Chapter 23
General Thoughts on Security
|
|
|
|
| |
In this chapter: |
|
| |
|
Security issues to consider
|
|
Understanding different aspects of security
|
|
Evaluating the motives behind system break ins
|
|
Sources for more information on security
|
|
|
|
|
|
Security is becoming more and more of an issue as computing resources
become cheaper and global connectivity is no longer the privilege of a
few. On Unix systems, a single machine may have more than one user.
It's important to make sure that there are ways for users to keep
their data private and make it impossible for regular users to harm
the overall system.
If your machine is connected to any kind of network, you also want to
be sure that no one from the outside can access or modify data that is
not intended to be publicly accessible.
Determining the level of security you require is a personal
decision. You may concentrate on making your machine inaccessible from
the outside, but ignore local security issues. This is a perfect
approach if you are the only user on your system. Even in this case, I
would not recommend that you disable the typical Unix structure that
offers administrative logins (such as root) and
regular users. Of course, anything you can do as user you can do as
root, but you risk accidentally damaging your system. Once you are
root, nothing protects you from making costly mistakes. Working on a
regular user account is much safer, and using the command
su to become root when you really need it is not that
hard to do. An important point about security crops up with this
situation- it may be inconvenient to work on a secure system, because
you may face more restrictions for changing parameters and other
potentially sensitive tasks s opposed to having everything open and
subject to revisions from anyone.
Another extreme is to have your system publicly accessible so everyone
can log onto the system while ensuring that those users are isolated
from each other and cannot harm the system in any way. This model is
used for anonymous ftp servers, where unlimited access to a particular
service or set of services is available to everyone. Once you are
logged onto the server, you are placed in a very limited environment.
You will have to find a balance between having a very secure system
and one that is easy to administer and usable by a variety of
users. Optimal network security is given if you are not networked at
all, but this may not be desirable.
You should think about the grade of security you need before you
determine how you will implement security measures.
Here are some points compiled from the
Security-HOWTO, which can be found at
http://scrye.com/~kevin/lsh/Security-HOWTO.html:
| |
|
Risk is the possibility that an intruder may successfully
access your computer. Can an intruder read, write files, or execute
programs that could cause damage? Can they delete critical data? Could
they prevent you or your company from getting important work done?
Don't forget-anyone that gains access to your account or your system
can also impersonate you.
Additionally, anyone on your system with an insecure account can
compromise your entire network. Allowing even one user to login using
a rhosts file or allowing anyone to use an unsecure service
such as tftp is enough to let an intruder get his foot in the
door. Once the intruder has a user account on your system or someone
else's system, it can be used to gain access to another system or
another account.
|
|
Threat is typically from someone with the motivation to gain
unauthorized access to your network or computer. You must decide
who you trust to have access to your system and what threat they
could impose.
|
|
Intruders tend to fall into distinct categories.
Keep these characteristics in mind as you are creating security
measures for your systems.
|
|
| |
|
The Curious
This type of intruder is basically interested in simply
finding out what type of system and data you have.
|
|
The Malicious
This type of intruder is either out to bring down
your systems, deface your Web page, or otherwise cause you time
and money in order to recover from the intrusion.
|
|
The High-Profile Intruder
This type of intruder attacks
your system to gain popularity and infamy. He might use your
high-profile system to advertise his abilities.
|
|
The Competition
This type of intruder is interested in what data you have on your
system. It is often someone who values your company's proprietary
information, trade secrets, databases, etc.
|
|
|
|
|
Vulnerability describes how well protected your computer is from
another network and the potential for someone to gain unauthorized
access.
What's at stake if someone breaks into your system? Of course, the
concerns of a dynamic PPP home user will be different than those of
a company connecting their machine to the Internet or another
large network.
How much time would it take to retrieve and/or recreate any data that
was lost? Better that you don't find out first hand. An initial time
investment early on can save ten times what you put in if you have to
recreate data that was lost. I hope you're comfortable with the answer
to this question- have you checked your backup strategy and verified
your data lately?
|
|
|
If you are responsible for a multi-user site, or your company's
network, you should create a simple, generic security policy for your
system that your users can easily understand and follow. It should
protect the data you're safeguarding as well as the privacy of the
users. Some things to consider adding are: who has access to the
system (Can my friend use my account?), who is allowed to install
software on the system, who owns what data, disaster recovery, and
appropriate use of the system.
A generally accepted security policy starts with the phrase:
That which is not permitted is prohibited. This means
that unless you grant access to a service for a user, that user
shouldn't be using that service until you do grant
access. Make sure the policies work on your regular user
account. Circumventing a thorny permissions issue by performing the
task as root can lead to security holes that are very obvious, easy to
exploit, and even lead to ones that haven't been compromised yet.
In Chapter 24
, we'll discuss certain aspects of local
security. We'll talk about issues that are important for accounts you
have on your machine. This means people who have access to your
machine will have to accept certain restrictions to make sure the
system is and remains stable and that their data is not accessible by
unauthorized persons. The other major point is security at the network
level, which is discussed in Chapter 25. Careful consideration should
be given to deciding which services you want to offer and how you will
provide remote access.
Even if you have a single dialup PPP account, or just a small site,
you are not immune to intruders on your systems. Large, high profile
sites are not the only targets, since many intruders simply want to
exploit as many sites as possible, regardless of their size. Or they
may use a security hole in your site to gain access to other sites
you're connected to. Intruders have a lot of time on their hands, and
can avoid guessing how you've obscured your system just by trying all
the possibilities.
|
|
One type of "security" measure that I must warn you
against is security through obscurity. This means that you
try to distract someone from breaking into your system by doing
something like changing the login name from root to
wurzel, for example. This provides a false sense of security,
and could result in very unpleasant consequences. Rest assured that
any system attacker will quickly see through such empty security
measures. Simply because you have a small site or a relatively low
profile does not mean an intruder won't be interested in what you
have. We'll discuss what you'll want to protect most in the the
following chapters.
|
|
There are two good online documents covering security
aspects. A useful document is the RFC2196, (the Site Security
Handbook), available at http://www.faqs.org/rfcs/rfc2196.html,
which gives a very good overview of security issues and discusses most
of them in great detail. The other I would suggest is the
Security-HOWTO, which is focused on Linux and gives helpful
hints on how to keep your system secure. It's available online at
http://scrye.com/~kevin/lsh/Security-HOWTO.html.
|
|
Summary: |
|
Security becomes more and more important as global connectivity
increases. Multi-user systems, such as Linux, need to be maintained in
a way that individual users do not violate the privacy of other users,
and are unable to harm the overall system.
Intruders break into systems for a variety of reasons. They run from
simple curiosity to paid espionage. Even small dial-up systems can be
the target of devious crackers. These systems allow the intruder to
disguise the actual source of an attack.
|
|
|
| |