Security How To (part 2)

Overview
This document will attempt to explain some procedures and commonly-used software
to help your Linux system be more secure. It is important to discuss some of
the basic concepts first, and create a security foundation, before we get started.

Why Do We Need Security?
In the ever-changing world of global data communications, inexpensive Internet connections,
and fast-paced software development, security is becoming more and more
of an issue. Security is now a basic requirement because global computing is inherently
insecure. As your data goes from point A to point B on the Internet, for example,
it may pass through several other points along the way, giving other users the opportunity
to intercept, and even alter, it. Even other users on your system may maliciously
transform your data into something you did not intend. Unauthorized access
to your system may be obtained by intruders, also known as "crackers", who then
use advanced knowledge to impersonate you, steal information from you, or even
deny you access to your own resources. If you’re wondering what the difference is
between a "Hacker" and a "Cracker", see Eric Raymond’s document, "How to Become
A Hacker", available at http://www.catb.org/~esr/faqs/hacker-howto.html.
How Secure Is Secure?
First, keep in mind that no computer system can ever be completely secure. All you
can do is make it increasingly difficult for someone to compromise your system. For
the average home Linux user, not much is required to keep the casual cracker at bay.
However, for high-profile Linux users (banks, telecommunications companies, etc),
much more work is required.
Another factor to take into account is that the more secure your system is, the more
intrusive your security becomes. You need to decide where in this balancing act your
system will still be usable, and yet secure for your purposes. For instance, you could
require everyone dialing into your system to use a call-back modem to call them back
at their home number. This is more secure, but if someone is not at home, it makes it
difficult for them to login. You could also setup your Linux system with no network
or connection to the Internet, but this limits its usefulness.
If you are a medium to large-sized site, you should establish a security
policy stating how much security is required by your site and what auditing
is in place to check it. You can find a well-known security policy example at
What Are You Trying to Protect?
Before you attempt to secure your system, you should determine what level of threat
you have to protect against, what risks you should or should not take, and how vulnerable
your system is as a result. You should analyze your system to know what
you’re protecting, why you’re protecting it, what value it has, and who has responsibility
for your data and other assets.
• Risk is the possibility that an intruder may be successful in attempting to access
your computer. Can an intruder read or write files, or execute programs that could
cause damage? Can they delete critical data? Can they prevent you or your company
from getting important work done? Don’t forget: someone gaining access to
your account, or your system, can also impersonate you.
Additionally, having one insecure account on your system can result in your entire
network being compromised. If you allow a single user to login using a .rhosts
file, or to use an insecure service such as tftp, you risk an intruder getting ’his
foot in the door’. Once the intruder has a user account on your system, or someone
else’s system, it can be used to gain access to another system, or another account.
• Threat is typically from someone with motivation to gain unauthorized access to
your network or computer. You must decide whom you trust to have access to
your system, and what threat they could pose.
There are several types of intruders, and it is useful to keep their different characteristics
in mind as you are securing your systems.
• The Curious - This type of intruder is basically interested in finding out what type
of system and data you have.
• The Malicious - This type of intruder is out to either bring down your systems, or
deface your web page, or otherwise force you to spend time and money recovering
from the damage he has caused.
• The High-Profile Intruder - This type of intruder is trying to use your system to
gain popularity and infamy. He might use your high-profile system to advertise
his abilities.
• The Competition - This type of intruder is interested in what data you have on
your system. It might be someone who thinks you have something that could
benefit him, financially or otherwise.
• The Borrowers - This type of intruder is interested in setting up shop on your
system and using its resources for their own purposes. He typically will run
chat or irc servers, porn archive sites, or even DNS servers.
• The Leapfrogger - This type of intruder is only interested in your system to use
it to get into other systems. If your system is well-connected or a gateway to a
number of internal hosts, you may well see this type trying to compromise your
system.
• Vulnerability describes how well-protected your computer is from another network,
and the potential for someone to gain unauthorized access.
What’s at stake if someone breaks into your system? Of course the concerns of a
dynamic PPP home user will be different from those of a company connecting their
machine to the Internet, or another large network.