• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
Glass_Knife

Indie computer security

19 posts in this topic

Like many of you, I spend my nights, weekends, and holidays working on indie programming projects in the feeble attempt to be the next Minecraft.  I was checking my Windows security logs the other day, and I realized that I don't know anything about this stuff.  Immediately I got worried that some hacker is accessing my computer at night and stealing all my stuff (crazy, right).  

 

So, two questions.  This is a Audit Success.  It looks fishy, but I had no luck googling this to figure out what it is.  Any thoughts?

 

An account was successfully logged on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

New Logon:
	Security ID:		ANONYMOUS LOGON
	Account Name:		ANONYMOUS LOGON
	Account Domain:		NT AUTHORITY
	Logon ID:		0x64435
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x0
	Process Name:		-

Network Information:
	Workstation Name:	
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	NTLM V1
	Key Length:		0

 

 

I googled the NtLmSsp, and it looks like a security program, but I'm paranoid.  

 

My second questions is what do you do for security while working on super-secret indie stuff?  Is there some website or book about securing your computer that I should know about?

0

Share this post


Link to post
Share on other sites
Wrapping your computer in tinfoil is a good first step.

What are you running that would allow a remote user to access your filesystem?
0

Share this post


Link to post
Share on other sites

Wrapping your computer in tinfoil is a good first step.

 

I don't know if I can find foil made of tin.  Does aluminum foil work?

 

If there is a way for someone to login and/or access my file system, it would be through some weird security flaw I don't know about, or some service that I don't realize should be disabled.  I didn't see an file access, but I don't think I would recognize suspicious behavior if I saw it.

0

Share this post


Link to post
Share on other sites

The NT AUTHORITY and the fact that no account name, no network information, and only generic login credentials are provided hints that this is probably just a local system service elevating itself to perform some maintenance (updates or other). There is more than one account on your system.

 

But if you are so paranoid about people stealing your code, you should just get peace of mind by developing on a machine not connected to the internet and looking up information on a second machine. Not that your concerns are necessarily justified, but if that helps... to be fair if someone or something did manage to log into your system, I doubt he or it would make a beeline to your code. It'll probably just add your computer to some botnet and start churning out spam emails. It might also do a filesystem search for credit card info, that sort of stuff, ..

0

Share this post


Link to post
Share on other sites

grep "teh monies" *.*

 

You'd be surprised how many people put their passwords in a plain text file. Or even a keepass database with a crappy master passphrase. dry.png

0

Share this post


Link to post
Share on other sites

Not even Microsoft gets hacked for source code. The worst they had was a leak (some Win 2000 sources I think?) from another company, and its not Linux devs were all like "OMG LETS STEAL THEIR SECRETZ!" Hell, if you're using C#/Java, there is a big chance that someone will get usable sources of your stuff anyway (*cough* Minecraft modding *cough*).

 

Besides, hackers are usually more interested in DRM code rather than the actual game code :D

Edited by TheChubu
0

Share this post


Link to post
Share on other sites

My second questions is what do you do for security while working on super-secret indie stuff?

I do nothing as I have enough stuff to think about already. I just keep OS and AV updated, firewall on and I feel fine.

 

But if you want to be paranoid, look at your NTFS file access permissions for network shares, I guess those could be a start.

0

Share this post


Link to post
Share on other sites

It isn't that I'm paranoid and ready to wrap me head in foil.  I was looking at the security logs and thinking "I don't know anything about these logs.  I wonder if I should be doing something else for security?"  After scanning the logs, I realized that I wouldn't know what to look for, and thought there may be some good resources out there for learning more about security.

 

I also did not realize a question about security would be mark me as a super-paranoid conspiracy theorist.  That's interesting.

0

Share this post


Link to post
Share on other sites

Not really no, on a non server computer running windows it just boils down to keep your windows up to date, don't install third party stuff unless you know about it and downloaded it from the publisher, don't run web browser plugins you don't need and keep those you need up to date, and don't click on stuff you shouldn't.

OSes are pretty secure by default nowadays so it's not much about "what should i do", but "what should i avoid doing", if you're not looking for trouble launching randomly downloaded stuff as an admin or clicking those nice weird extention links in viagram spam mails, you shouldn't really worry.

0

Share this post


Link to post
Share on other sites
Run behind any cheap off-the-shelf router with a firewall embedded, and ensure that you don't use port forwarding to your machine unless absolutely necessary. If you need to port forward, do it on a second machine that doesn't contain any of your code, and segregate that physically (i.e. not on the same network/behind the same router) as your code machine. That'll keep out probably 99.9% of people who might try to sniff your system.

