26.1. A Perspective on System Security
It's sometimes difficult keeping a balanced perspective on system security. The media tends to sensationalize stories relating to security breaches,
especially
when they involve well-known companies or institutions. On the other hand, managing security can be a technically challenging and
time-consuming
task. Many Internet users take the view that their system holds no
valuable
data, so security isn't much of an issue. Others
spend
large amounts of effort nailing down their systems to protect against unauthorized use. No matter where you sit in this spectrum, you should be aware that there is always a risk that you will become the target of a security attack. There are a whole host of reasons why someone might be interested in breaching your system security. The value of the data on your system is only one of them; we discuss some others later in the chapter. You must make your own judgment as to how much effort you will expend, though we recommend that you err on the side of caution.
Traditional system security focused on systems that were accessible through either a connected hard-wired terminal or the system console. In this realm the greatest risks typically came from within the organization owning the system, and the best form of defense was physical security, in which system consoles, terminals, and
hosts
were in locked rooms. Even when computer systems started to become
network-connected
, access was still very limited. The networks in use were often expensive to gain access to, or were closed networks that did not allow connections to hosts from just
anywhere
.
The popularity of the Internet has given rise to a new wave of network-based security concerns. An Internet-connected computer is
open
to potential abuse from tens of millions of hosts around the world. With improved accessibility comes an increase in the number of
antisocial
individuals intent upon
causing
nuisance. On the Internet, a number of forms of antisocial behavior are of interest to the system administrator. Those that we address in this chapter are the following:
-
Denial of service (DoS)
-
This kind of attack degrades or disrupts a service on the system.
-
Intrusion
-
This kind of attack
accesses
the system by guessing passwords or
compromising
some service. Once an intruder has access to a system, he may then vandalize or steal data or use the target system to launch attacks on some other host.
-
Snooping
-
This kind of attack involves intercepting the data of another
user
and listening for passwords or other sensitive information. Sometimes this form of attack involves modification of data, too. Snooping usually involves eavesdropping on network connections, but can also be performed by compromising a system to intercept library or system calls that carry sensitive information (e.g., passwords).
-
Viruses, worms, and Trojan horses
-
These attacks each rely on compelling users of your system to execute programs supplied by the attacker. The programs could have been received in an email message, or from a web site, or even from within some other apparently harmless program retrieved from somewhere on the Internet and installed locally.
A DoS attack commonly involves generating an abnormally large number of
requests
to a service provided by a system. This rush of activity may cause the host system to exhaust its memory, processing power, or network bandwidth. Another way is to provide the service with non-ordinary input in order to exploit a bug in the service and cause a
core
dump. As a result, further requests to the system are
refused
, or the system's performance degrades to an unusable point. For this type of attack to work, an attacker must either exploit a poorly designed service or be able to generate a number of requests far
exceeding
the capacity of the service.
A more insidious form of DoS attack is the distributed denial of service (DDoS). In this form of attack, a large number of computers are used or caused to generate requests against a service. This
increases
the damage of a DoS attack in two ways: by overwhelming the target with a huge volume of traffic, and by hiding the perpetrator behind thousands of unwitting
participants
. Using a large number of hosts from which to launch an attack also makes DDoS attacks particularly difficult to control and remedy once they've occurred. Even people who have no concerns about the state of their own data should protect
themselves
against this form of attack so as to minimize the risk of becoming an unwitting accomplice in a DDoS attack against someone else.
The second form of attack, sometimes known as
cracking
, is the one that most people associate with security .
Companies and institutions often store sensitive data on
network-accessible
computer systems. A common example of concern to the average Internet user is the storage of credit card details by web sites. Where there is money involved, there is incentive for dishonest individuals to gain access and steal or misuse this kind of sensitive data.
Sometimes the
methods
that are used to gain unauthorized access or
disrupt
service are very ingenious, if not unethical. Designing an intrusion mechanism often requires a strong knowledge of the target system to uncover an exploitable flow. Often, once an intrusion mechanism has been
discovered
, it is packaged in the form of a so-called
rootkit
, a set of programs or scripts that
anyone
possessing only basic knowledge can use to exploit a security hole. The vast majority of intrusion attacks are launched by "script kiddies" who make use of these prepackaged intrusion kits without any real knowledge of the systems they are attacking. The good news is that it is usually straightforward for a system administrator to protect a system from these well-known attacks; we discuss various ways to secure your system in this chapter.
|
