You are on page 1of 14

Basic Linux/System Security

Bill Stearns, Senior Research Engineer Institute for Security Technology Studies, Investigative Research for Infrastructure Assurance Dartmouth College

19 Jun 2001

New Jersey Infragard

Physical Security
Physical access to machines Switches instead of hubs

19 Jun 2001

New Jersey Infragard

Principle of least privilege


Fewest accounts necessary Fewest open ports necessary Fewest running applications

19 Jun 2001

New Jersey Infragard

Root Account
Used as little as possible
Master key to a building Apps use other accounts, if possible People use su, sudo

http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/sudo.v80.htm

19 Jun 2001

New Jersey Infragard

Passwords
>=7 characters Mixed case, letters and symbols Not names or words Keep private Dont leave them out in the open Change once a month to 6 months Passphrases http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/essential_host_security.htm
New Jersey Infragard 5

19 Jun 2001

Open ports
Close all unneeded applications
netstat anp or lsof to see whats open Ntsysv, linuxconf to shut down

Firewalls as a special case for a network Disable, or at least limit, file sharing http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm
19 Jun 2001 New Jersey Infragard 6

Plaintext network connections


Email, telnet, web traffic Sniffers http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/ssh-intro.htm

19 Jun 2001

New Jersey Infragard

Encrypted network connections


Ssh
Terminal session File copying Other TCP connections

http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/ssh-techniques.v0.81.htm IPSec


All packets traveling between systems or networks http://www.freeswan.org

https web servers http://httpd.apache.org/related_projects.html


19 Jun 2001 New Jersey Infragard 8

Package updates
Available from Linux distribution vendor
Sign up for announcements list Use automated update tools: up2date, red carpet

http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm

19 Jun 2001

New Jersey Infragard

Intrusion Detection System


Snort
Reports on attack packets based on a regularly updated signature file Install inside the firewall

http://www.snort.org

19 Jun 2001

New Jersey Infragard

10

Advanced techniques
Audited OS: OpenBSD http://www.openbsd.org Stack overflow protected OS: Immunix http://www.immunix.org Chroot applications, capabilities Virtual machines: VMWare and UML http://www.vmware.com, http://www.user-modelinux.sourceforge.net TCFS http://tcfs.dia.unisa.it
19 Jun 2001 New Jersey Infragard 11

Resources
Distribution security announcements list ISTS Knowledgebase http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/index.htm
Worm characterizations and removal tools Linux and network security papers covering many of todays topics

Ssh key installer ftp://ftp.stearns.org Sans training http://www.sans.org Bastille Linux http://www.bastille-linux.org
19 Jun 2001 New Jersey Infragard 12

Thanks
Les Morton, PSEG and Jim ONeill NJ InfraGard for inviting me ISTS and George Cybenko for sponsoring the presentation

19 Jun 2001

New Jersey Infragard

13

Contact
http://www.ists.dartmouth.edu/IRIA/ William Stearns wstearns@ists.dartmouth.edu Questions?

19 Jun 2001

New Jersey Infragard

14