1 / 41

Linux Security

Linux Security. Keeping Your System Safe. What Are the Threats?. Local Threats. Curious employees. Disgruntled employees Errant programs/applications. Unauthorized personnel. Remote Threats. Unauthorized Dial-in access. Unauthorized Internet Access Script Kiddies

august
Download Presentation

Linux Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux Security Keeping Your System Safe

  2. What Are the Threats?

  3. Local Threats • Curious employees. • Disgruntled employees • Errant programs/applications. • Unauthorized personnel.

  4. Remote Threats • Unauthorized Dial-in access. • Unauthorized Internet Access • Script Kiddies • Viruses, Worms, Trojan Horses, etc.

  5. Thank You, Microsoft • All Microsoft Operating Systems are insecure by design. • Ease of use features typically are security threats, i.e. ability to automatically run scripts and programs delivered through email. • Majority of threats aimed at Microsoft Operating Systems. • Outlook scripts • IIS weaknesses • Microsoft services weaknesses, i.e., DNS, Bind, etc. • Good because it keeps them away from Linux/Unix; bad because it encourages them to try.

  6. How Real Are the Threats? • Recent media coverage is one indication • Corporate firewall logs show constant increases. • Sites such as http://www.dshield.org tracking security threats show increased attempts. • All systems, including personal systems are at risk.

  7. A Simple Home Installation • November 2000, I installed a cable modem and firewall: • Why? Compaq requires hardware firewalls and I felt more comfortable with one. • Home network consists of 3 computers on line full time and notebook when working from home. • Service is with Cablevision through cable modem. • No servers anywhere in my network • Firewall has ping reply turned off • No machine internal to firewall is visible outside the network. • Security tested courtesy of ShieldsUp at http://grc.com

  8. My Firewall Log WAN Type: Dynamic IP Address (R1.93e) Display time: Monday, July 30, 2001 20:46:15 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:41 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Friday, July 27, 2001 21:57:42 Unrecognized access from 64.224.17.142:21548 to UDP port 6970 Saturday, July 28, 2001 02:55:12 Unrecognized access from 24.26.235.214:1819 to TCP port 27374 Saturday, July 28, 2001 02:55:15 Unrecognized access from 24.26.235.214:1819 to TCP port 27374 Saturday, July 28, 2001 02:55:21 Unrecognized access from 24.26.235.214:1819 to TCP port 27374 Saturday, July 28, 2001 02:55:33 Unrecognized access from 24.26.235.214:1819 to TCP port 27374 Saturday, July 28, 2001 05:19:07 Unrecognized access from 24.191.124.172:2525 to TCP port 27374 Saturday, July 28, 2001 05:19:10 Unrecognized access from 24.191.124.172:2525 to TCP port 27374 Saturday, July 28, 2001 05:19:16 Unrecognized access from 24.191.124.172:2525 to TCP port 27374 Saturday, July 28, 2001 05:19:27 Unrecognized access from 24.191.124.172:2525 to TCP port 27374 Saturday, July 28, 2001 05:38:58 DHCP:renew Saturday, July 28, 2001 05:38:58 DHCP:ack(DOL=302400,T1=151200,T2=264600)

