LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Security-HOWTO/x82.html

608 lines
15 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Overview</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Linux Security HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Introduction"
HREF="x21.html"><LINK
REL="NEXT"
TITLE="Physical Security"
HREF="physical-security.html"></HEAD
><BODY
CLASS="sect1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux Security HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x21.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="physical-security.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN82"
></A
>2. Overview</H1
><P
>&#13;This document will attempt to explain some procedures and commonly-used
software to help your Linux system be more secure. It is
important to discuss some of the basic concepts first, and create a
security foundation, before we get started.
</P
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN85"
></A
>2.1. Why Do We Need Security?</H2
><P
>&#13;In the ever-changing world of global data communications, inexpensive
Internet connections, and fast-paced software development, security is
becoming more and more of an issue. Security is now a basic
requirement because global computing is inherently insecure. As your
data goes from point A to point B on the Internet, for example, it may
pass through several other points along the way, giving other users
the opportunity to intercept, and even alter, it. Even other
users on your system may maliciously transform your data into
something you did not intend. Unauthorized access to your system may
be obtained by intruders, also known as "crackers", who then use
advanced knowledge to impersonate you, steal information from you, or
even deny you access to your own resources. If you're wondering
what the difference is between a "Hacker" and a "Cracker", see Eric
Raymond's document, "How to Become A Hacker", available at <A
HREF="http://www.catb.org/~esr/faqs/hacker-howto.html"
TARGET="_top"
>http://www.catb.org/~esr/faqs/hacker-howto.html</A
>.
</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN89"
></A
>2.2. How Secure Is Secure?</H2
><P
>&#13;First, keep in mind that no computer system can ever be completely
secure. All you can do is make it increasingly difficult for someone
to compromise your system. For the average home Linux user, not much
is required to keep the casual cracker at bay. However, for
high-profile Linux users (banks, telecommunications companies, etc),
much more work is required.
</P
><P
>&#13;Another factor to take into account is that the more secure your
system is, the more intrusive your security becomes. You need to
decide where in this balancing act your system will still be usable,
and yet secure for your purposes. For instance, you could require
everyone dialing into your system to use a call-back modem to call
them back at their home number. This is more secure, but if someone is
not at home, it makes it difficult for them to login. You could also
setup your Linux system with no network or connection to the Internet,
but this limits its usefulness.
</P
><P
>&#13;If you are a medium to large-sized site, you should establish a
security policy stating how much security is required by your site
and what auditing is in place to check it. You can find a well-known
security policy example at <A
HREF="http://www.faqs.org/rfcs/rfc2196.html"
TARGET="_top"
>http://www.faqs.org/rfcs/rfc2196.html</A
>. It has been recently
updated, and contains a great framework for establishing a security
policy for your company.
</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN95"
></A
>2.3. What Are You Trying to Protect?</H2
><P
>&#13;Before you attempt to secure your system, you should determine what
level of threat you have to protect against, what risks you should or
should not take, and how vulnerable your system is as a result. You
should analyze your system to know what you're protecting,
why you're protecting it, what value it has, and who has
responsibility for your data and other assets.
</P
><P
>&#13;
<P
></P
><UL
><LI
><P
>&#13;<EM
>Risk</EM
> is the possibility that an intruder may be successful in
attempting to access your computer. Can an intruder read or write
files, or execute programs that could cause damage? Can they delete
critical data? Can they prevent you or your company from getting important work
done? Don't forget: someone gaining access to your account, or your
system, can also impersonate you.
</P
><P
>&#13;Additionally, having one insecure account on your system can result in
your entire network being compromised. If you allow a single user
to login using a <TT
CLASS="literal"
>.rhosts</TT
> file, or to use an insecure
service such as <TT
CLASS="literal"
>tftp</TT
>, you risk an intruder getting 'his
foot in the door'. Once the intruder has a user account on your
system, or someone else's system, it can be used to gain access to
another system, or another account.
</P
></LI
><LI
><P
>&#13;<EM
>Threat</EM
> is typically from someone with motivation to gain unauthorized
access to your network or computer. You must decide whom you trust to
have access to your system, and what threat they could pose.
