Just wanted to ask, what is the difference between secure and non-secure transactions when it comes to AXI bus transactions?
What are the performance implications of either transaction?
Trusted transactions are a part of ARM's TrustZone policy. It requires an additional pin to indicate a secure connection. It only allows communication with the secure section of the processor. It is a software solution to restrict access to hardware in the case of root access on the OS. It acts as a firewall in the event a hacker takes control of the OS. It does not guard against hardware hacking.
As far a performance, the hardware bandwidth is unaffected, but the extra step in the secure processor does incur a performance penalty.
everyone.
When we talk about information security, we usually think that the more the system rely on secure hardware, the saver the system is than that rely secured software for the same security function. Why? Won't a secure hardware have a bug within it?
Thanks
It depends upon your system. What type of system are you talking about.
Stand alone system, server, application system etc. Suppose if you talk about server, developing firewall using s/w is not enough. We have to use different h/w devices as well as securing the server from different hazards.
When we talk about the stand alone application there can be firewall, password security and also user lock devices. So every system has its own type of security requirements.
Ok, been hosting a few games servers on my home computer, and am now also setting up a personal ftp server.
I am sharing my ip-adress with some friends and family with intetions of using this server, but when one of my friends threatened "hacking" my computer (I know he doesn't possess any such skills). It got me thinking.
If I do not reveal my ip address to strangers (or even if I do), are there any security threats.
Also at what scale are these threats. Will an every day programmer be able to cause damage while I host this server?
P.S. I am using xlight ftp software to host this server.
Your friends are not the ones you have to concern about.
Your ip , like everyone else, will be scanned in several ports several times per minute.
Internet is full of bots, launching petitions, looking for holes to exploit and systems to
dig in.
Just be sure to be behind a firewall, nat only desired services ports, and try not to use a conventional one. Install an additional software firewall if possible.
I would also recommend you to use a SFTP server. (Based on SSH and encryped). Standard FTP traffic is raw and can be easily sniffed.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Obviously there are security reasons to close a wireless network and it's not fun if someone is stealing your bandwidth. That would be a serious problem?
To address the first concern: Does a device on the same wireless network have any special privileges or access that an other device on the internet has?
Assumptions : Wireless network is connected to the internet
The second seems like a community issue. If your neighbor is stealing bandwidth, you'd act just as if he were "borrowing" water or electricity.
First, Talk to him about the problem and if that doesn't work, go to the authorities or lock stuff up. Am I missing something?
Bruce Schneier is famous for running an open wireless network at home (see here). He does it for two reasons:
To be neighborly (you'd let your neighbor borrow a cup of sugar, wouldn't you? Why not a few megabits?)
To keep away from the false sense of security that a firewall gives you. In other words, it forces him to make sure his hosts are secure.
Personally, I would never run an open wireless network for one reason: accountability. If someone does something illegal on my network, I don't want to be held accountable.
I don't think the biggest problem is just someone stealing your bandwidth, but what they do with it. It's one thing if someone uses my wireless network to browse the Internet. It's another thing if they use it for torrenting (I find that slows down the network) or any illegal activities (kiddy porn? not on my network you don't).
Yes you are, your wireless router also doubles as a firewall preventing harmful data from the Internet, by letting one of your virus-infected neighbors in on your wlan you're essentially letting him bypass that.
Now, this shouldn't be a problem in an ideal world since you'd have a well-configured system with a firewall but that's certainly not always the case. What about when you have your less security minded friends over?
Not to mention the legal hassle you could get yourself into if one of your neighbors or someone sitting with a laptop in a car close enough starts browsing kiddieporn.
I feel it all has to due with population density. My parents own a big plot of land nearest neighbor is .5 mile away. To me it doesn't make sense to lock a wireless router down. But if I lived in a apartment complex that thing will be locked down and not broadcasting it's ID.
Now at my house I just don't broadcast my ID and keep it open. The signal doesn't travel further then my property line so I am not to worried about people hijacking it.
I would actually disagree with Thomas in the sense that I think bandwidth is the biggest problem, as it's unlikely there are many dodgy people in your area who just so happen to connect to your network to misbehave. It's more likely I think that you'll have chancers, or even users who don't fully understand wireless, connecting and slowing down your connection.
I've experienced horribly laggy connections due to bandwidth stealing, a lot of the problem is with ADSL - it just can't handle big upstream traffic; if a user is using torrents and not restricting the upstream bandwidth it can basically stall everything.
For most people, the wireless access point is a router that is acting as a hardware firewall to external traffic. If someone's not on your wireless network, the only way they'll get to a service running on your machine is if the router is configured to forward requests. Once a device is behind the router, you're relying on your computer's firewall for security. From a "paranoid" layered security standpoint, I'd consider an open wireless network in this scenario to be a reduction in security.