  9. Saturday, July 28, 2001 06:35:07 Unrecognized access from 24.28.123.241:3722 to TCP port 1243 Saturday, July 28, 2001 06:35:07 Unrecognized access from 24.28.123.241:3723 to TCP port 27374 Saturday, July 28, 2001 06:35:10 Unrecognized access from 24.28.123.241:3723 to TCP port 27374 Saturday, July 28, 2001 06:35:10 Unrecognized access from 24.28.123.241:3722 to TCP port 1243 Saturday, July 28, 2001 06:35:16 Unrecognized access from 24.28.123.241:3723 to TCP port 27374 Saturday, July 28, 2001 06:35:16 Unrecognized access from 24.28.123.241:3722 to TCP port 1243 Saturday, July 28, 2001 06:35:28 Unrecognized access from 24.28.123.241:3723 to TCP port 27374 Saturday, July 28, 2001 06:35:28 Unrecognized access from 24.28.123.241:3722 to TCP port 1243 Saturday, July 28, 2001 08:36:09 Unrecognized access from 216.128.206.5:4974 to TCP port 111 Saturday, July 28, 2001 09:03:17 Unrecognized access from 24.191.49.172:2996 to TCP port 27374 Saturday, July 28, 2001 09:03:20 Unrecognized access from 24.191.49.172:2996 to TCP port 27374 Saturday, July 28, 2001 09:03:26 Unrecognized access from 24.191.49.172:2996 to TCP port 27374 Saturday, July 28, 2001 09:03:38 Unrecognized access from 24.191.49.172:2996 to TCP port 27374 Saturday, July 28, 2001 10:15:47 Unrecognized access from 24.188.129.85:137 to UDP port 137 Saturday, July 28, 2001 10:15:49 Unrecognized access from 24.188.129.85:137 to UDP port 137 Saturday, July 28, 2001 10:15:50 Unrecognized access from 24.188.129.85:137 to UDP port 137 Saturday, July 28, 2001 15:39:41 Unrecognized access from 210.96.22.193:4603 to TCP port 515 Saturday, July 28, 2001 16:31:50 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:31:51 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:31:53 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:31:54 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:31:56 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:31:57 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:32:08 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:32:09 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:32:11 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:32:12 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:32:14 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 16:32:15 Unrecognized access from 24.132.249.27:137 to UDP port 137 Saturday, July 28, 2001 17:24:45 Unrecognized access from 24.1.138.43:3398 to TCP port 27374 Saturday, July 28, 2001 17:24:48 Unrecognized access from 24.1.138.43:3398 to TCP port 27374 Saturday, July 28, 2001 17:24:54 Unrecognized access from 24.1.138.43:3398 to TCP port 27374 Saturday, July 28, 2001 17:25:06 Unrecognized access from 24.1.138.43:3398 to TCP port 27374 Saturday, July 28, 2001 19:57:21 Unrecognized access from 209.136.35.2:111 to TCP port 111 Saturday, July 28, 2001 22:31:44 sagan sent a job to printer Saturday, July 28, 2001 22:32:39 job was done Saturday, July 28, 2001 22:53:06 sagan sent a job to printer Saturday, July 28, 2001 22:53:53 job was done Sunday, July 29, 2001 07:41:29 roddenberry sent a job to printer Sunday, July 29, 2001 07:53:39 job was done Sunday, July 29, 2001 07:53:47 roddenberry sent a job to printer Sunday, July 29, 2001 08:02:57 job was done Sunday, July 29, 2001 08:03:07 roddenberry sent a job to printer Sunday, July 29, 2001 08:07:19 job was done Sunday, July 29, 2001 09:18:44 roddenberry sent a job to printer Sunday, July 29, 2001 09:19:37 job was done

