It is generally difficult keeping a balanced perspective on IT system security. The media tends to sensationalise stories about security breaches, particularly after they involve well-known firms or organisations. On the flip side, managing security will be technically difficult and time consuming to undertake. Many web users tend to think that their system holds no valuable knowledge, that security is not a significant problem. Others pay giant amounts of effort nailing down their systems to shield against unauthorised use. You must remember that there's invariably a risk that you can also become the target of a security attack. There is a myriad range of reasons why somebody may well be curious about breaching your system security. You need to build your own judgement on what proportion effort you may expend. However, we usually recommend that you are proactive, responsive and err with caution.
Traditional system security centered on the systems that were accessible through either a connected hard-wired terminal or the system console. Most risks generally came from inside the organisation owning the system, and also the best style of defence was physical security, during which system consoles, terminals and hosts were in secured rooms. Even once laptop systems began to become network-connected, the access was still terribly restricted. The networks in use were usually costly to achieve access to, or were closed networks that didn't permit connections to hosts from any location.
The popularity of the net has given rise to a brand new wave of network-based security considerations. An Internet-connected pc is receptive to potential abuse from countless hosts around the world. With improved accessibility unfortunately comes with a rise within the scope of antisocial people intent upon inflicting nuisance. On the net variety types of antisocial behaviour are of interest to the systems administrator. Such as the following,
Denial of service (DoS)This kind of attack degrades or disrupts a service on the systems.IntrusionThis kind of attack accesses the system by guessing passwords or compromising some service. Once an intruder has access to a system, he may then vandalise or steal data or use the target system to launch attack on some other host.SnoopingThis kind of attack involves intercepting the data of another user and listening for passwords or other sensitive information. Sometimes this form of attack involves modification of data, too. Snooping usually involves eavesdropping on a network connection, but can also be performed by compromising a system to intercept library or system calls that carry sensitive information (e.g. passwords.)Viruses, worms and Trojan horsesThese attacks each rely on compelling users of your system to execute programmes by the attacker. The programs could have been received in an email message, or from a web site, or even from within some other apparently harmless program retrieved from somewhere on the Internet and installed locally.
A DoS attack often involves generating an abnormally large number of requests to a service. This activity may cause the host system to exhaust its memory, processing power or network bandwidth. Another way is to provide the service with a non-ordinary input in order to exploit a bug in the service and cause a core dump. Therefore, further requests to the system are refused, or the system's performance degrades to an unusable point. For this type of attack to work an attacker must either exploit a poorly designed service or be able to generate a number of request far exceeding the capacity of the service.
An additional clever type of DoS attack is the distributed denial of service (DDoS). During this type of attack, an external range of computers are used for GET requests against a service. This will enlarge the damage of a DoS attack in 2 ways: by overwhelming the target with a large volume of traffic and by concealing the wrongdoer behind thousands of un-realising participants. Employing a large amount hosts from to launch an attack additionally makes DDoS attacks notably tough to manage and remedy once they've occurred.
The second form of attack, sometimes known as cracking, is the one that most people associate with security. Companies and institutions often store sensitive data on network-accessible computer systems. A common example of concern to the average Internet user is the storage of credit card details by web sites. Where there is money involved there is a lucrative incentive for certain people to gain access and steal or misuse this type of sensitive data.
Sometimes the methods that are used to gain unauthorised access are very extremely clever as well as unethical. Designing an intrusion mechanism often requires the individual to have a broad knowledge of the target system to uncover or exploit vulnerabilities. Often, once an intrusion route has been located, it is packaged in the form of a so-called rootkit, a set of programs or scripts that anyone possessing only basic knowledge can use to exploit a security hole. The vast majority of intrusion attacks recorded are launched via a term known as "script kiddies" they make use of these pre-packaged intrusion kits without any real specialist knowledge of the target systems. With the right guidance it is usually straightforward for a system administrator to protect their systems from one of these well-known cyber attacks.
There are some very simply things you can do to protect systems from the most basic security risks. Depending on your configuration, ways in how you will be using your system etc. This is the basic approach.
Shutting Down Unwanted Network Daemons
Initially securing a device is to shut down or disable all network daemons and services that you do not require. So any external network port that the system is listening on is a risk, since they might be a security exploit against the daemon serving that port. The fast way to find out what ports are open is to use netstat scan.
Once there, if you see a lot of other open ports – for things such as telnetd, sendmail etc ask yourself whether your really need these daemons to be running and to be accessible. Occasionally, security exploits are announced for various daemons and unless you are on top of these security updates, your system might be vulnerable to attack. Also, telnetd, ftpd and rshd all involve sending clear-text passwords across the Internet for authentication; it is best to use sshd, which encrypts data over connections and uses a stronger authentication. Even if you never use telnetd, it's not a good idea to leave it running on your system, in case someone finds a way to break into it.
