Old Linux Security Talk
Upcoming SlideShare
Loading in...5
×
 

Old Linux Security Talk

on

  • 1,966 views

This was a presentation I gave back in 2000 on Linux Security. Even though some of it is definitely dated there's still some relevant stuff in it since security is mainly common sense stuff.

This was a presentation I gave back in 2000 on Linux Security. Even though some of it is definitely dated there's still some relevant stuff in it since security is mainly common sense stuff.

Statistics

Views

Total Views
1,966
Views on SlideShare
1,964
Embed Views
2

Actions

Likes
1
Downloads
25
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Note that since security is such a broad topic that there are some issues that I will only briefly touch on tonight. Feel free to look them up from the references or ask questions if you want to.

Old Linux Security Talk Old Linux Security Talk Presentation Transcript

  • Linux Security Tanner Lovelace 15-March-2000
  • Outline
    • What do we mean by security?
    • What do we want to accomplish with our security
    • Types of security
    • What do you do if you get cracked?
    • Summary
    • Questions
  • What is Security?
    • “A computer is secure if you can depend on it and its software to behave as you expect.” -- Practical Unix & Internet Security , p.6.
  • A different definition...
    • Security is being able to keep your system safe from misuse by unauthorized users...
  • Outline
    • What do we mean by security?
    • What do we want to accomplish with our security
    • Types of security
    • What do you do if you get cracked?
    • Summary
    • Questions
  • Initial Questions
    • What level of threat do you have to protect against?
    • What risks should you take?
    • How vulnerable is your system as a result of those decisions
  • More Questions...
    • What are you protecting?
    • Why are you protecting it?
    • What value does it have?
    • How long would it take to retrieve/recreate any lost data?
    • How secure is secure enough?
  • Outline
    • What do we mean by security?
    • What do we want to accomplish with our security
    • Types of security
    • What do you do if you get cracked?
    • Summary
    • Questions
  • Three Aspects of Security
    • Physical Security
    • System Security
    • Network Security
  • Physical Security
    • Home systems
      • Keep your doors locked. :-)
      • Locked cabinets, cables, etc…
    • Laptops
      • Never leave your laptop unattended
      • If you’re worried consider a small travel alarm
  • Physical Access Security
    • BIOS Passwords
    • Boot loader passwords
    • Screensaver passwords
      • xlock, vlock, etc...
  • System Security
    • Backups, backups, backups
    • Choosing good passwords
    • Correct file permissions
    • Don’t have too many users
    • Don’t log in as root!
  • Backups
    • If something is critical there should be more than one copy of it somewhere.
    • Many different ways to make backups
      • Floppy disk
      • Zip disk
      • Tape
      • CD-R
  • What’s your password?
    • Passwords should not be easy to guess
      • Names (especially your own), places, pets are bad
      • Word combinations or acronyms are much better
        • Ex. misc*NSA
      • Short is bad, longer is better
      • Make use of the fact that passwords are case sensitive
        • gooD*paSSWord != Good*Password
  • Keeping Your Password Safe
    • Make sure your passwords are not easily accessible.
      • Never leave an unencrypted password anywhere
      • Never give your password to anyone
      • Use shadow passwords
      • Never send your password over the network unencrypted
        • Use ssh instead of telnet or rsh/rlogin
  • File Permissions
    • Set UID bit can let a program run as the user who owns it.
      • This can be bad news if a program is owned by root and doesn’t need to run as root.
    • Some programs legitimately need this (i.e. X, sendmail)
    • Check permissions regularly on suspicious and note when something changes.
  • How do I check if a file is SUID root?
    • How do you check if something is SUID root?
    • % ls –l <filename>
    • -rw s r-xr-x root <filename>
    • How to you change something to be not suid root?
    • % chmod u-s <filename>
    • How do you check all your files?
    • % find / -perm +u+s -uid 0 -print
  • Users
    • If someone never uses your machine, don’t give them an account.
    • Unless there is a need, don’t setup a guest account.
      • This is one of the most common ways of gaining unauthorized access.
    • Always make sure there is at least one normal user account and use that for everything you do.
  • Never Log in as Root!
    • Repeat after me...