  10. Sunday, July 29, 2001 12:20:07 Unrecognized access from 24.21.173.44:1198 to TCP port 27374 Sunday, July 29, 2001 12:20:10 Unrecognized access from 24.21.173.44:1198 to TCP port 27374 Sunday, July 29, 2001 12:20:16 Unrecognized access from 24.21.173.44:1198 to TCP port 27374 Sunday, July 29, 2001 12:20:28 Unrecognized access from 24.21.173.44:1198 to TCP port 27374 Sunday, July 29, 2001 13:18:58 Unrecognized access from 24.43.164.99:3729 to TCP port 27374 Sunday, July 29, 2001 13:19:01 Unrecognized access from 24.43.164.99:3729 to TCP port 27374 Sunday, July 29, 2001 13:19:07 Unrecognized access from 24.43.164.99:3729 to TCP port 27374 Sunday, July 29, 2001 13:19:19 Unrecognized access from 24.43.164.99:3729 to TCP port 27374 Sunday, July 29, 2001 15:31:25 Unrecognized access from 216.12.192.2:2070 to TCP port 27374 Sunday, July 29, 2001 15:31:28 Unrecognized access from 216.12.192.2:2070 to TCP port 27374 Sunday, July 29, 2001 15:31:28 Unrecognized access from 216.12.192.2:2069 to TCP port 1243 Sunday, July 29, 2001 15:31:34 Unrecognized access from 216.12.192.2:2070 to TCP port 27374 Sunday, July 29, 2001 15:31:34 Unrecognized access from 216.12.192.2:2069 to TCP port 1243 Sunday, July 29, 2001 15:31:47 Unrecognized access from 216.12.192.2:2070 to TCP port 27374 Sunday, July 29, 2001 15:31:47 Unrecognized access from 216.12.192.2:2069 to TCP port 1243 Sunday, July 29, 2001 18:58:02 Unrecognized access from 211.254.60.205:2892 to TCP port 111 Sunday, July 29, 2001 18:58:16 Unrecognized access from 211.254.60.205:2892 to TCP port 111 Sunday, July 29, 2001 19:13:01 Unrecognized access from 24.167.33.147:137 to UDP port 137 Sunday, July 29, 2001 19:13:03 Unrecognized access from 24.167.33.147:137 to UDP port 137 Sunday, July 29, 2001 19:13:04 Unrecognized access from 24.167.33.147:137 to UDP port 137 Sunday, July 29, 2001 19:14:05 Unrecognized access from 211.96.5.74:3308 to TCP port 111 Sunday, July 29, 2001 19:14:44 Unrecognized access from 217.58.40.251:3349 to TCP port 515 Sunday, July 29, 2001 19:14:47 Unrecognized access from 217.58.40.251:3349 to TCP port 515 Sunday, July 29, 2001 20:43:48 Unrecognized access from 24.186.80.220:137 to UDP port 137 Sunday, July 29, 2001 20:43:49 Unrecognized access from 24.186.80.220:137 to UDP port 137 Sunday, July 29, 2001 20:43:51 Unrecognized access from 24.186.80.220:137 to UDP port 137 Sunday, July 29, 2001 22:21:38 Unrecognized access from 128.121.244.93:2402 to TCP port 27374 Sunday, July 29, 2001 22:56:28 Unrecognized access from 66.26.119.191:137 to UDP port 137 Sunday, July 29, 2001 22:56:29 Unrecognized access from 66.26.119.191:137 to UDP port 137 Sunday, July 29, 2001 22:56:31 Unrecognized access from 66.26.119.191:137 to UDP port 137 Sunday, July 29, 2001 22:56:32 Unrecognized access from 66.26.119.191:137 to UDP port 137 Sunday, July 29, 2001 22:56:34 Unrecognized access from 66.26.119.191:137 to UDP port 137 Sunday, July 29, 2001 22:56:35 Unrecognized access from 66.26.119.191:137 to UDP port 137 Sunday, July 29, 2001 23:20:29 roddenberry sent a job to printer Sunday, July 29, 2001 23:21:42 job was done Sunday, July 29, 2001 23:39:00 DHCP:renew Sunday, July 29, 2001 23:39:00 DHCP:ack(DOL=302400,T1=151200,T2=264600) Monday, July 30, 2001 00:15:32 sagan sent a job to printer Monday, July 30, 2001 00:16:09 job was done Monday, July 30, 2001 02:57:00 Unrecognized access from 24.42.158.61:1702 to TCP port 111 Monday, July 30, 2001 02:57:03 Unrecognized access from 24.42.158.61:1702 to TCP port 111 Monday, July 30, 2001 05:57:27 Unrecognized access from 24.23.45.224:1598 to TCP port 27374 Monday, July 30, 2001 05:57:30 Unrecognized access from 24.23.45.224:1598 to TCP port 27374 Monday, July 30, 2001 06:52:44 Unrecognized access from 206.71.117.31:4223 to TCP port 27374 Monday, July 30, 2001 06:52:47 Unrecognized access from 206.71.117.31:4223 to TCP port 27374 Monday, July 30, 2001 11:11:13 Unrecognized access from 194.236.30.231:3691 to TCP port 1243 Monday, July 30, 2001 11:11:13 Unrecognized access from 194.236.30.231:3692 to TCP port 27374 Monday, July 30, 2001 11:11:16 Unrecognized access from 194.236.30.231:3692 to TCP port 27374

