LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue46/pollman.html

157 lines
7.1 KiB
HTML
Raw Permalink Blame History

<!--startcut BEGIN header ==============================================-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML><HEAD>
<title>Security for the Home Network LG #46</title>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
ALINK="#FF0000">
<!--endcut ============================================================-->
<H4>
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <HR> <P>
<!--===================================================================-->
<center>
<H1><font color="maroon">Security for the Home Network</font></H1>
<H4>By <a href="mailto:jpollman@bigfoot.com">JC Pollman</a> and
<a href="mailto:bill.mote@bigfoot.com">Bill Mote</a></H4>
</center>
<P> <HR> <P>
<!-- END header -->
<p>Security for the home network is your responsibility.&nbsp; With all
the tools available to the crackers and script kiddies, it is not a matter of
<EM><STRONG>if</STRONG></EM> but rather <EM><STRONG>when</STRONG></EM> you
will be probed and possibly attacked.&nbsp; I have personally been connected
via modem for less than 5 minutes and been port scanned!&nbsp; Your ISP really
does not care if you are being attacked by "x" because if they shut down "x",
tomorrow it will be "y"
attacking you. Fortunately there are several things you can do to
greatly increase the security of your network.
<p><b>Disclaimer: </b>This article provides information we have gleamed
from reading the books, the HOWTOs, man pages, usenet news groups, and
countless hours banging on the keyboard. It is not meant to be an all inclusive
exhaustive study on the topic, but rather, a stepping stone from the novice
to the intermediate user.&nbsp; All the examples are taken directly from
our home networks so we know they work.
<p><b>How to use this guide:</b>
<ul>
<li>
Words encapsulated by square brackets like [Enter] indicate the depression
of a key on the keyboard or a mouse button [Mouse1]</li>
<li>
Words encapsulated by squiggly brackets like {your name here} indicate
data that will/should be substituted with "real" data</li>
<li>
Text depicted in italics are commands you, the user, should type at a prompt</li>
</ul>
<b>Prerequisites:</b> This guide assumes that you have tcp wrapper and
ipchains installed, that you are running kernel 2.2.0 or higher, that you
have selected a legal/private domain name,&nbsp; that you're using IP Masquerade
to "hide" your machine from the internet, and that you are consistently
able to connect to the internet.
<p><b>Why crack me?</b> Most of us believed, at one time, that we were
so insignificant that a cracker would not waste his time with us. Additionally,
there are so many computers connected to the internet that the odds of
being cracked were virtually nil. Five years ago that was probably a correct
assessment.&nbsp; With the advent of the script kiddies, this is no longer
true. The tools available to them make it so easy to find and crack systems
that anyone who can turn on a computer can do it.
<p>There are two main reasons they may want to crack your home system:
the thrill of another conquest, and to get information to use your ISP
account to launch other attacks. Life will become distinctly unpleasant
when the authorities come to your door investigating why you were using
your ISP account to break into the pentagon.
<p>The following information comes from a series of <a href="http://www.enteract.com/~lspitz/pubs.html">excellent
articles</a> by <a href="mailto:lance@spitzner.net">Lance Spitzner</a>.
They should scare you straight if you have taken security lightly up to
now.
<blockquote>The script kiddie methodology is a simple one. Scan the Internet
for a specific weakness, when you find it, exploit it. Most of the tools
they use are automated, requiring little interaction. You launch the tool,
then come back several days later to get your results.&nbsp; No two tools
are alike, just as no two exploits are alike. However, most of the tools
use the same strategy. First, develop a&nbsp; database of IPs that can
be scanned. Then, scan those IPs for a specific vulnerability.</blockquote>
<blockquote>Once they find a vulnerable system and gain root, their first
step is normally to cover their tracks.&nbsp; They want to ensure you do
not know your system was hacked and cannot see nor log their actions.&nbsp;
Following this, they often use your system to scan other networks, or silently
monitor your own.</blockquote>
And now for the bad news: <a href="http://www.cert.org/tech_tips/root_compromise.html">CERT&reg;
Coordination Center</a> has only one solution if you have been cracked:
reinstall everything from scratch!
<p><b>The Firewall Machine:</b> Ideally your firewall should be a machine
dedicated to just that: being your security. Given that you only need the
power of a 486, this should not be to hard to handle. By using a computer
to just be your firewall you can shutdown all the processes that normally
get attacked - like imap, ftp, sendmail, etc. A simple solution would be
to create a boot floppy with everything you need on it and run it out of
a ram disk. That way, if you are cracked, you just reboot the machine,
and without a hard drive it will run much cooler. Check out the
<A HREF=http://www.linux-router.org>Linux Router Project</A>
for how to set it up.
<p>However, for the purposes of this article the
authors assume you're setting this up on your primary server and that
you've been following along with the previous month's articles on DNS and
SendMail.
<p><b>What we will cover: </b>There are hundreds, maybe even thousands,
of ways to crack into your computer. And for every way in, you need to
provide a defense. We are not going to cover everything here: we will cover
just the basics to get your machine secured from the most likely attacks.
<blockquote><a href="pollman/ip_spoofing.html">ip
spoofing</a>
<br><a href="pollman/tcpwrappers.html">tcp
wrappers</a>
<br><a href="pollman/ipchains.html">ipchains</a></blockquote>
<b>What we will not be covering:</b>
<blockquote>physical security
<br>specific programs you run
<br>encrypting data</blockquote>
<hr SIZE=4 WIDTH="90%">
<br>Here are some <a href="pollman/final_thoughts.html">final
thoughts</a> to whet your appetite. Next month we will be discussing dhcp.
<center>
<!-- BEGIN copyright ==================================================-->
<P> <hr> <P>
<H5 ALIGN=center>
Copyright &copy; 1999, JC Pollman and Bill Mote <BR>
Published in Issue 46 of <i>Linux Gazette</i>, October 1999</H5>
<!-- END copyright ===================================================-->
<!--startcut footer ===================================================-->
<P> <hr> <P>
<A HREF="index.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif"
ALT="[ TABLE OF CONTENTS ]"></A>
<A HREF="../index.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="orr.html"><IMG SRC="../gx/back2.gif"
ALT=" Back "></A>
<A HREF="../faq/index.html"
><IMG SRC="./../gx/dennis/faq.gif"
ALT="[ Linux Gazette FAQ ]"></A>
<A HREF="serrao.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
<P> <hr> <P>
</BODY></HTML>
<!--endcut ============================================================-->
Reference in New Issue View Git Blame Copy Permalink