A Perspective on System Security
Initial Steps in Setting Up a Secure System
TCP Wrapper Configuration
Firewalls: Filtering IP Packets
In this chapter we'll discuss basic Linux system security. Security is unfortunately a topic of ever-growing importance, especially with the increasing use of permanently network-connected systems that are vulnerable to remote attacks even while unattended.
Most system security is common-sense good practice. Many of the best techniques are the simplest, yet frequently ignored practices; we'll cover those first. We'll then move on to some of the less obvious practices, and we'll conclude with a short discussion on the complex subject of network security. We'll also include some firewall recipes to protect simple installations against network attack.
It's sometimes difficult keeping a balanced perspective on system security. The media tends to sensationalize stories relating to security breaches, especially when they involve well-known companies or institutions. On the other hand, managing security can be a technically challenging and time-consuming task. Many Internet users take the view that their system holds no valuable data, so security isn't much of an issue. Others spend large amounts of effort nailing down their systems to protect against unauthorized use. No matter where you sit in this spectrum you should be aware that there is always a risk that you will become the target of a security attack. There are a whole host of reasons as to why someone might be interested in breaching your system security. The value of the data on your system is only one of them; we discuss some others later in the chapter. You must make your own judgment as to how much effort you will expend, though we recommend you err on the side of caution.
Traditional system security focused on systems that were accessible through either a connected hard-wired terminal or the system console. In this realm the greatest risks typically came from within the organization owning the system, and the best form of defense was physical security, in which system consoles, terminals, and hosts were in locked rooms. Even when computer systems started to become network-connected, access was still very limited. The networks in use were often expensive to gain access to, or were closed networks that did not allow connections to hosts from just anywhere.
The popularity of the Internet has given rise to a new wave of network-based security concerns. An Internet-connected computer is open to potential abuse from tens of millions of hosts around the world. With improved accessibility comes an increase in the number of antisocial individuals intent upon causing nuisance. On the Internet, a number of forms of antisocial behavior are of interest to the system administrator. Those that we'll address in this chapter are:
A DoS attack commonly involves generating an abnormally large number of requests to a service provided by a system. This rush of activity may cause the host system to exhaust its memory, processing power, or network bandwidth. As a result, further requests to the system are refused, or the system's performance degrades to an unusable point. For this attack to work, an attacker must either exploit a poorly designed service, or be able to generate a number of requests far exceeding the capacity of the service.
A more insidious form of DoS attack is the distributed denial of service (DDoS). In this form of attack, a large number of computers are caused to generate requests against a service. This increases the damage of a DoS attack in two ways: by overwhelming the target with a huge volume of traffic, and by hiding the perpetrator behind thousands of unwitting participants. Using a large number of hosts from which to launch an attack also makes DDoS attacks particularly difficult to control and remedy once they've occurred. Even people who have no concerns about the state of their own data should protect themselves against this form of attack so as to minimize the risk of becoming an unwitting accomplice in a DDoS attack against someone else.
The second form of attack, sometimes known as cracking,[63] is the one that most people associate with security. Companies and institutions often store sensitive data on network-accessible computer systems. A common example of concern to the average Internet user is the storage of credit-card details by web sites. Where there is money involved there is incentive for dishonest individuals to gain access and steal or misuse this kind of sensitive data.
[63]The terms cracking and hacking are often confused in popular usage. While cracking involves immoral or illegal behavior (such as compromising the security of a system), hacking is a generic word meaning to program, tinker with, or have an intense interest in something. The popular media often uses the term hacking to refer to cracking; the Linux community is trying to reassociate hacking with positive connotations.
Sometimes the methods that are used to gain unauthorized access or disrupt service are very ingenious, if not unethical. Designing an intrusion mechanism often requires a strong knowledge of the target system to uncover an exploit. Often, once an intrusion mechanism has been discovered, it is packaged in the form of a so-called rootkit, a set of programs or scripts that anyone possessing only basic knowledge can use to exploit a security hole. The vast majority of intrusion attacks are launched by "script kiddies" that make use of these prepackaged intrusion kits without any real knowledge of the systems they are attacking. The good news is that it is usually straightforward for a system administrator to protect a system from these well-known attacks; we discuss various ways to secure your system in this chapter.
Copyright © 2003 O'Reilly & Associates. All rights reserved.