  11. Monday, July 30, 2001 11:11:16 Unrecognized access from 194.236.30.231:3691 to TCP port 1243 Monday, July 30, 2001 11:11:22 Unrecognized access from 194.236.30.231:3692 to TCP port 27374 Monday, July 30, 2001 11:11:22 Unrecognized access from 194.236.30.231:3691 to TCP port 1243 Monday, July 30, 2001 11:11:34 Unrecognized access from 194.236.30.231:3692 to TCP port 27374 Monday, July 30, 2001 11:11:34 Unrecognized access from 194.236.30.231:3691 to TCP port 1243 Monday, July 30, 2001 11:58:51 sagan sent a job to printer Monday, July 30, 2001 11:59:28 job was done Monday, July 30, 2001 12:02:18 sagan sent a job to printer Monday, July 30, 2001 12:02:56 job was done Monday, July 30, 2001 12:03:07 sagan sent a job to printer Monday, July 30, 2001 12:03:39 job was done Monday, July 30, 2001 12:03:47 sagan sent a job to printer Monday, July 30, 2001 12:04:22 job was done Monday, July 30, 2001 12:05:03 sagan sent a job to printer Monday, July 30, 2001 12:05:37 job was done Monday, July 30, 2001 12:06:06 sagan sent a job to printer Monday, July 30, 2001 12:06:41 job was done Monday, July 30, 2001 12:06:56 sagan sent a job to printer Monday, July 30, 2001 12:07:28 job was done Monday, July 30, 2001 12:07:33 sagan sent a job to printer Monday, July 30, 2001 12:08:11 job was done Monday, July 30, 2001 12:09:13 sagan sent a job to printer Monday, July 30, 2001 12:09:47 job was done Monday, July 30, 2001 12:09:59 sagan sent a job to printer Monday, July 30, 2001 12:10:30 job was done Monday, July 30, 2001 12:10:38 sagan sent a job to printer Monday, July 30, 2001 12:11:12 job was done Monday, July 30, 2001 12:11:31 sagan sent a job to printer Monday, July 30, 2001 12:12:05 job was done Monday, July 30, 2001 12:12:32 sagan sent a job to printer Monday, July 30, 2001 12:13:05 job was done Monday, July 30, 2001 12:13:34 sagan sent a job to printer Monday, July 30, 2001 12:14:08 job was done Monday, July 30, 2001 12:14:15 sagan sent a job to printer Monday, July 30, 2001 12:14:49 job was done

  12. Monday, July 30, 2001 12:18:13 Unrecognized access from 24.21.107.120:4310 to TCP port 27374 Monday, July 30, 2001 12:18:16 Unrecognized access from 24.21.107.120:4310 to TCP port 27374 Monday, July 30, 2001 12:18:22 Unrecognized access from 24.21.107.120:4310 to TCP port 27374 Monday, July 30, 2001 12:18:34 Unrecognized access from 24.21.107.120:4310 to TCP port 27374 Monday, July 30, 2001 13:35:18 Unrecognized access from 24.181.58.50:3538 to TCP port 27374 Monday, July 30, 2001 13:35:21 Unrecognized access from 24.181.58.50:3538 to TCP port 27374 Monday, July 30, 2001 13:35:27 Unrecognized access from 24.181.58.50:3538 to TCP port 27374 Monday, July 30, 2001 13:45:21 Unrecognized access from 65.30.161.170:137 to UDP port 137 Monday, July 30, 2001 13:45:22 Unrecognized access from 65.30.161.170:137 to UDP port 137 Monday, July 30, 2001 13:45:24 Unrecognized access from 65.30.161.170:137 to UDP port 137 Monday, July 30, 2001 14:37:16 Unrecognized access from 206.71.117.31:3956 to TCP port 27374 Monday, July 30, 2001 14:37:19 Unrecognized access from 206.71.117.31:3956 to TCP port 27374 Monday, July 30, 2001 14:37:45 Unrecognized access from 206.71.117.31:3333 to TCP port 27374 Monday, July 30, 2001 14:37:48 Unrecognized access from 206.71.117.31:3333 to TCP port 27374 Monday, July 30, 2001 15:04:29 Unrecognized access from 206.71.117.31:3615 to TCP port 27374 Monday, July 30, 2001 19:06:43 Unrecognized access from 24.157.38.120:137 to UDP port 137 Monday, July 30, 2001 19:06:43 Unrecognized access from 192.168.0.2:137 to UDP port 137 Monday, July 30, 2001 19:06:44 Unrecognized access from 192.168.0.2:137 to UDP port 137 Monday, July 30, 2001 19:06:44 Unrecognized access from 24.157.38.120:137 to UDP port 137 Monday, July 30, 2001 19:06:46 Unrecognized access from 24.157.38.120:137 to UDP port 137 Monday, July 30, 2001 19:06:46 Unrecognized access from 192.168.0.2:137 to UDP port 137 Monday, July 30, 2001 19:42:01 sagan sent a job to printer Monday, July 30, 2001 19:42:49 job was done Monday, July 30, 2001 20:04:49 Unrecognized access from 205.134.172.2:2549 to UDP port 53 Monday, July 30, 2001 20:15:38 Unrecognized access from 210.114.174.39:3717 to TCP port 515 Monday, July 30, 2001 20:15:41 Unrecognized access from 210.114.174.39:3717 to TCP port 515 Monday, July 30, 2001 20:46:07 192.168.123.120 login successful

