Chapter 23: General Thoughts on Security

Chapter 23

General Thoughts on Security

In this chapter:

	Security issues to consider
	Understanding different aspects of security
	Evaluating the motives behind system break ins
	Sources for more information on security

Security is becoming more and more of an issue as computing resources become cheaper and global connectivity is no longer the privilege of a few. On Unix systems, a single machine may have more than one user. It's important to make sure that there are ways for users to keep their data private and make it impossible for regular users to harm the overall system.

If your machine is connected to any kind of network, you also want to be sure that no one from the outside can access or modify data that is not intended to be publicly accessible.

Determining the level of security you require is a personal decision. You may concentrate on making your machine inaccessible from the outside, but ignore local security issues. This is a perfect approach if you are the only user on your system. Even in this case, I would not recommend that you disable the typical Unix structure that offers administrative logins (such as root) and regular users. Of course, anything you can do as user you can do as root, but you risk accidentally damaging your system. Once you are root, nothing protects you from making costly mistakes. Working on a regular user account is much safer, and using the command su to become root when you really need it is not that hard to do. An important point about security crops up with this situation- it may be inconvenient to work on a secure system, because you may face more restrictions for changing parameters and other potentially sensitive tasks s opposed to having everything open and subject to revisions from anyone.

Another extreme is to have your system publicly accessible so everyone can log onto the system while ensuring that those users are isolated from each other and cannot harm the system in any way. This model is used for anonymous ftp servers, where unlimited access to a particular service or set of services is available to everyone. Once you are logged onto the server, you are placed in a very limited environment.

You will have to find a balance between having a very secure system and one that is easy to administer and usable by a variety of users. Optimal network security is given if you are not networked at all, but this may not be desirable.

You should think about the grade of security you need before you determine how you will implement security measures.

Here are some points compiled from the Security-HOWTO, which can be found at http://scrye.com/~kevin/lsh/Security-HOWTO.html:

Risk is the possibility that an intruder may successfully access your computer. Can an intruder read, write files, or execute programs that could cause damage? Can they delete critical data? Could they prevent you or your company from getting important work done? Don't forget-anyone that gains access to your account or your system can also impersonate you.
Additionally, anyone on your system with an insecure account can compromise your entire network. Allowing even one user to login using a rhosts file or allowing anyone to use an unsecure service such as tftp is enough to let an intruder get his foot in the door. Once the intruder has a user account on your system or someone else's system, it can be used to gain access to another system or another account.

Threat is typically from someone with the motivation to gain unauthorized access to your network or computer. You must decide who you trust to have access to your system and what threat they could impose.

Intruders tend to fall into distinct categories. Keep these characteristics in mind as you are creating security measures for your systems.

	The Curious This type of intruder is basically interested in simply finding out what type of system and data you have.
	The Malicious This type of intruder is either out to bring down your systems, deface your Web page, or otherwise cause you time and money in order to recover from the intrusion.
	The High-Profile Intruder This type of intruder attacks your system to gain popularity and infamy. He might use your high-profile system to advertise his abilities.
	The Competition This type of intruder is interested in what data you have on your system. It is often someone who values your company's proprietary information, trade secrets, databases, etc.

Vulnerability describes how well protected your computer is from another network and the potential for someone to gain unauthorized access.
What's at stake if someone breaks into your system? Of course, the concerns of a dynamic PPP home user will be different than those of a company connecting their machine to the Internet or another large network.
How much time would it take to retrieve and/or recreate any data that was lost? Better that you don't find out first hand. An initial time investment early on can save ten times what you put in if you have to recreate data that was lost. I hope you're comfortable with the answer to this question- have you checked your backup strategy and verified your data lately?

If you are responsible for a multi-user site, or your company's network, you should create a simple, generic security policy for your system that your users can easily understand and follow. It should protect the data you're safeguarding as well as the privacy of the users. Some things to consider adding are: who has access to the system (Can my friend use my account?), who is allowed to install software on the system, who owns what data, disaster recovery, and appropriate use of the system.

A generally accepted security policy starts with the phrase: That which is not permitted is prohibited. This means that unless you grant access to a service for a user, that user shouldn't be using that service until you do grant access. Make sure the policies work on your regular user account. Circumventing a thorny permissions issue by performing the task as root can lead to security holes that are very obvious, easy to exploit, and even lead to ones that haven't been compromised yet.

In Chapter 24 , we'll discuss certain aspects of local security. We'll talk about issues that are important for accounts you have on your machine. This means people who have access to your machine will have to accept certain restrictions to make sure the system is and remains stable and that their data is not accessible by unauthorized persons. The other major point is security at the network level, which is discussed in Chapter 25. Careful consideration should be given to deciding which services you want to offer and how you will provide remote access.

Even if you have a single dialup PPP account, or just a small site, you are not immune to intruders on your systems. Large, high profile sites are not the only targets, since many intruders simply want to exploit as many sites as possible, regardless of their size. Or they may use a security hole in your site to gain access to other sites you're connected to. Intruders have a lot of time on their hands, and can avoid guessing how you've obscured your system just by trying all the possibilities.

One type of "security" measure that I must warn you against is security through obscurity. This means that you try to distract someone from breaking into your system by doing something like changing the login name from root to wurzel, for example. This provides a false sense of security, and could result in very unpleasant consequences. Rest assured that any system attacker will quickly see through such empty security measures. Simply because you have a small site or a relatively low profile does not mean an intruder won't be interested in what you have. We'll discuss what you'll want to protect most in the the following chapters.

There are two good online documents covering security aspects. A useful document is the RFC2196, (the Site Security Handbook), available at http://www.faqs.org/rfcs/rfc2196.html, which gives a very good overview of security issues and discusses most of them in great detail. The other I would suggest is the Security-HOWTO, which is focused on Linux and gives helpful hints on how to keep your system secure. It's available online at http://scrye.com/~kevin/lsh/Security-HOWTO.html.

Summary:

Security becomes more and more important as global connectivity increases. Multi-user systems, such as Linux, need to be maintained in a way that individual users do not violate the privacy of other users, and are unable to harm the overall system.

Intruders break into systems for a variety of reasons. They run from simple curiosity to paid espionage. Even small dial-up systems can be the target of devious crackers. These systems allow the intruder to disguise the actual source of an attack.