</P
><P
>&#13;There are several types of intruders, and it is useful to keep their
different characteristics in mind as you are securing your systems.
</P
><P
></P
><UL
><LI
><P
>&#13;<EM
>The Curious</EM
> - This type of intruder is basically
interested in finding out what type of system and data you have.
</P
></LI
><LI
><P
>&#13;<EM
>The Malicious</EM
> - This type of intruder is out to either
bring down your systems, or deface your web page, or otherwise force you
to spend time and money recovering from the damage he has caused.
</P
></LI
><LI
><P
>&#13;<EM
>The High-Profile Intruder</EM
> - This type of intruder is
trying to use your system to gain popularity and infamy. He might use
your high-profile system to advertise his abilities.
</P
></LI
><LI
><P
>&#13;<EM
>The Competition</EM
> - This type of intruder is interested in
what data you have on your system. It might be someone who thinks you
have something that could benefit him, financially or otherwise.
</P
></LI
><LI
><P
>&#13;<EM
>The Borrowers</EM
> - This type of intruder is interested in
setting up shop on your system and using its resources for their own
purposes. He typically will run chat or irc servers, porn archive
sites, or even DNS servers.
</P
></LI
><LI
><P
>&#13;<EM
>The Leapfrogger</EM
> - This type of intruder is only
interested in your system to use it to get into other systems. If your
system is well-connected or a gateway to a number of internal hosts,
you may well see this type trying to compromise your system.
</P
></LI
></UL
></LI
><LI
><P
>&#13;Vulnerability describes how well-protected your computer is from
another network, and the potential for someone to gain unauthorized
access.
</P
><P
>&#13;What's at stake if someone breaks into your system? Of course the
concerns of a dynamic PPP home user will be different from those of a
company connecting their machine to the Internet, or another large
network.
</P
><P
>&#13;How much time would it take to retrieve/recreate any data that was
lost? An initial time investment now can save ten times more time
later if you have to recreate data that was lost. Have you checked
your backup strategy, and verified your data lately?
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN133"
></A
>2.4. Developing A Security Policy</H2
><P
>&#13;Create a simple, generic policy for your system that your users can
readily understand and follow. It should protect the data you're
safeguarding as well as the privacy of the users. Some things to
consider adding are: who has access to the system (Can my friend use my
account?), who's allowed to install software on the system, who owns
what data, disaster recovery, and appropriate use of the system.
</P
><P
>&#13;A generally-accepted security policy starts with the phrase
</P
><P
>&#13;<SPAN
CLASS="QUOTE"
>"<EM
> That which is not permitted is prohibited</EM
>"</SPAN
>
</P
><P
>&#13;This means that unless you grant access to a service for a user, that
user shouldn't be using that service until you do grant access. Make
sure the policies work on your regular user account. Saying, "Ah, I
can't figure out this permissions problem, I'll just do it as root"
can lead to security holes that are very obvious, and even ones that
haven't been exploited yet.
</P
><P
>&#13;<A
HREF="ftp://www.faqs.org/rfcs/rfc1244.html"
TARGET="_top"
>rfc1244</A
>
is a document that describes how to create your own network security
policy.
</P
><P
>&#13;<A
HREF="ftp://www.faqs.org/rfcs/rfc1281.html"
TARGET="_top"
>rfc1281</A
>
is a document that shows an example security policy with detailed
descriptions of each step.
</P
><P
>&#13;Finally, you might want to look at the COAST policy archive at <A
HREF="ftp://coast.cs.purdue.edu/pub/doc/policy"
TARGET="_top"
>ftp://coast.cs.purdue.edu/pub/doc/policy</A
> to see what some
real-life security policies look like.
</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN147"
></A
>2.5. Means of Securing Your Site</H2
><P
>&#13;This document will discuss various means with which you can secure
the assets you have worked hard for: your local machine,
your data, your users, your network, even your reputation. What would
happen to your reputation if an intruder deleted some of your users'
data? Or defaced your web site? Or published your company's
corporate project plan for next quarter? If you are planning a network
installation, there are many factors you must take into account before
adding a single machine to your network.
