FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-28-2007, 05:53 AM
Bruno Wolff III
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

On Thu, Dec 27, 2007 at 11:10:47 -0800,
"Daniel B. Thurman" <dant@cdkkt.com> wrote:
>
> I have finally got my F8 setup and running so now I am reviewing the
> security issues that needs to be taken into account.
>
> I have looked into trying many things to protect and harden my systems,
> but I thought I'd ask members what they are doing/using to defend their
> systems against attacks and unwanted intrusions? Would it be neat
> if there was an automatic non-human defender to do it for you while you
> sleep? Dream on.
>
> I would like to focus on securing Fedora. I have tried snort w/Base etc.,
> Tripwire, Fam, nmap, Iptable techniques, and so on.
>
> Does anyone have any advice, links to great sites focused on security
> and how to secure your linux box against intrusions and attacks?

What are your theats and what services do you need to provide?

The standard things are to run selinux in enforcing mode and have a firewall
set to block inbound connections except to a whitelist of allowed ports.

If you are worried about your machine being stolen (or searched by law
enforcement) then you will want to use some sort of encryption.

Physical security is also a consideration, but may not be very practical
for a home machine.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-29-2007, 12:12 PM
"Tod Merley"
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant@cdkkt.com> wrote:
>
> I have finally got my F8 setup and running so now I am reviewing the
> security issues that needs to be taken into account.
>
> I have looked into trying many things to protect and harden my systems,
> but I thought I'd ask members what they are doing/using to defend their
> systems against attacks and unwanted intrusions? Would it be neat
> if there was an automatic non-human defender to do it for you while you
> sleep? Dream on.
>
> I would like to focus on securing Fedora. I have tried snort w/Base etc.,
> Tripwire, Fam, nmap, Iptable techniques, and so on.
>
> Does anyone have any advice, links to great sites focused on security
> and how to secure your linux box against intrusions and attacks?
>
> Thanks!
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM
>
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>

Hi Daniel B. Thurman!

It is late so topics only for tonight:

1. Turn off services you do not use.
2. Make your computer "silent" to all but those who use it - e.g. turn
off ping - e.g. use a door knock protocol on a non-standard port for
ssh to access ssh (give no reply to those who knock on the normal port
and respond to only your special "knock" on your non-standard port),
3. Have a constant background scan done for virus, root kit, e-mail,
changes in critical files, port scan, log files (logwatch), and
audits for suspicious activity. This can and should be "niced" to not
interfere with normal operations.
4. Google "pen testing". C/o osstmm.
5. Honeypots!
6. Backup your "used" areas often and in a number of different ways.
I use flash drives, CDs, and other portions of the local or remote
hard drives. I also tend to put an occasional file in an obscure
e-mail account. Be ready to "wipe and re-load" efficiently. I have
played with the idea of using "ghosted" "snapshots" for this purpose
but have only taken that to the idea level. Tar is becoming a friend.
7. Do planned "wipe and re-loads" several times a year. For that
matter, if you simply save your used areas and then wipe and load the
new version of your distro when it comes out that is probably enough.
Be ready to restore to where you were if you need to.

Ok, I lied - the one link I will give you has some very good ones at
the end. Note the crazy quotes and the interesting message box near
the end:

http://en.wikipedia.org/wiki/Computer_security

Enjoy!

Tod

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-29-2007, 12:24 PM
Karl Larsen
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

Tod Merley wrote:

On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant@cdkkt.com> wrote:


I have finally got my F8 setup and running so now I am reviewing the
security issues that needs to be taken into account.

I have looked into trying many things to protect and harden my systems,
but I thought I'd ask members what they are doing/using to defend their
systems against attacks and unwanted intrusions? Would it be neat
if there was an automatic non-human defender to do it for you while you
sleep? Dream on.

I would like to focus on securing Fedora. I have tried snort w/Base etc.,
Tripwire, Fam, nmap, Iptable techniques, and so on.

Does anyone have any advice, links to great sites focused on security
and how to secure your linux box against intrusions and attacks?

Thanks!


No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list




Hi Daniel B. Thurman!

