ch46.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


 

<UL>

	<LI><A HREF="#Heading1">- 46 -</A>

	<UL>

		<LI><A HREF="#Heading2">Network Security</A>

		<UL>

			<LI><A HREF="#Heading3">Weak Passwords</A>

			<LI><A HREF="#Heading4">File Security</A>

			<LI><A HREF="#Heading5">Modem Access</A>

			<UL>

				<LI><A HREF="#Heading6">Callback Modems</A>

				<LI><A HREF="#Heading7">Modem-Line Problems</A>

				<LI><A HREF="#Heading8">How a Modem Handles a Call</A>

			</UL>

			<LI><A HREF="#Heading9">UUCP</A>

			<LI><A HREF="#Heading10">Local Area Network Access</A>

			<LI><A HREF="#Heading11">Tracking Intruders</A>

			<LI><A HREF="#Heading12">Preparing for the Worst</A>

			<LI><A HREF="#Heading13">Summary</A>

		</UL>

	</UL>

</UL>



<P>

<HR SIZE="4">



<H2 ALIGN="CENTER"><A NAME="Heading1<FONT COLOR="#000077">- 46 -</FONT></H2>

<H2 ALIGN="CENTER"><A NAME="Heading2<FONT COLOR="#000077">Network Security</FONT></H2>

<P><I>by Tim Parker</I></P>

<P>IN THIS CHAPTER</P>



<UL>

	<LI>Weak Passwords 

	<P>

	<LI>File Security 

	<P>

	<LI>Modem Access 

	<P>

	<LI>UUCP 

	<P>

	<LI>Local Area Network Access 

	<P>

	<LI>Tracking Intruders 

	<P>

	<LI>Preparing for the Worst 

</UL>



<P>Covering everything about security would take several volumes of books, so we

can look only at the basics. We can take a quick look at the primary defenses you

need in order to protect yourself from unauthorized access through telephone lines

(modems), as well as some aspects of network connections. We won't bother with complex

solutions that are difficult to implement because they can require a considerable

amount of knowledge and they apply only to specific configurations.</P>



<P>Instead, we can look at the basic methods of buttoning up your Linux system, most

of which are downright simple and effective. Many system administrators don't know

what is necessary to protect a system from unauthorized access, or they have discounted

the chances of a break-in happening to them. Break-ins happen with alarming frequency,

so take the industry's advice: Don't take chances. Protect your system.</P>



<P>In this chapter, we look at the following topics:



<UL>

	<LI>File permissions

	<P>

	<LI>Protecting modem access

	<P>

	<LI>UUCP's holes

	<P>

	<LI>Tracking an intruder

	<P>

	<LI>What to do if you get broken into

</UL>



<H3 ALIGN="CENTER"><A NAME="Heading3<FONT COLOR="#000077">Weak Passwords</FONT></H3>

<P>Believe it or not, the most common method of breaking into a system through a

network, over a modem connection, or sitting in front of a terminal is through weak

passwords. Weak (which means easily guessable) passwords are very common. When these

are used by system users, even the best security systems can't protect against intrusion.</P>

<P>If you're managing a system that has several users, you should implement a policy

requiring users to set their passwords at regular intervals (usually six to eight

weeks is a good idea), and to use non-English words. The best passwords are combinations

of letters and numbers that are not in the dictionary.</P>

<P>Sometimes, though, having a policy against weak passwords isn't enough. You might

want to consider forcing stronger password usage by using public domain or commercial

software that checks potential passwords for susceptibility. These packages are often

available in source code, so they can be compiled for Linux without a problem.

<H3 ALIGN="CENTER"><A NAME="Heading4<FONT COLOR="#000077">File Security</FONT></H3>

<P>Security begins at the file permission level and should be carried out carefully.

Whether you want to protect a file from snooping by an unauthorized intruder or another

user, you should carefully set your <TT>umask</TT> (file creation mask) to set your

files for maximum security.</P>

<P>Of course, this is really important only if you have more than one user on the

system or have to consider hiding information from certain users. However, if you

are on a system with several users, consider forcing <TT>umask</TT> settings for

everyone, and set read-and-write permissions only for the user, and no permissions

for everyone else. This is as good as you can get with file security.</P>

<P>For very sensitive files (such as accounting or employee information), consider

encrypting them with a simple utility. There are many such programs available. Most

require only a password to trigger the encryption or decryption.

<H3 ALIGN="CENTER"><A NAME="Heading5<FONT COLOR="#000077">Modem Access</FONT></H3>

<P>For most Linux users, protecting your system from access through an Internet gateway

isn't important because few users have an Internet access machine directly connected

to their Linux boxes. Instead, the concern should be about protecting yourself from

break-in through the most accessible method open to system invaders: modems.</P>

<P>Modems are the most commonly used interface into every Linux system (unless you're

running completely stand-alone, or on a closed network). Modems are used for remote

user access, as well as for network and Internet access. Securing your system's modem

lines from intrusion is simple and effective enough to stop casual browsers.

<H4 ALIGN="CENTER"><A NAME="Heading6<FONT COLOR="#000077">Callback Modems</FONT></H4>

<P>The safest technique to prevent unauthorized access through modems is to employ

a callback modem. A callback modem lets a user connect to the system as usual; it

then hangs up and consults a list of valid users and their telephone numbers before

calling the user back to establish the call. Callback modems are quite expensive,

so this is not a practical solution for many systems.</P>

<P>Callback modems have some problems, too, especially if users change locations

frequently. Also, callback modems are vulnerable to abuse because of call-forwarding

features of modern telephone switches.

<H4 ALIGN="CENTER"><A NAME="Heading7<FONT COLOR="#000077">Modem-Line Problems</FONT></H4>

<P>The typical telephone modem can be a source of problems if it doesn't hang up

the line properly after a user session has finished. Most often, this is a problem

with the wiring of the modem or the configuration setup.</P>

<P>Wiring problems might sound trivial, but there are many systems with hand-wired

modem cables that don't properly control all the pins. In this case, the system can

be left with a modem session not properly closed and a logout not completed. Anyone

calling that modem continues where the last user ended.</P>