Linux. Security.

Discussion in 'other security issues & news' started by sosaiso, Jul 31, 2006.

Thread Status:
Not open for further replies.
  1. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    So, what is it that we really need?

    I've got it narrowed down to...

    1. No unneeded services. [But which ones are needed? Is there a services cheatsheet like there is with Windows?]
    2. Firewall is built in, so no need to get any of those.
    3. Restricted policies by default. Be suspicious of anything that wants t3h root.
    4. Run a rootkit scanner. [Which one though?]

    So, what is to be thrown out the window is constant paranoia, and the resident protection.

    Now I know why viruses dont' exist, it's because they can't survive with the restrictions.

    But trojans? Are there linux trojans that steal our info? Or do they simply not exist? Is worrying about a javabyte.trjoan.whatever a thing of my Windows past?

    These are such easy questions, but I could not find a definitive answer with 2 hours of googling that would put my mind at rest.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Greatest security risks in Linux are:
    SSH
    Local access
    Both can do a lot of damage, particularly if someone knows your root password. But you can disable SSH in your firewall, and make sure no unwanted people have access to your PC. And then, you're set.
    Mrk
     
  4. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    Mrk, can you explain why openSSH is a security risk?, i don't understand.
    I thought it's purpose was to make secure connections with other systems in a network.

    Lamehand
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    It is a risk because if someone knows your ip and root password, he can connect from anywhere and do anything he likes. Of course, this risk is not very high. It is very slim. But it is higher than would-be trojan, virus or other inventions for Linux.
    It is also a very good thing. Just need to be aware of all possibilities, that's all.
    Mrk
     
  6. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    Ok i understand, as long you use a 'strong' password and keep it safe this won't be a problem.


    Lamehand
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What is SSH and if u disable it, what functionality u loose?
    Thanks.
     
  8. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    It's an application to establish secure connections between systems, but if you don't have it installed there is nothing to worry about in this regard.
    If you have it installed and then disable it you won't be able to use a secure connection, thats all.

    Lamehand
     
  9. tlu

    tlu Guest

  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    thanks
     
  11. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Thanks for the heads up.

    So, basically, just enable that firewall, strong root password, scan for a kit once in awhile. and I'm all set. I know about the booting into r00t via a floppy, and that's not something I'm going to worry about because of the location of the computer.

    As for the firewall aspect, does one need outbound protection? I don't even think there is any mention of outbound protection for any of the Linux firewalls, but it's another habit one picks up when using MS.

    But this SNORT thing, looks to be something to play with. What are some good proggies that will implement these rulesets as an IDS?
     
  12. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    I use firestarter to set policy's for outbound connections, its a frontend for IPtables.
    But if there aren't any strange or unneeded services running on the system there is no need for outbound protection.
    The services i have running are only for systemlogging and daily automated tasks like checking for updates and such.

    Lamehand
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I can,t understand this.
     
  14. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    - Firewall. On = good.
    - root password = 14 char mixture of lower case, upper case, numerals, and ~!@#$%^&*()_+-=`
    - Scan for rootkit once a month or so.
    - If someone has access to your floppy drive on a Linux system, then you're as good as gone. All they have to to do reboot and they can reset r00t.

    Hope that helps a bit. I tend to ramble.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Is it really true? How one can reset root without knowing root password?
     
  16. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    This might be of some interest to you then.

    http://www.bastille-linux.org/jay/anyone-with-a-screwdriver.html

    scroll down to "Boot via a floppy / cdrom / other bootable, removable media"

    Physical access is t3h evil. Everyone who uses Linux should keep that in mind. It's actually the first thing that people tell you when you ask "linux security".
     
  17. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    If one disables SSH in Linux, does that only disable the SSH server service?
    So one can not have a remote admin like on Windows?

    With SSH service disabled can one still use an SSH client like PuTTy to connect to an SSH server, use SFTP programs, etc.?
     
  18. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    If you disable the service it can't be used and it won't be running from startup and server and client-part can't be used.SSH doesn't come with linux you have to install it from synaptic, so it's a choice.
    I don't have remote admin on this system so i can't comment on that, i kicked that off when i first installed linux, but remote admin doesn't depend on SSH
    I just use SSH to connect a couple of systems i have, no putty here.
    Sorry i can't be more helpfull, but i am still learning this system aswell.

    Lamehand
     
Loading...
Thread Status:
Not open for further replies.