It is late so topics only for tonight:

1. Turn off services you do not use.
2. Make your computer "silent" to all but those who use it - e.g. turn
off ping - e.g. use a door knock protocol on a non-standard port for
ssh to access ssh (give no reply to those who knock on the normal port
and respond to only your special "knock" on your non-standard port),
3. Have a constant background scan done for virus, root kit, e-mail,
changes in critical files, port scan, log files (logwatch), and
audits for suspicious activity. This can and should be "niced" to not
interfere with normal operations.
4. Google "pen testing". C/o osstmm.
5. Honeypots!
6. Backup your "used" areas often and in a number of different ways.
I use flash drives, CDs, and other portions of the local or remote
hard drives. I also tend to put an occasional file in an obscure
e-mail account. Be ready to "wipe and re-load" efficiently. I have
played with the idea of using "ghosted" "snapshots" for this purpose
but have only taken that to the idea level. Tar is becoming a friend.
7. Do planned "wipe and re-loads" several times a year. For that
matter, if you simply save your used areas and then wipe and load the
new version of your distro when it comes out that is probably enough.
Be ready to restore to where you were if you need to.

Ok, I lied - the one link I will give you has some very good ones at
the end. Note the crazy quotes and the interesting message box near
the end:

http://en.wikipedia.org/wiki/Computer_security

Enjoy!

Tod


From my own experience I learned you need to use real good passwords
on EVERYTHING. I thought my user password was safe because no one can
get to that. WRONG. A ssh connection can use your weak user password to
get in.


So use passwords that include letters upper and lower case and
numbers. Then sleep well at night.


Karl


--

Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-29-2007, 01:35 PM
Ed Greshko
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

Tod Merley wrote:
> On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant@cdkkt.com> wrote:
>> I have finally got my F8 setup and running so now I am reviewing the
>> security issues that needs to be taken into account.
>>
>> I have looked into trying many things to protect and harden my systems,
>> but I thought I'd ask members what they are doing/using to defend their
>> systems against attacks and unwanted intrusions? Would it be neat
>> if there was an automatic non-human defender to do it for you while you
>> sleep? Dream on.
>>
>> I would like to focus on securing Fedora. I have tried snort w/Base etc.,
>> Tripwire, Fam, nmap, Iptable techniques, and so on.
>>
>> Does anyone have any advice, links to great sites focused on security
>> and how to secure your linux box against intrusions and attacks?
>>
>> Thanks!
>>
>>
>> No virus found in this outgoing message.
>> Checked by AVG Free Edition.
>> Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM
>>
>>
>> --
>> fedora-list mailing list
>> fedora-list@redhat.com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
>
> Hi Daniel B. Thurman!
>
> It is late so topics only for tonight:
>
> 1. Turn off services you do not use.
> 2. Make your computer "silent" to all but those who use it - e.g. turn
> off ping - e.g. use a door knock protocol on a non-standard port for
> ssh to access ssh (give no reply to those who knock on the normal port
> and respond to only your special "knock" on your non-standard port),
> 3. Have a constant background scan done for virus, root kit, e-mail,
> changes in critical files, port scan, log files (logwatch), and
> audits for suspicious activity. This can and should be "niced" to not
> interfere with normal operations.
> 4. Google "pen testing". C/o osstmm.
> 5. Honeypots!
> 6. Backup your "used" areas often and in a number of different ways.
> I use flash drives, CDs, and other portions of the local or remote
> hard drives. I also tend to put an occasional file in an obscure
> e-mail account. Be ready to "wipe and re-load" efficiently. I have
> played with the idea of using "ghosted" "snapshots" for this purpose
> but have only taken that to the idea level. Tar is becoming a friend.
> 7. Do planned "wipe and re-loads" several times a year. For that
> matter, if you simply save your used areas and then wipe and load the
> new version of your distro when it comes out that is probably enough.
> Be ready to restore to where you were if you need to.
>
> Ok, I lied - the one link I will give you has some very good ones at
> the end. Note the crazy quotes and the interesting message box near
> the end:
>
> http://en.wikipedia.org/wiki/Computer_security

You forgot one very important item.

Whatever you do, don't be paranoid...unless someone is really out to get you.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-29-2007, 01:46 PM
Abhishek Rane
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

Karl Larsen wrote:

Tod Merley wrote:

On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant@cdkkt.com> wrote:


I have finally got my F8 setup and running so now I am reviewing the
security issues that needs to be taken into account.