      • Never log in as root!
      • Never log in as root!
      • Never log in as root!
    • If you need to do something that requires root privileges use the su command
      • If you just need to do one thing, use:
        • su –c <command>
  • Network Security
    • Network security is the hardest thing to get right and the easiest thing to exploit.
    • Guidelines
      • Only run the minimum network services you need
      • Set up some network filters
  • Services
    • A network service is a program that runs all the time and responds to requests from the network.
      • Sendmail, Apache, Finger, Talk, POP, Telnet, Ftp, ...
    • Identify which services you need to run and turn everything else off
      • i.e. a local home machine doesn’t need to run a POP e-mail server
    • Some don’t run all the time, but are started by a “superserver” called inetd.
  • Inetd
    • Inetd listens on many different ports and when it hears a connection it starts up the appropriate service.
    • Keeps memory requirements low because services only run when needed.
    • Makes it easy to turn off services
      • Just comment them out in /etc/inetd.conf.
  • inetd.conf
    • ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
    • telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
    • #shell stream tcp nowait root /usr/sbin/tcpd in.rshd
    • #login stream tcp nowait root /usr/sbin/tcpd in.rlogind
    • #exec stream tcp nowait root /usr/sbin/tcpd in.rexecd
    • #comsat dgram udp wait root /usr/sbin/tcpd in.comsat
    • #talk dgram udp wait root /usr/sbin/tcpd in.talkd
    • #ntalk dgram udp wait root /usr/sbin/tcpd in.ntalkd
    • #dtalk stream tcp waut nobody /usr/sbin/tcpd in.dtalkd
    • #pop-2 stream tcp nowait root /usr/sbin/tcpd ipop2d
    • #pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
    • #imap stream tcp nowait root /usr/sbin/tcpd imapd
  • Standalone services
    • Apache
    • Sendmail
    • Linuxconf
    • NFS
    • Consult your documentation on how to turn these services off.
  • Setting up Network Filters
    • IPChains
      • Allows you to specify what kind of packets you want to accept and what kind you want to reject.
      • Examples
        • You probably don’t want someone remotely accessing your NFS ports.
        • You probably don’t want to accept packets that claim to be from your local network that come from a remote port.
      • Finding the right combination of rules can be hard.
  • Lokkit
    • Written by Alan Cox
    • Helps configure correct firewall rules
    • http://www.linux.org.uk/apps/lokkit.shtml
  • Outline
    • What do we mean by security?
    • What do we want to accomplish with our security
    • Types of security
    • What do you do if you get cracked?
    • Summary
    • Questions
  • If you discover you’re in the process of being cracked right now!
    • Unplug your network/modem connection immediately
    • Make backups of your system logs
      • Use to discover what the intruder did
    • Check your /etc/passwd file for an account, besides root, with a uid of 0.
    • If you can afford to...
      • Reformat your drive and reinstall the OS.
    • Don’t reconnect your network until you are sure the intruder can’t get back in.
  • If you discover that you were cracked
    • Unplug your network/modem connection
    • Make backups of your system logs
      • Use to discover what the intruder did
    • Check your /etc/passwd file for an account, besides root, with a uid of 0.
    • If you can afford to...
      • Reformat your drive and reinstall the OS.
    • Don’t reconnect your network until you are sure the intruder can’t get back in.
    • Hmm... I think I have a sense of deja vu... :-)
  • Outline
    • What do we mean by security?
    • What do we want to accomplish with our security
    • Types of security
    • What do you do if you get cracked?
    • Summary
    • Questions
  • Summary of Good Security Practices
    • Good security is mostly common sense.
    • If you don’t use something, don’t run it.
    • Always make sure your system has all the latest updates.
    • Don’t be afraid to ask questions and consult references.
  • Outline
    • What do we mean by security?
    • What do we want to accomplish with our security
    • Types of security
    • What do you do if you get cracked?
    • Summary
    • Questions
  • Enough References to get started...
    • Garfinkel, Simson & Gene Spafford, Practical Unix and Internet Security , 1996, O’Reilly & Associates, Inc.
    • “ Linux Security HOWTO” ( http://www.linuxdoc.org/HOWTO/Security-HOWTO.html )
    • Lokkit ( http://www.linux.org.uk/apps/lokkit.shtml ) or ( ftp://ftp.linux.org.uk/pub/linux/alan/Lokkit/ )
    • Many others… (see your favorite search engine)