1. 1 Security

2. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system. The more secure your system, the more miserable you and your users will tend to be Security = 1/(1.072 * Convenience)

3. 3 Example of Attacks Program Level Security –Non-malicious Program Errors: Buffer Overflow, Format String… –Malicious Codes: Trojan Horse, Logic Bomb, Virus, Worm… Network Attacks –Threat Precursors: Port Scan, Social Engineering, Reconnaissance, OS and App. Fingerprinting –Protocol Flaws: Impersonation –Spoofing: Session Hijacking, Man-in-the-Middle –Message Confidentiality Threat –Message Integrity Threats –Denial of Service: Connection Flooding (Ping of Death, Smurf), Syn Flood, DNS attack –Distributed Denial of Service

4. 4 Security Attacks

5. 5 Security Mechanisms Access Control

6. 6 Linux Security What level of threat the system needs to be protected against? –Analyze the system Packet Filtering Turn off unnecessary services –Be aware of what is happening on your system –Keep track the vulnerabilities - Software patches Backups –Recover effectively from a security incident User accounts –Minimal amount of privilege they need –Remove inactive accounts –The use of the same user-ID on all computers and networks is desirable for the purpose of account maintenance –User account provides accountability

7. 7 Linux Security Root Security –Only become root to do single specific tasks –Never use the rlogin/rsh/rexec suite of tools (called the r- utilities) as root –Always be slow and deliberate running as root. Your actions could affect a lot of things. Think before you type!

8. 8 Password security and encryption Use shadow password Password checking and selection Pluggable Authentication Modules – PAM –man pam.d

9. 9 Restricting access Control access to your system –TCP wrappers allows you to restrict access to some services on your system http://www.vtcif.telstra.com.au/pub/docs/security/tc p_wrapper.txt –/etc/hosts.deny man hosts.deny –/etc/hosts.allow man hosts.allow

10. 10 Miscellaneous Security Issues Remote event logging hosts.equiv and ~/.rhosts –Rshd, rlogind should be disabled fingerd Security and NIS –/etc/group, /etc/passwd, /etc/hosts… Security and NFS Security and sendmail

11. 11 Security of NFS A client request will include the client user-id of the process making the request The server must decide whether to believe the client's user-ids. NFS provides a means to authenticate users and machines Recommend the use of globally unique UID and the root_squash Use /etc/hosts.deny and /etc/hosts.allow to grant access

12. 12 Security Tools nmap nessus tripwire tcpd crack Other powerful tools

13. 13 Security Preparation Make a full backup of your machine Keep track of your system accounting data Apply all new system updates Subscribe to mailing lists to get information about potential problems

14. 14 Cryptographic Security Tools Kerberos –A secret key based service for providing authentication in a network –Improve traditional Linux password security: Never transmit unencrypted passwords on the network Users do not have to type passwords repeatedly –For more information: http://web.mit.edu/kerberos/www/dialogue.html SSH –The secure shell to replace rlogin, rcp, and telnet –http://www.openssh.com/http://www.openssh.com/ –Server side: sshd –Client side: ssh, scp –ssh-keygen

15. 15 Firewall Filter-based Should arriving packet be allowed in? Departing packet let out? Proxy-based

16. 16 How iptables work

17. 17 One iptables Example

18. 18 Useful Websites http://www.cert.org http://www.sans.org/ –http://www.sans.org/rr http://www.securityfocus.com/  http://www.phrack.org/ http://www.phrack.org/