Disabling services is usually a matter of de-installing the correspondence package. If you want to keep the client, but the client and daemon are packaged together, you need to edit the appropriate configuration files for your distribution and reboot the system.
If you must have a service running on your machine for example in Linux distributions - the X Server, find ways of preventing connections to that service from unwanted hosts. For example, it might be safest to allow ssh connections only from certain trusted hosts. In the case of the X server and X font server which run on many desktop Linux machines, there is usually no reason to allow connections to those daemons from anything but the local host itself. By filtering connections to these daemons can be performed by TCP wrappers or IP filtering.
We've made the claim that security is mostly common sense, so what is this common sense? In this section we summarise the most common security mistakes.
Never use simple or easily guessed passwords.
Never use a password that's the same as or closely related to your user ID, name, date of birth, the name of your company, or the name of your dog. If you have a nickname, don't use it in your password; if you love cars, don't use the make/moder or registration number of your car – you get the idea. Always ensure that your passwords are not simple words that can be found in a dictionary. The best passwords are nonsense strings. One good practice is to user a password based on a simple rule and a phrase that you can remember. For example, you might choose a rule such as using the last letter of each word in the phrase "Mary had a little lamb, its fleece was white as snow." hence, the password would become ydaebsesew, certainly not something that will be easily guessed but a password that will be easily remembered. Another common technique is to use numbers and punctuation characters in the password; indeed, some password programs insist upon this. A combination of the two techniques is even better. You can also use online storage devices to help you with this such as clipperz.is and lastpast.
Never use the root account unless you have to.
One of the reasons that many common desktop operating systems (such as Windows) are so vulnerable to attack through email viruses and the like is the lack of a comprehensive privilege system, or rather the user's convenience of running applications with administrator privileges. Mind you, some broken applications require to be run with administrator right.
Here, any user has permission to access any file, execute any program, or reconfigure the system in any way. Because of this it's easy to coerce a user to execute a program that can do real damage to the system. Do not relent to the temptation to use the root account for everything! In doing so you are throwing away one of the more powerful defences against virus and Trojan horse attacks as well as accidental commands of course. There is an additional benefit in this limited use to the root account: logging. Certain commands write messages to the system logfile when they're invoked, mentioning the ID of the user performing as well as the date and time that the command was invoked.
This is very helpful for keeping track of when root privileges are being used, and by whom.
Never share your passwords.
Don't inform anybody of your passwords, no matter the circumstance. This also means you should not write your passwords on little sticky notes attached to your keyboard or pc monitor, or in the top drawer. If you want to allow people temporary access to your system, create an account for them as a user. This allows you some room in monitoring what they do and you can easily clean up afterward.
Don't blindly trust files that have been given to you.
Although it is easier to install copies of programs on your system, you should always question how much you trust the program before running it. If you're installing software packages that you've retrieved directly from the official sites of your distribution or from a significant development site, you can be fairly confident the software is safe.
If you're getting them from an unofficial mirror site, you need to consider how much you trust the administrators of the site. It is possible that someone is distributing a modified form of the software with back doors that would allow someone to gain access to your machine. This can be classed as paranoid but is worth remembering
If you do not want to install and execute a program that has been given to you in a program, there are some things you can do to help minimise risk. Always run untrusted programs as a non-root user unless the program specifically requires root privileges to operate. This will contain any damages the program might do, affecting only files and directories owned by that user. If you want to get some idea of what the program might do before you execute it, you can run the strings command over the program. You might also consider first running the program and watching what it is doing using a program, which display the system and library calls that the program is making. Look for references to unusual file system or network activity in the traces.
Keep track of your logfiles.
Befriend your system logfiles as they can tell you a lot about what is happening on your system. You can find information about when network connection has been made to your system, who has been using the root account, and failed login attempts. You should check your logfiles periodically and get to know what is normal and, more usefully, what is abnormal. Investigate if the latter!
Don't let your system get too far out of date.
It's important to keep the software on your system current. Keeping the software on your system up-to-date helps ensure that all bug security fixes are applied. Most Linux distributions provide a set of packages that are security fixes only, so you don't have to worry about issues such as configuration file and feature changes in order to keep your system secure. You should keep track of these updates.
Don't forget about physical security.
Most security breaches are performed by people inside the organisation running the target system. The most comprehensive software security configuration in the world means nothing if someone can walk up to your machine and boot a USB containing exploit code.
If your machine uses BIOS or system PROM that allows the device boot order to be configured, set it so that the floppy and CD-ROM drives boot after the hard drive. If your BIOS provides support for password protection of its configuration, use it. If you can padlock that machine case closed, consider doing so. If you can keep the machine in a physically secure area such as a locked room then that's even better.