I've met a lot of people that leave their networks open on purpose, because they feel it's a kind of community service. I don't subscribe to that theory, but I can understand the logic. They don't see it as their neighbor stealing bandwidth because they feel like they aren't using that bandwidth anyway.
Following joshhinman comment, this is a link to an article where he explains why he has chosen to leave his wireless network setup open.Schneier on Open Wireless
This guy is probably the most famous security expert at the moment, so it worths having a look at what he has to say.
As far as the security aspect goes it is a non issue. An open network can allow a determined person to 'listen' to all your unencrypted communication. This will include emails - probably forum posts - things like this. These things should never EVER be considered secure in the first place unless you are applying your own encryption. Passwords / Secure log in to servers will be encrypted already so there is no benefit to the encryption while the packets are in the air. The advantage comes when, as others have mentioned, users perform illegal actions on your access point. IANAL but it seems some corrolations can be drawn to having your car stolen and someone commits a crime with it. You will be investigated and can be determined innocent if you have some alibi or logs showing your machines were not responsible for that traffic.
The best solution to the hassle of using a key for the home user is to restrict the MAC addresses of the computers that can connect. This solves the problem of having un-authorized users (for all but the most advanced at which point your PW likely won't help you either) and it keeps you from having to input a long key every time you need to access something.
Personally, I would never run an open wireless network for one reason: accountability. If someone does something illegal on my network, I don't want to be held accountable.
The flip side of this is deniability. If the government or RIAA come knocking on your door about something done from your IP address you can always point to your insecure wireless connection and blame someone else.
I wish people would stop referring to an open network as 'insecure'. A network is only insecure if it doesn't meet your security requirements - people need to understand that not everyone has the same security requirements. Some people actually want to share their network.
An open network is open. As long as you meant that to be the case, that's all it is. If your security policy doesn't include preventing your neighbors from sharing your bandwidth, then it's not a security fault if it allows them to do that, it's faulty if it doesn't.
Are you liable for other's use of your 'insecure' network? No. No more so than your ISP is liable for your use of the Internet. Why would you want it to be otherwise? Note, by the way, that pretty much every commercial WiFi hotspot in the world is set up in exactly such an open mode. So, why should a private individual be held liable for doing exactly the same thing, merely because they don't charge for it?
Having said that, you do have to lock down your hosts, or firewall off an 'internal' portion of your network, if you want to run fileshares etc internally with such a setup.
Also, another way to deal with 'bandwidth stealing' is to run a proxy that intercepts others traffic and replaces all images with upside down images or pictures of the Hof. :-)
#kronoz: I guess it depends on where you live. Only two houses are within reach of my wireless network, excluding my own. So I doubt that small number of people can affect my bandwidth. But if you live in a major metro area, and many people are able to see and get on the network, yeah, it might become a problem.
It is so easy to lock a wireless router down now, that I think a better question is why not lock it down?
The only reason I can think of is if you had a yard large enough so that your neighbors can't get a signal and you frequently have visitors bringing devices into your home (since setting them up can be a chore).
Note that I'm saying both of those things would need to be true for me to leave one open.
Personally, I would never run an open wireless network for one reason: accountability. If someone does something illegal on my network, I don't want to be held accountable.
The flip side of this is deniability. If the government or RIAA come knocking on your door about something done from your IP address you can always point to your insecure wireless connection and blame someone else.
I would argue that anyone who is running a network is responsible for the actions of all people who use it. If you aren't controlling use, then you are failing as a network administrator. But then again, I'm not a lawyer, so...
As it turns out, when I switched DSL service, the wireless router the company provided is secured out of the box. So unless I add the old router to my network, it will be secured.
On the other hand, it was very convenient to "borrow" a few hours of network time from neighbors while I was waiting for the technician to stop by and install the service. Looks like this might not be an option soon, however.
My biggest concern is there there is never too much bandwidth so a decision to share it is only acceptable if I can somehow guarantee that other people do not use more than, say, 5% of my total bandwidth. Which may or may not render my connection useless to other people, depending on what they mean to do with it.
As most wireless standards are very hackable I can understand the logic behind not securing it, as it removes the false sense of security that wireless security provides.
However, in NZ bandwidth is expensive; I cannot afford for randoms to leech that off me. As the vast majority of people don't have a clue regarding hacking wireless connections having this admitedly pitiful defense wards of most of the lazy.
If anyone cares enough they can hack my crappy WEP encryption and get themselves some free Internet and free leech until I care enough to stop them. Then I'll upgrade to something better (white-listed MAC addresses, say) which will be harder for them to hack, and the cycle will begin anew.