I have looked into trying many things to protect and harden my systems,
but I thought I'd ask members what they are doing/using to defend their
systems against attacks and unwanted intrusions? Would it be neat
if there was an automatic non-human defender to do it for you while you
sleep? Dream on.

I would like to focus on securing Fedora. I have tried snort w/Base
etc.,

Tripwire, Fam, nmap, Iptable techniques, and so on.

Does anyone have any advice, links to great sites focused on security
and how to secure your linux box against intrusions and attacks?

Thanks!


No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date:
12/26/2007 5:26 PM



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list




Hi Daniel B. Thurman!

It is late so topics only for tonight:

1. Turn off services you do not use.
2. Make your computer "silent" to all but those who use it - e.g. turn
off ping - e.g. use a door knock protocol on a non-standard port for
ssh to access ssh (give no reply to those who knock on the normal port
and respond to only your special "knock" on your non-standard port),
3. Have a constant background scan done for virus, root kit, e-mail,
changes in critical files, port scan, log files (logwatch), and
audits for suspicious activity. This can and should be "niced" to not
interfere with normal operations.
4. Google "pen testing". C/o osstmm.
5. Honeypots!
6. Backup your "used" areas often and in a number of different ways.
I use flash drives, CDs, and other portions of the local or remote
hard drives. I also tend to put an occasional file in an obscure
e-mail account. Be ready to "wipe and re-load" efficiently. I have
played with the idea of using "ghosted" "snapshots" for this purpose
but have only taken that to the idea level. Tar is becoming a friend.
7. Do planned "wipe and re-loads" several times a year. For that
matter, if you simply save your used areas and then wipe and load the
new version of your distro when it comes out that is probably enough.
Be ready to restore to where you were if you need to.

Ok, I lied - the one link I will give you has some very good ones at
the end. Note the crazy quotes and the interesting message box near
the end:

http://en.wikipedia.org/wiki/Computer_security

Enjoy!

Tod


From my own experience I learned you need to use real good
passwords on EVERYTHING. I thought my user password was safe because
no one can get to that. WRONG. A ssh connection can use your weak user
password to get in.


So use passwords that include letters upper and lower case and
numbers. Then sleep well at night.


Karl


Also to add ..There is a book called Hacking Exposed ..It would be very
helpful to you.It exposes a lot of linux/unix
vulnerabilities..http://www.hackingexposed.com/


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-29-2007, 09:43 PM
John Summerfield
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

Tod Merley wrote:

On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant@cdkkt.com> wrote:

I have finally got my F8 setup and running so now I am reviewing the
security issues that needs to be taken into account.

I have looked into trying many things to protect and harden my systems,
but I thought I'd ask members what they are doing/using to defend their
systems against attacks and unwanted intrusions? Would it be neat
if there was an automatic non-human defender to do it for you while you
sleep? Dream on.

I would like to focus on securing Fedora. I have tried snort w/Base etc.,
Tripwire, Fam, nmap, Iptable techniques, and so on.

Does anyone have any advice, links to great sites focused on security
and how to secure your linux box against intrusions and attacks?

Thanks!


No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



Hi Daniel B. Thurman!

It is late so topics only for tonight:

1. Turn off services you do not use.
2. Make your computer "silent" to all but those who use it - e.g. turn
off ping - e.g. use a door knock protocol on a non-standard port for
ssh to access ssh (give no reply to those who knock on the normal port
and respond to only your special "knock" on your non-standard port),


imv turning off ping is highly overrated, and introduces management
problems.


My technique that I've already posted all-but prevents password scans.



3. Have a constant background scan done for virus, root kit, e-mail,
changes in critical files, port scan, log files (logwatch), and
audits for suspicious activity. This can and should be "niced" to not
interfere with normal operations.


One can't really trust a computer to diagnose itself.


4. Google "pen testing". C/o osstmm.
5. Honeypots!


Really! They may be useful for detecting the ungodly, but they do
nothing to add to one's security. Quite the reverse, you must assume
that the ungodly have a nest in your midst.




