Chapter13.System Security

Chapter 13. System Security

Security is always a trade-off between convenience and features on the one hand and being protective and removing unnecessary risks on the other. As the cliché goes, security is inversely proportional to convenience and accessibility. In other words, a "totally secure" system is one that is not connected to anything (not to a terminal and most certainly not to a network), no one is ever allowed to use it, and it is never powered on!

TIP

Do you know whether your system has been compromised? Read Jay Beale's article, aptly titled "Detecting Server Compromises," in the February 2003 issue of Information Security Magazine (http://www.infosecuritymag.com/2003/feb/linuxguru.shtml).

As installed in "normal" mode from most current distributions, Linux tends to be a feature-rich yet very "insecure" operating system. For example, some distributions install an active web server by default. Although this is very convenientthe system can start serving files almost immediately and web-based administrative tools will work right awayit also exposes the system to many sorts of security threats. If a very secure system is your goal, you need to take additional steps to harden it.

NOTE

The process of modifying a system to make it highly secure is known as hardening.

NOTE

Realistically, a system should be hardened right after it has been installed and still in a clean state. This is not possible in most cases, and you will probably think of hardening the system after it show signs of being compromised. If this is the case, you should at least check and replace all suspected system utilities (such as ls and ps) and add-on applications (such as Apache) with known good copies before starting on the hardening process.

This chapter presents you with ideas and theories associated with overall system security, from both a hardware and software point of view, starting with an overview of the principles behind system hardening.