19 Jun 2001 New Jersey Infragard 1

Basic Linux/System Security

19 Jun 2001 New Jersey Infragard 2
Physical Security
Physical access to machines
Switches instead of hubs
19 Jun 2001 New Jersey Infragard 3
Principle of least privilege
Fewest accounts necessary
Fewest open ports necessary
Fewest running applications
19 Jun 2001 New Jersey Infragard 4
Root Account
Used as little as possible
Master key to a building
Apps use other accounts, if possible
People use su, sudo
http://www.ists.dartmouth.edu/IRIA/knowle
dge_base/linuxinfo/sudo.v80.htm
19 Jun 2001 New Jersey Infragard 5
Passwords
>=7 characters
Mixed case, letters and symbols
Not names or words
Keep private
Dont leave them out in the open
Change once a month to 6 months
Passphrases
http://www.ists.dartmouth.edu/IRIA/knowledge_b
ase/linuxinfo/essential_host_security.htm
19 Jun 2001 New Jersey Infragard 6
Open ports
Close all unneeded applications
netstat anp or lsof to see whats open
Ntsysv, linuxconf to shut down
Firewalls as a special case for a network
Disable, or at least limit, file sharing
http://www.ists.dartmouth.edu/IRIA/knowle
dge_base/linuxinfo/essential_host_security.
htm
19 Jun 2001 New Jersey Infragard 7
Plaintext network connections
Email, telnet, web traffic
Sniffers
http://www.ists.dartmouth.edu/IRIA/knowle
dge_base/linuxinfo/ssh-intro.htm

19 Jun 2001 New Jersey Infragard 8
Encrypted network connections
Ssh
Terminal session
File copying
Other TCP connections
http://www.ists.dartmouth.edu/IRIA/knowledge_b
ase/linuxinfo/ssh-techniques.v0.81.htm
IPSec
All packets traveling between systems or networks
http://www.freeswan.org
https web servers
http://httpd.apache.org/related_projects.html
19 Jun 2001 New Jersey Infragard 9
Package updates
Available from Linux distribution vendor
Sign up for announcements list
Use automated update tools: up2date, red carpet
http://www.ists.dartmouth.edu/IRIA/knowle
dge_base/linuxinfo/essential_host_security.
htm

19 Jun 2001 New Jersey Infragard 10
Intrusion Detection System
Snort
Reports on attack packets based on a regularly
updated signature file
Install inside the firewall
http://www.snort.org

19 Jun 2001 New Jersey Infragard 11
Advanced techniques
Audited OS: OpenBSD http://www.openbsd.org
Stack overflow protected OS: Immunix
http://www.immunix.org
Chroot applications, capabilities
Virtual machines: VMWare and UML
http://www.vmware.com, http://www.user-mode-
linux.sourceforge.net
TCFS http://tcfs.dia.unisa.it
19 Jun 2001 New Jersey Infragard 12
Resources
Distribution security announcements list
ISTS Knowledgebase
http://www.ists.dartmouth.edu/IRIA/knowledge_b
ase/index.htm
Worm characterizations and removal tools
Linux and network security papers covering many of
todays topics
Ssh key installer ftp://ftp.stearns.org
Sans training http://www.sans.org
Bastille Linux http://www.bastille-linux.org