Section 7.9 Desktop Policy

Previous page
Table of content
Next page
   

7.9 Desktop Policy

graphics/fivedangerlevel.gif

By desktop we mean any system on a user's desktop that is used directly, such as Windows and Macs. A few will have Linux or UNIX. It is assumed they are connected to the LAN (local area network) and the users are not expert SysAdmins and do not know much about security.

Most of what users "know" about security they learned from sensational articles in trade magazines and reassurances from vendors. They certainly do not have the time or interest to secure their systems. Therefore, it is the most important policy that any unsecured desktop system be treated as just that, unsecured. There is some good virus detection software available that could help with this problem.

I think that it is fair to say that some desktop systems will become infected with viruses or Trojan horses and that the design of the company's network and important software should take this into consideration. It would be unusual for a virus or Trojan to be so sophisticated and targeted that, after it took control of a PC, it would capture, say, the password to a company's client/server-based order entry system and generate bogus orders.

Still, for high-security (important) applications, these systems should not have access to the Internet, nor should they have floppy or CD-ROM drives that a user could use to unknowingly load rogue software purporting to be, perhaps, a screen saver. Certainly, no software should be allowed that causes execution of arbitrary code that is received from the Internet unsolicited.

This rule is violated by Microsoft's Office Suite, with disastrous results. This well-known security bug in the Suite allowed the ILOVEYOU worm to cause an estimated $15 billion in damages around the world in a few days in May of 2000, according to Lloyd's of London. (Some people question this estimate.) The damage would have been much worse had companies not learned a little from the Melissa worm a year before. By "learned a little," it is meant that many companies set up sophisticated firewalls that could guard against known threats and have put plans in place for fast response to similar problems in the future. Most did not learn enough to not allow execution of arbitrary unsolicited code.

Linux has the capability to detect and block these known specific attacks. The Snort open source package can detect this; its uses, including the example configuration to detect the ILOVEYOU worm, are discussed in "The Snort Attack Detector" on page 598. We discuss blocking it in "Using Sendmail to Block E-Mail Attacks" on page 393.


It is important to note that although the vast majority of Linux boxes do not suffer from this problem, it is due to common configuration and not to any inherent invincibility. It is possible to configure Linux boxes to execute arbitrary unsolicited code from the Internet or from a company's LAN. It is critical to check for this possibility. There are two principal places where this capability can be configured:

  1. /etc/mailcap

    See "/etc/mailcap" on page 136 for a discussion on dangerous /etc/mailcap entries.

  2. Netscape

    See "Important Netscape Preferences" on page 262 for how to protect your users from this attack.
   
Top

Previous page
Table of content
Next page
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 260
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Java for RPG Programmers, 2nd Edition
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy