Re: [TCLUG:5793] security (some pre-coffee thoughts)...

[Peter Lukas <peter@math.umn.edu>]

Sounds great.  First and foremost though: 
* Verbalize a security policy for your network and put it in writing.
* Be very selective of what packages are installed on all systems.
  Never install "Everything" if you're gonna plug it into the Internet.
* comment out all undesired services in /etc/inetd.conf 
* run xinetd or binetd for more secure control than tcp_wrappers.
* get every trace of linuxconf off the system.
* get rid of that decrepid sendmail 8.8.7 that RedHat ships with.
  Fortunately, 6.0 got an upgrade on that one but nuke that too and run
  qmail if you must be a mail server.
* If xdm is running, disable XDMCP broadcast in xdm/Xaccess
* Take a long look at physical machine security.
  (disable floppy boot, get LILO upgrade, no dual-boot, lock BIOS with pw, 
  etc).
* Run security analysis tools, nessus, satan, cops, sniffit, etc.
* Do not run NFS if you can help it.  If you must, look into SNFS.
* Learn about encryption and authentication.
* Take a look into IPSEC, skip.
* Replace all "r" commands with ssh.
* Change passwords often.
* Lock your screen when you're away if using a public terminal (also, run 
  xdm; xlock killed from a startx X session takes you to a shell prompt).
* If you must pop your mail, use ssh port forwarding to retrieve it.
* Use switches instead of hubs (if you can afford it).  ALL hubs allow for 
  sniffing of every packet on the lan, regardless of what machine the 
  rogue sniffer is on.
* Run full-duplex switched and fast ethernet (I can't stress that one
  enough although funds sometimes make this difficult).
* Run this: `find / -mount -not -type d  -perm +6000 -exec ls -ld {} \;`
  and un-suid anything that shouldn't be setuid 0.
* wrap off potentially dangerous suid programs (xlock, color_xterm, xterm,
  etc)
* Kill the xfs that RH6.0 ships with and get the fonts directly from X.
* Learn what ports are suspect for suspicious activity (12345, 31337-UDP,
  etc).
* Try practice break-ins on yourself.  Invite "trusted" others to do the
  same.
* Create and maintain a disaster recovery scenario.
* Keep on and offsite tape backups of your data (see above).
* Maintain a "zero-tolerance" policy for intruders, spammers and abusers
  of the system.

Last, but definitely not least...

* TRUST NO ONE!

Peter Lukas

PS:
Any of the following materials will be useful:
 * Actually Useful Internet Security Techniques
   Larry J. Huges, New Riders Publishing; 10/95 ISBN 1562055089
 * Anarchy Online
   Charles Platt, Harper Prism; 4/97 ISBN 0061009903
 * The Cuckoo's Egg; Tracking a Spy Through the Maze of Computer Espionage
   Clifford Stoll, Pocket Books; 7/95 ISBN: 0671726889
 * Cyberlaw: The Law of the Internet
   Jonathan Rosenoer, Springer Verlag; 11/96 ISBN 0201633574
 * Firewalls and Internet Security: Repelling the Wily Hacker
   William R. Cheswick, S. Bellovin.  Addison-Wesley, 6/94 ISBN 0201633574
 * Halting the Hacker, A practical Guide to Computer Security
   Donald L Pipkin, Prentice Hall Computer Books; 1/97 ISBN 013243718X
 * Information Warfare: Chaos on the Electronic Superhigway
   Winn Schwartau, Thunder's Mouth Press; 10/96 ISBN 1560251328
 * Security in Computing
   Charles P. Pfleeger, Prentice Hall; 9/96 ISBN 0133374866

Peter Lukas

On Tue, 4 May 1999, Tim Wilson wrote:

> Good morning everyone,
> 
> I've been thinking about security on my server lately. I've realized that
> I really need to get up to speed on security issues before my system gets
> cracked. I've been reading some docs on the subject, but I thought the
> entire list might benefit from this question. (Incidentally, I suppose
> this would be a good topic for the FAQ-O-matic, but I was having trouble
> figuring out how to use it. It didn't seem to want to accept my password.)
> 
> Let's assume that you've got a newly installed Linux system on a
> brand-spankin'-new server. RedHat for example. Let's say that this machine
> will be a file server on a LAN with a mixture of Win9x/NT and Linux
> client. You will also be running a web server, ftp server, and would like
> to allow remote access from home for administration purposes. Once the
> system is installed, what steps should you take to secure the system?
> 
> Let's contribute a list of steps, put them into some order, and place it
> on the TCLUG website or in the FAQ-O-matic. Here are some initial
> suggestions (incomplete, and in no particular order).
> 
> 1. Install SSH on the server. Go to
> ftp://ftp.replay.com/pub/crypto/crypto/SSH/ to download SSH.
> 
> 2. Make sure you install TCP Wrappers to make some rules for allowing and
> disallowing access to services.
> 
> 3. Read the Security-HOWTO at the Linux Documentation Project website
> (http://metalab.unc.edu/mdw/linux.html)
> 
> 4. Read the Linux Administrators Security Guide at
> http://www.seifried.org/lasg/
> 
> Well that's a small start. Would others of you be interested in adding
> your $0.02?
> 
> -Tim
> 
> --
> Timothy D. Wilson			"A little song, a little dance,
> University of MN, chem. dept.		a little seltzer down your 
> wilson@chem.umn.edu			pants."   -Chuckles the Clown
> Phone: (612) 625-9828                       as eulogized by Ted Baxter
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com
> 
>