Slashdot Mirror
comp.os.linux.security FAQ
$kr1p7_k177y wrote to us regarding Daniel Swan's release of the comp.os.linux.security FAQ. It's what you'd imagine, but with the growth lately, this should be helpful tool. There's also an interview with him that sheds more light on the reasons behind the FAQ.
Q: How do I secure Linux?
A: Install BSD.
Overall pretty good, but there are a few (minor) points..
:o)
:o)
First, your firewall should always be initialized before initializing the network interface, not after... initializing it after your network comes up means that there is a period (however small) that your machine is vulnerable (or, more vulnerable than it could be
Second, blocking all inbound pings can (potentially) cause problems with things such as DHCP.. (most DHCP servers attempt to ping an address before they issue it, to determine if it's in use or not..) if the DHCP server's lease database becomes corrupt/invalid (because of a network/hardware failure, for example), it could give your IP address to someone else, because your machine doesn't answer the ping..
Third, he misspelled Kurt Seifried's name (I think that Seigfreid is a magician from Vegas
Other than that, a pretty good start..
The FAQ uses `hackers' as its term for malicious attackers, rather than engineers.
Surely the Open Source world knows of this distinction, and this could be reflected in the FAQ?
Isn't this more of a server concern? I mean, even if my system was "compromised" (the official-sounding wording in the FAQ) why would I truly care? There is nothing on my system that denotes anything that would need to be truly secure (just some personal writing), and if things were deleted I keep regular backups. Privacy is not a concern (I keep no credit card or checkbook numbers on my box).
Most crackers probably aren't interested at all in your private stuff, except perhaps your ISP data (login, password) so they can use your account to get on the net. The thing crackers are interested in is your box itself as a base for further attacks. A cracker with root access can easily manipulate your log files, so when an attack is traced back to your box, you have no proof that it wasn't you who broke in that government machine and downloaded top secret information...
All-in-all, would I even need security if there wasn't the internet? If the machine was just sitting in my room and the only thing that could "attack it" is a 12-year old brother with a misladen hockey stick? Probably not. Sometimes I think this whole bent-up security "focus" of computer hackers comes from their own inherent distrust and annoyance psychologically with the rest of the world.
If you have no net connection and no private data on the machine, security would't be much of an issue. But with an internet connection security simply has to be considered. If you live in a peaceful neighborhood with none or just a few break-ins a year, you probably would't care too much for a state-of-the-art alarm system. Now consider that some unknown guy from somewhere far away develops the Burgle-O-Matic(tm) which can ransack 1000 homes per minute, is operated from a safe haven outside your reach and is available for free to anyone who manages to find it. It also ruins your door even if it can't break in, and you can expect it to come around every other day. Would you just buy a wagonload of new doors every month, or would you rather install a Break-O-Burgle (Guaranteed To Stop Any Brand Of Burgle-O-Matic(tm) At Least Ten Yards Before Your Door)(tm)?
--
Cthulhu fhtagn!
No?