Page 395
Page 396
Security is one of the hottest topics in any system debate. How do you make your site more secure? How do you keep hackers out of your system? How do you make sure that your data is safe from intruders? How do you keep your company's secrets, secret?
Your system is as secure as its weakest point. This is an old saying, and one that is still true. I am reminded of an old Andy Griffith TV show in which the town drunk is sleeping off another episode in the jail. After he is sober, he looks around at the bars on the windows, the barred walls, and the gate. "A pretty secure jail," I thought; then the town drunk pushed open the door, said good-bye to Barney, and left. So much for the security!
Many times, systems are as secure as that jail. All the bars and locks are in place, but the door is left open. This chapter takes a look at what some of the bars and locks are, and explains how to lock the door. More importantly, though, you will learn how to conduct a security audit and where to go to get more information.
Security comes in many forms. Passwords and file permissions are your first two lines of defense. After that, things get difficult. Security breaches take on many forms. To understand your particular system and the security issues relevant to your system, you should first develop a security audit.
There are three basic parts of a security audit, each with many things to think about. First, you need to develop a plan, a set of security aspects to be evaluated. Second, you need to consider the tools that are available for assisting in evaluating the security aspects and choose ones that are suitable to your system. The third part of a security audit is knowledge gathering—not only knowledge of how to use the system, but what the users are doing with the system, break-in methods for your system, physical security issues, and much more. The following sections look at each of these three pieces of the audit and offer some direction about where to go for more information.
The plan can be as complex as a formal document, or as simple as a few notes scribbled on the back of a java receipt. Regardless of the complexity, the plan should at least list what aspects of the system you are going to evaluate, and how. This means asking two questions:
To answer these questions, it might be necessary to ask a few more questions concerning the following areas:
Page 397
Based on the discussion of these topics, a more detailed plan can be developed. As always, there will be trade-offs. For example, privacy of data could mean that only certain people could log on to the system, which affects system access for the users. System availability is always in contention with change control. For example, when do you change that failing hard drive on a 7¥24 system? The bottom line is that the detailed plan that is developed should include a set of goals; a way of tracking the progression of the goals, including changes to the system; and a knowledge base of what types of tools are needed to do the job.
Having the right tools always makes the job easier. That is especially true when you are dealing with security issues. A number of tools are available on the Internet, including tools to check passwords, check system security, and protect your system. Some major UNIX-oriented security organizations assist the UNIX/Red Hat Linux user groups in discussing, testing, and describing tools available for use. CERT, CIAC, and the Linux Emergency Response Team are excellent sources of information for both the beginner and advanced system administrator.
The following list introduces many of the available tools. This should be a good excuse, though, to surf the Net and see what else is available!
| cops | A set of programs; each checks a different aspect of security on a UNIX system. If any potential security holes do exist, the results are either mailed or saved to a report file. |
| crack | A program designed to find standard UNIX eight-character DES-encrypted passwords by standard guessing techniques. |
| deslogin | A remote login program that can be used safely across insecure networks. |
| findsuid.tar.Z | Finds changes in setuid (set user ID) and setgid (set group ID) files. |
| finger daemon | Secure finger daemon for UNIX. Should compile out-of-the-box nearly anywhere. |
| freestone | A portable, fully functional firewall implementation. |
| gabriel | A satan detector. gabriel gives the system administrator an early warning of possible network intrusions by detecting and identifying satan's network probing. |
Page 398
| ipfilter | A free packet filter that can be incorporated into any of the supported operating systems, providing IP packet-level filtering per interface. |
| ipfirewall | An IP packet filtering tool, similar to the packet filtering facilities provided by most commercial routers. |
| kerberos | A network authentication system for use on physically insecure networks. It allows entities communicating over networks to prove their identities to each other while preventing eavesdropping or replay attacks. |
| merlin | Takes a popular security tool (such as tiger, tripwire, cops, crack, or spi) and provides it with an easy-to-use, consistent graphical interface, simplifying and enhancing its capabilities. |
| npasswd | passwd replacement with password sanity check. |
| obvious-pw.tar.Z | An obvious password detector. |
| opie | Provides a one-time password system for POSIX-compliant, UNIX-like operating systems. |
| pcheck.tar.Z | Checks format of /etc/passwd; verifies root default shell and passwd fields. |
| Plugslot Ltd. | PCP/PSP UNIX network security and configuration monitor. |
| rsaeuro | A cryptographic toolkit providing various functions for the use of digital signatures, data encryption, and supporting areas (PEM encoding, random number generation, and so on). |
| rscan | Allows system administrators to execute complex (or simple) scanner scripts on one (or many) machines and create clean, formatted reports in either ASCII or HTML. |
| satan | The security analysis tool for auditing networks. In its simplest (and default) mode, it gathers as much information about remote hosts and networks as possible by examining such network services as finger, NFS, NIS, ftp and tftp, rexd, and others. |
| ssh | Secure shell—a remote login program. |
| tcp wrappers | Monitor and control remote access to your local tftp, exec, ftp, rsh, telnet, rlogin, finger, and systat daemon. |
| tiger | Scans a system for potential security problems. |
| tis firewall toolkit | Includes enhancements and bug fixes from V1.2, and new proxies for HTTP/Gopher and X11. |
| tripwire | Monitors system for security break-in attempts. |