Linux Security

Chris Brown chris.brown at ctg.com
Fri Mar 23 10:15:49 EST 2001 

My guess is that the comments such as "when it comes to 
security there is no such thing as overkill" is borne of an 
environment where staff and managers do place as much 
importance on security as the administrator does.  This is 
common and very understandable.

But, playing devils advocate for a moment...

Does is make sense to pay $25,000 of insurance a year 
on a house that costs $50,000 to rebuild?  Probably not.  
And it won't make sense to managers either.

Risk calculation is often overlooked because it is often 
difficult.  Here's a set of formulas:

Annualized Loss Expectancy = 
Single Loss Expectancy * Annualized probability of Occurrence

Annualized probability of Occurrence =
1 / frequency of occurrence

A simplified worked out example:
Frequency of a server being successfully hacked =  every 2 years
Loss if server is hacked (this includes hurt reputation, etc) = $2,000

ALE = (1/2 years) * $2000 = $1000 / year

So according to this, one should not spend more than $1000 / year 
protecting that particular server.  (Caveat: that doesn't mean you 
have to spend all of the $1000 each year, because that is actually
annualized as well.  Maybe you spend $3000 every three years.)

Fire insurance works the same way.  Here's a more complex 
example using fire insurance.  Say we have a building downtown, 
let's say it's an office occupied by 100 people, and is 60 years old.  
It is a 7 story building, there are stand pipes on every other floor, 
but there has been problems in the past getting enough water in 
this part of the city in winter at buildings over 4 stories high.  There 
are only two hydrants within 100 feet.

Frequency of fires in particular geographic area by size, occupancy, and age of building:  1/65 years

Extent of damage factor based on quality of water supply, etc (likely hood
of complete destruction):  1/3

Frequency of human life loss:  1/135 years (it's an office after all)

Average asset loss based on availability of water, construction of building, number of hydrants, etc:  $15,000,000

Average human loss in insurance outlays each time someone is killed in fire:  $4,000,000

Average loss of productive work for which there are insurance outlays:  $500,000

So:

Life ALE =  1/135 years * $4,000,000 = $29,629
Asset ALE = 1/65 years * 1/3 * $15,000,000 = $76,923
Work ALE = 1/65 years * $500,000 = $7,692
Total ALE = $114,244 / year

This is obviously not correct, and speaks to all the factors that I glossed over and the gross simplification of the factors I did include.   But this is the basis of risk analysis.

My point is, don't say you can never have to much security, because in reality you can.  Say that you don't have enough security based on current risk, and the value of assets (tangible and intangible).  I bet you'll get your manager's attention.

Chris





--
Christopher Brown, CISSP
Manager, Security and System Administration
Information Services
Computer Task Group (CTG)
Ph: 716-888-3505
Fx: 716-888-3318
chris.brown at ctg.com



>>> javabob at localnet.com 03/23/01 05:17AM >>>
Darin Perusich wrote:

> when it comes to security there is no such thing as overkill, expecially
> if your machines are on the internet. generally you want your most
> paranoid sysadmin in control of such boxes. if you can, i recommend only
> running one service per machine. that way if one get's compromised and
> your box get's taken down, you don't loose your other services.
>
> running daemons in a chroot jail is a good habit to get into. again, if
> the system needs to be secured or it's on the net. certain programs,
> like named (BIND) come ready to run chroot'd. others, like sendmail you
> need to "prepare" to run chroot'd. running service as a $USER other then
> root is another good habit to get into.
>
> > With respect to this, what are some good security practices with linux?  What is > overkill and what is not?  As the days go on more and more people learn how to
> > get past the securotoes in
> > linux -- Trying to come up with a list of which ones are good to do and which
> > secruity changes will actually "open" up your system more is quite hard.
>
> > Also, in the Securing and Optimizing Linux Guide, I read about a CHroot
> > environment.  Are there any good docs on the theorey of this and can this method > be done with any daemon (service
> > etc) that has login capabilities?
>
> > FYI - Linux is starting to become the OS of choice on many US NAval ships -- > WOOHOO
>
> > Ronald K. Wechter
> > Network Systems Administrator
> > Navy Recruiting Department Buffalo
> > (716) 551-4901
>
>
> --
> Darin Perusich
> Unix Administrator
> Cognigen Corp.
> darinper at cognigencorp.com 

Take a look at this past issue of Linux Mgazine. Article about User Mode Linux (UML). Suggests using a UML virtual machine for security risky processes and
applications that you need to run.
Bob Stockdale
javabob at localnet.com

More information about the nflug mailing list