</P
><P
>&#13;Even if you have a single dial up PPP account, or just a small site,
this does not mean intruders won't be interested in your systems.
Large, high-profile sites are not the only targets -- many intruders
simply want to exploit as many sites as possible, regardless of their
size. Additionally, they may use a security hole in your site to gain
access to other sites you're connected to.
</P
><P
>&#13;Intruders have a lot of time on their hands, and can avoid guessing
how you've obscured your system just by trying all the
possibilities. There are also a number of reasons an intruder may be
interested in your systems, which we will discuss later.
</P
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN152"
></A
>2.5.1. Host Security</H3
><P
>&#13;Perhaps the area of security on which administrators concentrate most is
host-based security. This typically involves making sure your own
system is secure, and hoping everyone else on your network does the
same. Choosing good passwords, securing your host's local network
services, keeping good accounting records, and upgrading programs with
known security exploits are among the things the local security
administrator is responsible for doing. Although this is absolutely
necessary, it can become a daunting task once your network becomes
larger than a few machines.
</P
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN155"
></A
>2.5.2. Local Network Security</H3
><P
>&#13;Network security is as necessary as local host security. With
hundreds, thousands, or more computers on the same network,
you can't rely on each one of those systems being secure. Ensuring
that only authorized users can use your network,
building firewalls, using strong encryption, and ensuring
there are no "rogue" (that is, unsecured) machines on your network are all
part of the network security administrator's duties.
</P
><P
>&#13;This document will discuss some of the techniques used to secure your
site, and hopefully show you some of the ways to prevent an intruder
from gaining access to what you are trying to protect.
</P
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN159"
></A
>2.5.3. Security Through Obscurity</H3
><P
>&#13;One type of security that must be discussed is "security through
obscurity". This means, for example, moving a service that has known
security vulnerabilities to a non-standard port in hopes that attackers
won't notice it's there and thus won't exploit it. Rest assured that
they can determine that it's there and will exploit it. Security
through obscurity is no security at all. Simply because you may have a
small site, or a relatively low profile, does not mean an intruder
won't be interested in what you have. We'll discuss what you're
protecting in the next sections.
</P
></DIV
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN162"
></A
>2.6. Organization of This Document</H2
><P
>&#13;This document has been divided into a number of sections. They cover
several broad security issues. The first,
<A
HREF="physical-security.html"
>Section 3</A
>,
covers how you need to protect your physical machine from
tampering. The second,
<A
HREF="local-security.html"
>Section 4</A
>, describes how to
protect your system from tampering by local users. The third,
<A
HREF="file-security.html"
>Section 5</A
>,
shows you how to setup your file systems and permissions on your
files. The next, <A
HREF="password-security.html"
>Section 6</A
>, discusses how to use encryption to better secure
your machine and network.
<A
HREF="kernel-security.html"
>Section 7</A
> discusses what kernel
options you should set or be aware of for a more secure system.
<A
HREF="network-security.html"
>Section 8</A
>, describes how to
better secure your Linux system from network attacks.
<A
HREF="secure-prep.html"
>Section 9</A
>, discusses how to
prepare your machine(s) before bringing them on-line. Next,
<A
HREF="after-breakin.html"
>Section 10</A
>,
discusses what to do when you detect a system compromise in progress
or detect one that has recently happened. In <A
HREF="sources.html"
>Section 11</A
>, some primary security resources are enumerated.
The Q and A section <A
HREF="q-and-a.html"
>Section 13</A
>,
answers some frequently-asked questions, and finally a conclusion in
<A
HREF="conclusion.html"
>Section 14</A
>
</P
><P
>&#13;The two main points to realize when reading this document are:
</P
><P
>&#13;
<P
></P
><UL
><LI
><P
>&#13;Be aware of your system. Check system logs such as
<TT
CLASS="literal"
>/var/log/messages</TT
> and keep an eye on your system, and
</P
></LI
><LI
><P
>&#13;Keep your system up-to-date by making sure you have installed the
current versions of software and have upgraded per security alerts.
Just doing this will help make your system markedly more secure.
</P
></LI
></UL
>
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x21.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="physical-security.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Introduction</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Physical Security</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink