Understanding Computer Attacks

There are many ways to divide up the types of computer attacks, but perhaps the easiest to understand is the internal attack, where someone has access to a computer on the local area network, versus the external attack, which occurs over the Internet. The distinction is important because it clarifies the relative danger your system is in. Chances are excellent that your local network is protected quite well by the system of permissions, along with the trust you place in your users to not damage the system. Unless you are in the habit of hanging around with the bad guys and giving them access to your system, you shouldn't have to spend a great deal of time protecting your system against your users.

It's that outside world that you must worry about most. In a world and Internet filled with millions upon millions of people, some percentage (usually small) will be evil. The Internet makes it possible for machines to connect on a vast scale, and any single machine can be attacked by people located anywhere on the planet. Within minutes of making first contact with the Internet, some machines can be attacked, although usually not successfully. Don't let your machines be counted among the victims.

This situation is not a result of malicious users lying in wait for your IP address to do something interesting. Instead, canny virus writers have created worms that exploit a vulnerability, take control of a machine, and then spread it to other machines around them. As a result, more attacks today are the result of these autohacking tools. There are really only a handful of the truly evil out there; however, as with most human endeavors, if you're really the target of someone's attack, you probably cannot prevent it without a massive effort.

Scripts come in another flavor as well: prewritten code that exploits a vulnerability and gives its users special privileges on the compromised machine. These scripts are rarely used by their creators. They get posted online for the aforementioned script kiddies, who use them to invade vulnerable systems and brag about it to their friends.

Your job as a system administrator is to keep your computers and local networks from being compromised by worms, script kiddies, and the more serious attacks conducted by more experienced criminals. Your users (even if it's just you) want to use the computer to accomplish great things and not worry about the firefights outside. Wearing your sysadmin hat, you can accomplish this task.

Regardless of the source of the attack, you can follow a five-step checklist to secure your SUSE Linux box:

1. Assess your vulnerability. Decide what machines can be attacked, what services they are running, and who has access to them.

2. Configure the server for maximum security. Install only what you need, run only what you must, and configure a local firewall.

3. Secure physical access to the server.

4. Create worst-case scenario policies.

5. Keep up to date with security issues.

You'll learn more about each step in the following sections. You must implement all the steps.