  13. How Many Attackers? http://www.whois.net/ 64.224.17.142 INTERLAND.NET 24.26.235.214 RR.COM 24.191.124.172 Cablevision Systems Corp 24.28.123.241 RR.COM 216.128.206.5 Optilink Communications, Inc. 24.191.49.172 Cablevision Systems Corp 24.188.129.85 Cablevision Systems Corp 210.96.22.193 Asia Pacific Network Information Center* 24.132.249.27 European Regional Internet Registry 24.1.138.43 @Home Network 209.136.35.2 Huntleigh Telecommunications Group 24.21.173.44 @Home Network 24.43.164.99 Rogers@Home Wlfdle 216.12.192.2 Everyones Internet, Inc. 211.254.60.205 Asia Pacific Network Information Center* 24.167.33.147 ServiceCo LLC - Road Runner 211.96.5.74 Asia Pacific Network Information Center* 217.58.40.251 European Regional Internet Registry 24.186.80.220 Cablevision Systems Corp 128.121.244.93 Verio, Inc. 66.26.119.191 ROADRUNNER-MIDSOUTH 24.42.158.61 Rogers@Home 206.71.117.31 Microsoft 194.236.30.231 European Regional Internet Registry 24.21.107.120 @Home Network 24.181.58.50 @Home Network 65.30.161.170 ROADRUNNER-CENTRAL 206.71.117.31 Microsoft 24.157.38.120 *** Not listed *** 192.168.0.2 Reserved+ 24.157.38.120 Rogers@Home 205.134.172.2 Patuxent Publishing 210.114.174.39 Asia Pacific Network Information Center* * "Please do not send spam complaints to APNIC." + Reserved for LAN

  14. Popular Ports Scanned • 21 FTP • 23 Telnet • 25 SMTP • 79 Finger • 80 HTTP • 110 POP3 • 113 IDENT • 139 Net BIOS • 143 IMAP • 443 HTTPS

  15. If Linux Is Secure, Why Are You Here? • To expand on earlier statement, Linux is more secure than typical MS OS due to: • File systems with ownerships and access control lists • Multiuser design enforces password protection to system • Design based on Unix, which is more mature and has already faced many of these challenges • There are still security risks, many due to naïve system administration and bugs.

  16. The Road To A More Secure Linux • We’ll discuss general security risks, so that we can gain a background in security. • We’ll look at securing the system locally, then over the network. • We’ll present resources to help us identify threats.

