Computer security is a vast topic, and detailed coverage is beyond the scope of this book. However, we will show you that, with a little planning and a few basic tools, you can secure your Fedora Core 2 Linux system against the most likely threats. Take the time to understand the basic principles of computer security, so you can be confident that your system is not vulnerable to accidental damage or malicious attack.
In a nutshell , computer security is about the protection of computing assets against threats such as theft, accidental loss, unauthorized access by a third party, and denial of service (whereby legitimate users of computing assets are prevented from using them). Computing assets include the following:
Information stored on a computer (personal details, financial information, customer information, intellectual property, and so on)
CPU, memory, storage, and network resources
Computing services (Web sites, FTP, and print servers)
The concepts involved in computer security are straightforward. You need to identify what you want to protect and the threats you want to protect them from, figure out how much effort to put into your protection schemes, and, once you ve implemented them, regularly test the effectiveness of your protection. The details of how this is done can get very technical, and really serious security requirements (such as government, banks, airlines, and so on) need highly advanced skills and equipment to address them. However, where the security requirements are more modest, such as those for the normal home or business user , they are within reach of the competent beginner.
The following sections show you how to enhance the security of your Fedora Core 2 Linux system.
The first step in planning the security of your Fedora Core 2 Linux system is to identify what you have on that system that is of value to you. You ll probably want to include the computer hardware itself (even though Fedora Core 2 Linux will happily run on machines considered by others to be nothing more than scrap), but the value of the information stored on the system is a little less clear.
To help you draw up a list, consider how much effort it would take to re-create information if it was lost, and what the impact would be if the information fell into the hands of an unauthorized person, possibly with malicious intent. Think about the confidentiality of your data.
Consider also the impact of unauthorized changes to your data; if you run a business, maybe your Web site gets hacked and displays prices twice that of your competitors , or perhaps someone does a search and replace operation on your homework essay and you don t check it before sending it in. Think about the integrity of your data.
Even if your data is secure, and hasn t been modified by unauthorized people, you and other authorized users still need to be able to access it. The only way of guaranteeing that your company s Web site won t get hacked is to unplug the computers on which it runs. So, availability of your data is important, too.
In some environments, performance of computer systems is critical. Transaction-processing systems need to meet expected response times for users; number- crunching systems need to get their calculations done in an acceptable time; Web servers need to respond quickly to requests from Web browsers. If your system has to perform well, but is subject to, or even taking part in, a denial-of-service attack, performance may be unacceptably low, so you d better add performance to your list of things you want to protect.
Your list of valuable things that you want to protect will probably include personal information, such as your e-mail address book, financial information, and any confidential information belonging to third parties that you have an obligation to protect. In determining the value of something, it is helpful to try and work out how much time and effort would be required to re-create it. If, for example, your Fedora Core 2 Linux system was badly compromised, you might need to re-install everything from trusted CD-ROMs, and then validate application data as it is restored from backups .
Now you ve identified what you ve got that s valuable; the next step in planning your system security is to identify the potential threats.
Despite what you may read in the press about hackers, the most common causes of data loss are operator error ( finger trouble ) and hardware failure . Nevertheless, you should still consider unauthorized access, either locally or, if the machine is connected to some sort of network (LAN or the Internet), remotely, as another potential threat.
A hacker typically starts his or her activities by attempting to connect to your system using various TCP port numbers to try and find out where your system is vulnerable. This process is known as probing . Of course, if the hacker is somewhere out there on the Internet, he can probe your system only when you are connected, which is why people with always on Internet connections, such as x DSL ( broadband ), need to pay particular attention to security. A secure system will simply ignore incoming probes so the potential hacker has no indication that there is anything using the IP address he picked to probe. (Note that not all probes indicate a threat ”some ISPs also probe ports on their customers systems.)
If your system does respond to a hacker s probes, the hacker s next step will be to identify what software is listening on the ports (for example, a Web server, FTP server, telnet, and so on) and try to exploit any security vulnerabilities in those programs. If the hacker is successful, he will be able to gain root access to your system, and may install modified versions of standard software that will allow him back in, or to use your system to launch attacks on other systems. Because vulnerabilities in software are found and fixed on a frequent basis, it is important to check regularly for known problems with any of the software you are running and obtain updates as soon as they become available. Fortunately, Fedora Core 2 makes this extremely easy through the Red Hat Network and the up2date command. We ll look at this later in the chapter.
Transferring information over a network also opens up the possibility of eavesdropping ”someone other than the intended recipient may intercept the information en route.
Theft of computer equipment can be a big problem, especially for laptop users, and certain areas may suffer from environmental problems, such as flooding, that can damage computer equipment.
So, in summary your list of possible threats could look something like this:
Hardware failure (particularly disk drives )
Theft of equipment
Unauthorized local access
Unauthorized remote access
Denial-of-service (DoS) attack
Eavesdropping of network communications
Damage due to environmental conditions
Worms and viruses are examples of malicious code that an attacker may try to install on your system, either directly, or indirectly from a system that she has already compromised. The behavior of these programs varies from the relatively benign to serious security breaches. Worms can disrupt networks by overloading them as they replicate. Viruses can also do this, and may have a payload that causes the infected system to relay spam mail or participate in distributed denial-of-service attacks on high-profile Web sites. Trojans appear to be legitimate programs, but offer the attacker a back-door way to access the infected system bypassing normal security controls.
In all cases, infection is undesirable, and can be prevented by vigilant system administration ”installing code and programs obtained from trusted sources only, limiting the open network ports to the minimum required for a server to do its job, and monitoring the server for unexpected network activity (for example, listening on unexpected network ports and high network traffic to unexpected Internet sites).