Recognizing Network Threats | Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)

Every network service that is remotely accessible offers a path onto your system. If there is an exploit (available today or some time in the future), then you will have a risk that needs to be addressed. In addition, many network services run with root privileges; an exploit can potentially access your entire file system as root. Even if the exploit only gives user-level access, there are plenty of options for escalating privileges from a "regular" local user to root.

Tip

As far as bug discovery goes, local exploits are much more common than remote exploits. However, if you periodically update your system with apt-get update and apt-get upgrade, then you should have most of the local exploits under control. Periodically updating your system will also take care of any known remote exploits.

Having open ports accessible within your home or office network is usually not as serious as having ports accessible to anyone on the Internet. For example, I'm not too worried about my RedHat system having access to my Ubuntu box. On the other hand, I certainly don't want everyone in the world to access my Ubuntu NFS service.

What's My Motivation?

Security is a measurement of risk. A good system is "secure enough" for your needs. With security comes tradeoffs for performance, accessibility, and functionality. In order to understand your risks, you need to understand your potential attacker. For example, in your home environment, your main risks are probably restricted to physical access from kids, cats, and the occasional guest (anyone who might download a virus or accidentally delete something critical). However, other risks may include burglary, disk crashes, and viruses that you accidentally download.

Threats at home are different than threats at work. In your office are dozens or hundreds of people with network access, including a few disgruntled employees, and sensitive or company confidential information. However, local access is still limited to people who are usually trusted. This is different from Internet-accessible services, where anyone in the world has access and you know that you cannot trust everyone.

The big question becomes: who is your likely attacker, and what does the attacker probably want? In directed attacks, someone wants something on your system- files, passwords, credit cards, secret files, or anything else of value. However, more common are broadcast attacks, where the attacker wants a computer and not specifically your computer. Even if you have a slow CPU and very little disk space, the fact that you have Internet access means that you can relay spam, act as a proxy for anonymous attacks, or become part of a botnet. If you happen to have a fast computer or a few gigabytes of disk space, then that's just icing on the cake for the attacker. They can use your computer to store porn or warez (stolen software), crack passwords, host chat rooms for other undesirable associates, or worse. That one network service that you temporarily opened to the Internet could be the reason you are at the epicenter of a massive network attack and child pornography ring.

Attackers are constantly scanning the Internet for computers with vulnerable network services. If you open up a web, FTP, or e-mail server, then potential attackers will probably discover it within a few hours. If you open some other service, then it might take longer to be discovered, but eventually someone will find it.