6. Backup your "used" areas often and in a number of different ways.
I use flash drives, CDs, and other portions of the local or remote
hard drives. I also tend to put an occasional file in an obscure
e-mail account. Be ready to "wipe and re-load" efficiently. I have
played with the idea of using "ghosted" "snapshots" for this purpose
but have only taken that to the idea level. Tar is becoming a friend.


flash drives are too easy to corrupt. I'm fairly careful with such
things, but one of mine lost its partition table. In my case recovery
was easy because I knew that copying the first sector from an identical
other drive would repair it.



7. Do planned "wipe and re-loads" several times a year. For that
matter, if you simply save your used areas and then wipe and load the
new version of your distro when it comes out that is probably enough.
Be ready to restore to where you were if you need to.


That will cause more grief than it is ever likely to save. If you're
running a serious server, you're off the air for some time. A server
that's down isn't earning you money.


You will need to spend time reconfiguring stuff, and I don't know about
you, but I have better things to do. Probably, the reconfiguring will
result in unintended changes that need to be fixed.




Ok, I lied - the one link I will give you has some very good ones at
the end. Note the crazy quotes and the interesting message box near
the end:

http://en.wikipedia.org/wiki/Computer_security


In Wikipedia, read the warnings, and consider the verifiable expertise
of the author(s).


--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-30-2007, 01:08 AM
"Tod Merley"
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

On Dec 29, 2007 2:43 PM, John Summerfield <debian@herakles.homelinux.org> wrote:
>
> Tod Merley wrote:
> > On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant@cdkkt.com> wrote:
> >> I have finally got my F8 setup and running so now I am reviewing the
> >> security issues that needs to be taken into account.

> >> I would like to focus on securing Fedora. I have tried snort w/Base etc.,
> >> Tripwire, Fam, nmap, Iptable techniques, and so on.
> >>
> >> Does anyone have any advice, links to great sites focused on security
> >> and how to secure your linux box against intrusions and attacks?
> >>
> >> Thanks!
> >
> > Hi Daniel B. Thurman!
> >
> > It is late so topics only for tonight:
> >
> > 1. Turn off services you do not use.
> > 2. Make your computer "silent" to all but those who use it - e.g. turn
> > off ping - e.g. use a door knock protocol on a non-standard port for
> > ssh to access ssh (give no reply to those who knock on the normal port
> > and respond to only your special "knock" on your non-standard port),
>
> imv turning off ping is highly overrated, and introduces management
> problems.
>
> My technique that I've already posted all-but prevents password scans.
>

But why let them know where you are in the first place???

>
> > 3. Have a constant background scan done for virus, root kit, e-mail,
> > changes in critical files, port scan, log files (logwatch), and
> > audits for suspicious activity. This can and should be "niced" to not
> > interfere with normal operations.
>
> One can't really trust a computer to diagnose itself.
>
I do agree!

Yet why not use those "brains" on the machine that are uncompromised
to see that we are compromised so we can start to do something about
it?

Thanks for the pointer though. I have considered containing all of
the on box security in a virtual machine (well, most of it anyway).
As well, why not have a separate box do the file scans, log checking,
etc...?
>
> > 4. Google "pen testing". C/o osstmm.
> > 5. Honey pots!
>
> Really! They may be useful for detecting the ungodly, but they do
> nothing to add to one's security. Quite the reverse, you must assume
> that the ungodly have a nest in your midst.
>
Do not soldiers train with live ammo? Do you find out if something is
waterproof by exposing it to sunlight?

I have noted with interest that Penetration Testing has become an
expected part of any good security audit. I believe it is not only
expected, it is practically required.

I would rather find out that my car leaks in my driveway with a water
hose than tragically on the highway! Any day! That way I find the
leak in a way I can clean it up.

Honey pots are more of a risk I would agree. Containment is a real
issue since the goal of many exploiters is to use your machine to
spread their wares. I guess I am hoping that the containment issues
can be resolved so we can have them as a tool to see what got in -
what it was and how it grows - hopefully to be able to go and deal
with it's progenitor.
>
> > 6. Backup your "used" areas often and in a number of different ways.
> > I use flash drives, CDs, and other portions of the local or remote
> > hard drives. I also tend to put an occasional file in an obscure
> > e-mail account. Be ready to "wipe and re-load" efficiently. I have
> > played with the idea of using "ghosted" "snapshots" for this purpose
> > but have only taken that to the idea level. Tar is becoming a friend.
>
> flash drives are too easy to corrupt. I'm fairly careful with such
> things, but one of mine lost its partition table. In my case recovery
> was easy because I knew that copying the first sector from an identical
> other drive would repair it.
>
What I like about them is that they are convenient, espically for a
laptop. Since they are fairly cheap what I do is always have and use
more than two. Loose one, not happy with that but little loss.
>
> > 7. Do planned "wipe and re-loads" several times a year. For that
> > matter, if you simply save your used areas and then wipe and load the
> > new version of your distro when it comes out that is probably enough.
> > Be ready to restore to where you were if you need to.
>
> That will cause more grief than it is ever likely to save. If you're
> running a serious server, you're off the air for some time. A server
> that's down isn't earning you money.
>
You yourself said:

