104 lines
4.8 KiB
HTML
104 lines
4.8 KiB
HTML
<!--startcut ==========================================================-->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<title>A Bit About Security Issue 24</title>
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#A000A0"
|
|
ALINK="#FF0000">
|
|
<!--endcut ============================================================-->
|
|
|
|
<H4>
|
|
"Linux Gazette...<I>making Linux just a little more fun!</I>"
|
|
</H4>
|
|
|
|
<P> <HR> <P>
|
|
<!--===================================================================-->
|
|
|
|
<center>
|
|
<H2>A Bit About Security</H2>
|
|
<H4>By <a href="mailto:mabs@ancc.com.au">Marcus Berglund</a></H4>
|
|
</center>
|
|
<P> <HR> <P>
|
|
If you are a potential website/permanent connection, the first thing you
|
|
should know about is security...
|
|
<P>
|
|
I, from personal experience know what happens when people 'hack' into my
|
|
machine, it nearly become an international court case. I won't go into
|
|
details, but it was from my ignorance, and is why I lost my job.
|
|
<P>
|
|
When setting up a machine you should have a guess who might be able to
|
|
access you machine, and when you setup a new user, eg. to get pirated
|
|
programs, they'll know how to get in. Sure, you might be able to get free
|
|
programs and people might look at you in a different way, but if someone
|
|
with more experience than you (and there is always alot of them, no matter
|
|
how good you are) sees an obvious security hole they will exploit it as
|
|
much as they can, so they don't get in trouble and you do.
|
|
<P>
|
|
Linux/Unix is a very flexible/Configureable OS and thats where security
|
|
holes apear, and disapear. Just ask a system administrator, most Linux
|
|
distributions need some work before they are close to internet useable, or
|
|
hack proof. I personally couldn't list every file you would need to edit,
|
|
but startup files (or links with redhat & debian) you will need to
|
|
remove, if you don't use them, and /etc/inetd.conf is another place to
|
|
start, if you don't understand these files, imidiately remove network
|
|
connection, and read man pages!!!
|
|
<P>
|
|
A basic checklist might be: time, echo, nfs*, telnet*, smb (netbios), ftp,
|
|
login, pop3, nntp, tftp*, netstat, finger, http, etc... (* these are
|
|
popular protocols, but are can be very insecure), if you are on a network
|
|
and are unsure, ask your sysadmin, they will most certainly know more from
|
|
experience what you should and shouln't use, and most (experienced with
|
|
Linux) could probably give you some good advice...
|
|
<P>
|
|
At this stage you've gone through and remove unecessary services, now
|
|
restart your config files ('shutdown now' and login then as root then
|
|
'init 3' or restart (better ideas - send them in)), now you learn how the
|
|
protocols work, what files they access, and what security holes they
|
|
leave, eg. if you have people that are only using windows to share drives
|
|
you might set them up in a group that has no telnet and ftp access (for
|
|
example).
|
|
<P>
|
|
Adding new users should never be as easy as it seems, unless you can trust
|
|
the person, eg. I have an 'smb' group on my machine for samba users, and
|
|
they are denied access through telnet and ftp, since they are they only
|
|
other services I offer on my machine. When working out what people have
|
|
access to what, plan what you are going to do, eg. restrict certain
|
|
'groups' access to paticular services.
|
|
<P>
|
|
At this stage you are probably thinking, "What alot of stuffing around",
|
|
but as an 'NT ISP' recently proved to me, even they are succeptable to
|
|
incorrect user access attacks, so don't say that it is only resricted to
|
|
the Unicies, all OS's suffer, it's just that Unicies can be a little
|
|
harder to configure than NT, and can be attacked easier by very
|
|
experienced Unix hackers, as NT with NT hackers...
|
|
<P>
|
|
But probably the biggest advantage to Linux is that 99% of the time you
|
|
can get the source code and, I ask one question, if you gave away the
|
|
source code for a program, are you going to leave obvious security holes
|
|
for personal access, I think not...
|
|
<P>
|
|
It all mainly comes down to asking the computer, people on the internet
|
|
and sysadmins what you should and shouldn't do, and a little common sense
|
|
does help alot too, and have fun in the meanwhile.
|
|
|
|
<!--===================================================================-->
|
|
<P> <hr> <P>
|
|
<center><H5>Copyright © 1998, Marcus Berglund<BR>
|
|
Published in Issue 24 of <i>Linux Gazette</i>, January 1998</H5></center>
|
|
|
|
<!--===================================================================-->
|
|
<P> <hr> <P>
|
|
<A HREF="./index.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif"
|
|
ALT="[ TABLE OF CONTENTS ]"></A>
|
|
<A HREF="../index.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
|
|
ALT="[ FRONT PAGE ]"></A>
|
|
<A HREF="./moore.html"><IMG SRC="../gx/back2.gif"
|
|
ALT=" Back "></A>
|
|
<A HREF="./rogers.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
|
|
<P> <hr> <P>
|
|
<!--startcut ==========================================================-->
|
|
</BODY>
|
|
</HTML>
|
|
<!--endcut ============================================================-->
|