To study up on security auditing, there's always a handful of good books, although I haven't personally read any in years (on security specific topics for Windows) so I can't make any recommendations offhand. You could also consider looking at certification study guides for various security certs, those have some decent introductory information usually (but the certs themselves are vastly overrated IMHO).
0

Share this post


Link to post
Share on other sites

Run behind any cheap off-the-shelf router with a firewall embedded, and ensure that you don't use port forwarding to your machine unless absolutely necessary.

 

Then I checked my router, and sure enough, there are open ports from games and torrents long ago.  So this whole exercise was a success.  

 

Thanks ApochPiQ!

0

Share this post


Link to post
Share on other sites

Run behind any cheap off-the-shelf router with a firewall embedded, and ensure that you don't use port forwarding to your machine unless absolutely necessary.

 

Then I checked my router, and sure enough, there are open ports from games and torrents long ago.  So this whole exercise was a success.  

 

Thanks ApochPiQ!

 

Reminds me I have an old TF2 port open as well. Should probably close it. smile.png

0

Share this post


Link to post
Share on other sites

Kinda hijacking the thread but... does port forwarding actually does anything to your online game "experience" ? If it shaves off 20ms of ping then its not worth it to me (im on the high 200s most of the time).

0

Share this post


Link to post
Share on other sites

Kinda hijacking the thread but... does port forwarding actually does anything to your online game "experience" ? If it shaves off 20ms of ping then its not worth it to me (im on the high 200s most of the time).

Generally if you're just a client of multiplayer games, you don't need to explicitly open/forward any ports at all. NAT should automatically set up all the forwarding.

 

If you have a firewall, which is set to block all ports by default, then you may need to tell it that you're intending to use a particular port... but nice ones will ask you (e.g. the basic Windows firewall pops up a dialog when you play a new MP game for the first time, asking if you'd like to block or allow that port.

 

If you're hosting a server for game, then you may need to forward ports, because when a client tries to connect to you by IP address, NAT hasn't occurred yet, so your home router will see their connection attempt as spam (you haven't contacted them first, so why are they contacting you?) and discard it. In these cases, you need to explicitly tell your router to forward this port on to your PC, so these unsolicited messages will make it to your game server. 

0

Share this post


Link to post
Share on other sites

Kinda hijacking the thread but... does port forwarding actually does anything to your online game "experience" ? If it shaves off 20ms of ping then its not worth it to me (im on the high 200s most of the time).

 

Port forwarding has nothing to do with latency. All it does is tell your router or system firewall "let me initiate a remote connection on outgoing port X and optionally translate said port to some other port Y" or (more likely) "let a remote host initiate a connection to my computer on incoming port X and optionally translate said port to some other port Y".

 

Basically, if you host a server and are behind a router, you'll most likely have to do some port forwarding, otherwise your router will deny anyone outside your network the ability to connect to your server. In general, most home routers by default let you connect to anything on any port, but do not let anything at all connect to you (which is not necessary for everday internet usage but only needed when you want to host a public service on your home network, which is by the way not recommended outside of the occasional game server as residential lines are not designed for this, in fact some ISP's will forbid you from doing so). Business or school routers, on the other hand, are stricter, due to security concerns.

 

This is really annoying because gamers around the world will typically just throw the same generic advice at people, "have you forwarded your ports", which is useless advice. Port forwarding is an all-or-nothing situation. If it's not configured right, you won't just lag, it simply will. not. work. at. all. And furthermore, allowing incoming connections on various ports on a home router is a security risk. And usually, unless you are hosting, you do not need to touch your ports as most people have it already set up by default. At least I've never had to.

 

So, no, unless your router has the horsepower of a pocket calculator, port forwarding should not affect latency. It will simply enable/prevent you to connect (or host).

 

^ and as Hodgman said above, computers behind a same router share the same IP, so unless you have told the router to "forward incoming stuff on port 1874 on my computer", it won't know where to send it inside the network and so will just discard it (or route it to the DMZ, if you have set that up)

 

Now UPNP is a different matter, though..

0

Share this post


Link to post
Share on other sites

Ahhh, I understand now. Thanks for the answers! Imaginary +1s to both of you.

 

That would be a +i then biggrin.png

0

Share this post


Link to post
Share on other sites


Ahhh, I understand now. Thanks for the answers! Imaginary +1s to both of you.

 
That would be a +i then biggrin.png


But he said for both = -1 sad.png
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0