C. Security IN THIS APPENDIX Encryption | 988 | File Security | 993 | Email Security | 993 | Network Security | 994 | Host Security | 997 | Login Security | 998 | Remote Access Security | 999 | Viruses and Worms | 1000 | Physical Security | 1000 | Security Resources | 1002 |
| Security is a major part of the foundation of any system that is not totally cut off from other machines and users. Some aspects of security have a place even on isolated machines. Examples of these measures include periodic system backups, BIOS or power-on passwords, and self-locking screensavers. A system that is connected to the outside world requires other mechanisms to secure it: tools to check files (tripwire), audit tools (tiger/cops), secure access methods (kerberos/ssh), services that monitor logs and machine states (swatch/watcher), packet-filtering and routing tools (ipfwadm/iptables/ipchains), and more. System security has many dimensions. The security of your system as a whole depends on the security of individual components, such as your email, files, network, login, and remote access policies, as well as the physical security of the host itself. These dimensions frequently overlap, and their borders are not always static or clear. For instance, email security is affected by the security of files and your network. If the medium (the network) over which you send and receive your email is not secure, then you must take extra steps to ensure the security of your messages. If you save your secure email into a file on your local system, then you rely on the filesystem and host access policies for file security. A failure in any one of these areas can start a domino effect, diminishing reliability and integrity in other areas and potentially compromising system security as a whole. This short appendix cannot cover all facets of system security in depth, but it does provide an overview of the complexity of setting up and maintaining a secure system. This appendix provides some specifics, concepts, guidelines to consider, and many pointers to security resources (Table C-1 on page 1002). Table C-1. Security resourcesTool | What it does | Where to get it |
---|
AIDE | Advanced Intrusion Detection Environment. Similar to tripwire with extensible verification algorithms. | sourceforge.net/projects/aide | bugtraq | A moderated mailing list for the announcement and detailed discussion of all aspects of computer security vulnerabilities. | www.securityfocus.com/archive/1 | CERT | Computer Emergency Response Team. A repository of papers and data about major security events and a list of security tools. | www.cert.org | chkrootkit | Checks for signs of a rootkit indicating that the machine has been compromised. | www.chkrootkit.org | dsniff | Sniffing and network audit tool suite. Free. | naughty.monkey.org/~dugsong/dsniff/ | ethereal | Network protocol analyzer. Free. | www.ethereal.com | freefire | Supplies free security solutions and supports developers of free security solutions. | www.freefire.org | fwtk | Firewall toolkit. A set of proxies that can be used to construct a firewall. | www.fwtk.org | GIAC | A security certification and training Web site. | www.giac.org | hping | Multipurpose network auditing and packet analysis tool. Free. | www.hping.org | ISC2 | Educates and certifies industry professionals and practitioners under an international standard. | www.isc2.org | John | John the Ripper: a fast, flexible, weak password detector. | www.openwall.com/john | Kerberos | Complete, secure network authentication system. | web.mit.edu/kerberos/www | L6 | Verifies file integrity; similar to tripwire. | www.pgci.ca/l6.html | LIDS | Intrusion detection and active defense system. | www.lids.org | LinuxSecurity.com | A solid news site dedicated to Linux security issues. | www.linuxsecurity.com | LWN.net | Security alert database for all major Linux distributions. | lwn.net/Alerts | Microsoft Security | Microsoft security information. | www.microsoft.com/security | nessus | A plugin-based remote security scanner that can perform more than 370 security checks. Free. | www.nessus.org | netcat | Explores, tests, and diagnoses networks. | freshmeat.net/projects/netcat | nmap | Scans hosts to see which ports are available. It can perform stealth scans, determine operating system type, find open ports, and more. | www.insecure.org/nmap | OPIE | Provides one-time passwords for system access. | inner.net/opie | RBAC | Role Based Access Control. Assigns roles and privileges associated with the roles. | csrc.nist.gov/rbac | Red Hat Security | Red Hat security information. | www.redhat.com/security | SAINT | Security Administrator's Integrated Network Tool. Assesses and analyzes network vulnerabilities. This tool follows satan. | www.wwdsi.com/saint | samhain | A file integrity checker. Has a GUI configurator, client/server capability, and real-time reporting capability. | samhain.sourceforge.net | SANS | Security training and certification. | www.sans.org | SARA | The Security Auditor's Research Assistant security analysis tool. | www-arc.com/sara | Schneier, Bruce | Security visionary. | www.schneier.com | Secunia | Monitors a broad spectrum of vulnerabilities. | secunia.com | SecurityFocus | Home for security tools, mail lists, libraries, and cogent analysis. | www.securityfocus.com | snort | A flexible IDS. | www.snort.org | srp | Secure Remote Password. Upgrades common protocols, such as TELNET and FTP, to use secure password exchange. | srp.stanford.edu | ssh | A secure rsh, ftp, and rlogin replacement with encrypted sessions and other options. Supplied with Red Hat Linux. | www.ssh.org openssh.org | swatch | A Perl-based log parser and analyzer. | swatch.sourceforge.net | Treachery | A collection of tools for security and auditing. | www.treachery.net/tools | tripwire | Checks for possible signs of intruder activity. Supplied with Red Hat Linux. | www.tripwire.com |
Security: Other sources of system security information Depending on how important system security is to you, you may want to purchase one or more of the books dedicated to system security, visit some of the Internet sites that are dedicated to security, or hire someone who is an expert in the field. Do not rely on this appendix as your sole source of information on system security. |