Security

[Brad Bartram]

Hi Bob - 

Security is a difficult thing to wrap your head around when you are new to a 
particular Operating System or Technology.  Don't feel bad - if you can 
harden a windows box, Unix is really not a problem.

First, I would start out by reading the security how-to over at tldp.org.  You 
can also look around for some older articles named armoring linux | red hat | 
solaris - it's been a while since I've looked at them so my memory of the 
title might be a little off.

Second - when doing an install of any Linux, or other OS for that matter, make 
sure you do it in a secure environment.  This is most commonly meant as do it 
behind a firewall on a network you trust.  Never, ever, ever install an OS 
and just leave it hanging out on the 'net.  Over at project honeynet they did 
a test and a new, default install of red hat lasted about 15 minutes before 
it was compromised.

As you do the install of a red hat (ish) system, it will ask you if you want a 
firewall enabled.  DO IT.  The install tool will set up a nice iptables 
firewall locally on your system.  As a general rule, if in doubt, don't open 
a port.

Red Hat, and most of the other distros, tend to start a lot of services by 
default.  This includes opening up the dreaded port 111, rpc.  Unless you are 
going to run an NFS server or client, make sure one of two things happens - 
either turn off all NFS related daemons or firewall them.  Only open your 
firewall to trusted sources.  On a home network, or even a small business 
network, you should know where your traffic will originate, so filtering 
based on it shouldn't be too difficult.

Finally, make sure you watch your system.  Keep an eye on the logs.  Most of 
teh time you can tell if there's been snoopers a-foot simply by watching your 
logs and following up on any suspicious information.  Almost all of the 
attacks you will encounter will be from automated kiddie scipts and such.  As 
a rule, they tend to be noisy so if one of these script kiddies is targeting 
your network, you shoiuld be able to see it pretty clear.

But above all - keep your system up to date. As a priority, make sure any 
outward facing services are updated to the latest stable or patched as soon 
as patches are available.

If you do these things, Linux can be very stable as well as adequately secure 
for a very long time.  And never be afraid to get your hands dirty in the 
command prompt, as that's where you can really get a feel for what your 
system is doing.

Hope this helps

brad 

On Sunday 09 January 2005 1:56 am, Advent Systems wrote:
> Cyber Source & Dave Andruczyk,
>     Just want you guys to know I'm not some asshole because all the help
> re: small network and I did not reply or thank you sooner BUT none of
> that matters now.  You see  on the 1st I believe my system was cracked,
> broken into, whatever you want to call it.  I'm not sure because in
> 15-18 years of using computers I haven't had as much as a virus
> (well,maybe 1-2).  All I know is the day before I was updating my system
> via apt-get and It kept getting "stuck" at some site in ca. called slug
> something.  I ......you know what, this is not the purpose of this
> email, If anyone wants all the particulars email me off the list.
>     The Problem is this; 18 years of working on windows systems left me
> knowing how to harden them and my windows boxes were untouched.  With
> Linux (I'm a newbie), a 10 yr. old boy could attack my Linux box and
> did.  I've gotten so side tracked with just getting the system installed
> and usable I forget all about security.  I've been using SuSE and
> mandrake for a few years and I guess the combination of there
> pre-packaged click & go security, there manuals and Linux not being as
> popular, left me with a false sense of security.  Since switching to FC2
> I have NO idea.  Ive purchases a number of highly regarded Linux/Unix
> books and they explain how to secure NASA :) but nothing on how to
> harden a simple laptop.  Is the Red Hat-9 users guide the same as FC2?
> I cant find a straight answer.  By default, I got services running and
> ports open all over the place.  I've been closing and shutting them
> down, and it screws everything up and I have to re-install (like 5-10
> times).
>     What are the BARE min. services and ports that need to be running
> and what do you FC2 guys do to keep the average jerk out of your systems
> (I know there nothing that can be done against a smart, concentrated
> attack) As far as the small network goes I cant even think about taking my
> machine off the windows network until I learn and understand Linux
> security.
>
> Sorry this was so long but nothing like this ever happened to me before.
> Thanks again,
> Bob Randal