 7:49 pm I would like to set up a Guest account that would not require a password. Is it possible to do this? Are there risks involved in doing this, even if the Guest account is set up without any privileges?
I have four computers setup at school as kiosks that autologin the account "student" which is unprivileged (limited, the student can print and use local software and browser) and can do limited damage. We have physical security for these computers. These accounts do have passwords, but the users do not know the password. The directory /home/student is backed up and can be easily restored should a student do damage to the desktop configuration, but this has not happened in two years. The web browser is fairly well locked down. These computers are only used for this purpose.

However, on MX, the MX User Manager can set up the account, but a bug puts the autologin entry, if you select that, at the bottom of the file /etc/lightdm/lightdm.conf, so it is ignored. You would then need to move that line from the bottom to a location above the line that reads autologin-user=false and comment out that line.

So, if you really want a guest account, create it, give it a password (required) that you can tell your guests. It can (optionally) autologin, if you like. Once any other user has used the computer and logged out, the guest account will require a password.
Andy Figueroa
Using Unix from 1984; GNU/Linux from 1993

Post Reply

Return to “Tips & Tricks by users”