  17. Security Primer

  18. Common Vulnerabilities • Default installs of operating systems and applications • Accounts with No Passwords or Weak Passwords • Non-existent or Incomplete Backups • Large number of open ports • Not filtering packets for correct incoming and outgoing addresses • Non-existent or incomplete logging • Vulnerable CGI Programs

  19. UNIX Vulnerabilities • Buffer Overflows in RPC Services • Sendmail Vulnerabilities • Bind Weaknesses • R* Commands (rlogin, rsh and rexec) • LPD (remote print protocol daemon) • sadmind and mountd • Default SNMP Strings

  20. What Should I Do?

  21. Establish a Security Policy • Adopt the policy: “That which is not permitted is prohibited.” • rfc1244 describes how to create your own network security policy. • rfc1281 is an example security policy with detailed descriptions of each step. • Look at example policies such as the COAST policy archive at ftp://coast.cs.purdue.edu/pub/doc/policy to

  22. Linux General Security

  23. Physical Security • Physically secure the computer • Physically place computers in secure areas. • Use front panel locks to prevent tampering.

  24. System Boot Security • Don’t allow someone access by simply rebooting the system • Set bios boot password. • Set bios administration password. • Set boot loader, I.e., lilo, passwords

  25. Login Security • Make certain all accounts have strong passwords. • Make sure all users never leave open terminals and consoles • vlock • xlock

  26. User Security • Never give out root priviledges. • Don’t use rsh, rlogin, rexec as root • Never use telnet or ftp as root. • Minimize access points by root by modifying /etc/securetty.

  27. File System Security • Set default umask to be as restrictive as possible. • Export file systems over NFS as read only unless absolutely necessary. • Avoid giving users suid/sgid permission from home directories, /var, /tmp, etc. • Find and track suid programs. • Make sure you know the contents of all .rhosts files. • Use shadow passwords and PAM authentication.

  28. Local Kernel Security

  29. Kernel Security • Unless you intend to run this system as a firewall, do not enable firewall, ip masquerading and icmp masquerading when compiling a new kernel. • Use /dev/random and /dev/urandom for highly random number applications.

  30. Linux Network Security

  31. Watch Out For Sniffers • Packet sniffers are easy to do, and can be easily used to get passwords from apps that transmit password in the clear. • Watch out for • telnet • ftp • su • Pop3 accounts • All other programs that send passwords in the clear • Make it a practice to only use encrypting programs • ssh • stelnet

  32. Sign Your Communications • Don’t allow a hacker to steal your identity • Sign your communications • MD5 • PGP

  33. Think Like A Hacker • Run port scanners such as Satan, ISS and other network scanners. • SATAN:http://www.ibiblio.org/pub/packages/security/Satan-for-Linux/ • ISS • Abacus:http://www.psionic.com/abacus • Saint:http://www.wwdsi.com/saint/ • Nessus:http://www.nessus.org/ • Test firewalls with services from http://grc.com/ and HackerWacker (http://208.179.251.103/).

  34. Test Your Paswords • Make sure they are not easy to guess • John the Ripper:http://www.openwall.com/john/

  35. Characterize Your System • Constantly monitor your system for intruders modifying your file system • Tripwire:http://www.tripwire.com/ • Snort:http://www.snort.org/

  36. Secure Linux Solutions

  37. Linux Vendor Security Info • Mandrake:http://www.linux-mandrake.com/en/security/ • Caldera:http://www.caldera.com/support/security/ • Debian:http://www.debian.org/security/ • SuSE:http://www.suse.de/de/support/security/ • RedHat:http://www.redhat.com/mailing-lists/linux-security/ • TurboLinux:http://www.turbolinux.com/security/

  38. Secure Linux Distributions • Bastille Linux:http://www.bastille-linux.org/ • NSA Security-Enhanced Linux:http://www.nsa.gov/selinux/

  39. Linux Security Information • Linux Security HOWTO: http://www.linuxdoc.org/HOWTO/Security-HOWTO.html • Linux Administrators' Security Guide:http://www.securityportal.com/lasg/ • Linux Security Knowledge Base:http://www.securityportal.com/lskb/ • Linux Security Archive (mailing list):http://www.sonic.net/hypermail/security/ • Linux Firewall and Security Site:http://www.linux-firewall-tools.com/linux/ • Linux Security.com:http://www.linuxsecurity.com/ newsgroup: comp.os.linux.security:news:comp.os.linux.security

More Related