"What you need to do depends on what you're trying to protect. If you're
not running any servers, then things are pretty cheesy - you only need
to worry about invited data (websites you visit, email you receive and
such)...."

I certainly agree with the first part, but somewhere in the
neighborhood of some six million compromised machines out there now
doing the bidding of organized crime make me down right angry at the
second part of the statement.

I agree with Mr. Spafford:

" The only truly secure system is one that is powered off, cast in a
block of concrete and sealed in a lead-lined room with armed guards -
and even then I have my doubts. "

-- Eugene H. Spafford, director of the Purdue Center for
Education and Research in Information Assurance and Security.

If there were a dread disease amongst us, you would do well to keep
your immune system maintained -- lest you be quarantined!
>
>
> You will need to spend time reconfiguring stuff, and I don't know about
> you, but I have better things to do. Probably, the reconfiguring will
> result in unintended changes that need to be fixed.
>
>
In my case I am learning Linux, having fun, and the time is not
critical to what is happening. I would not consider introducing an
untested and unapproved system into a commercial environment. I
consider an "upgraded" box as untested. I absolutely agree with you
about upgrades, they scare me too! In a commercial environment I
believe that the upgrades should go into a test environment and get
placed on the floor if they actually appear to make the grade, and
slowly at that.
>
> >
> > Ok, I lied - the one link I will give you has some very good ones at
> > the end. Note the crazy quotes and the interesting message box near
> > the end:
> >
> > http://en.wikipedia.org/wiki/Computer_security
>
> In Wikipedia, read the warnings, and consider the verifiable expertise
> of the author(s).
>
Well spoken!
>
> Cheers
> John
>
Have a great week John. I enjoy your many contributions to this list!

With appreciation!

Tod

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-30-2007, 06:08 AM
John Summerfield
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

Tod Merley wrote:

On Dec 29, 2007 2:43 PM, John Summerfield <debian@herakles.homelinux.org> wrote:

Tod Merley wrote:

On Dec 27, 2007 11:10 AM, Daniel B. Thurman <dant@cdkkt.com> wrote:

I have finally got my F8 setup and running so now I am reviewing the
security issues that needs to be taken into account.



I would like to focus on securing Fedora. I have tried snort w/Base etc.,
Tripwire, Fam, nmap, Iptable techniques, and so on.

Does anyone have any advice, links to great sites focused on security
and how to secure your linux box against intrusions and attacks?

Thanks!

Hi Daniel B. Thurman!

It is late so topics only for tonight:

1. Turn off services you do not use.
2. Make your computer "silent" to all but those who use it - e.g. turn
off ping - e.g. use a door knock protocol on a non-standard port for
ssh to access ssh (give no reply to those who knock on the normal port
and respond to only your special "knock" on your non-standard port),

imv turning off ping is highly overrated, and introduces management
problems.

My technique that I've already posted all-but prevents password scans.



But why let them know where you are in the first place???


I run a mail server, finding me is no great difficulty.




3. Have a constant background scan done for virus, root kit, e-mail,
changes in critical files, port scan, log files (logwatch), and
audits for suspicious activity. This can and should be "niced" to not
interfere with normal operations.

One can't really trust a computer to diagnose itself.


I do agree!

Yet why not use those "brains" on the machine that are uncompromised
to see that we are compromised so we can start to do something about
it?

Thanks for the pointer though. I have considered containing all of
the on box security in a virtual machine (well, most of it anyway).
As well, why not have a separate box do the file scans, log checking,
etc...?

4. Google "pen testing". C/o osstmm.
5. Honey pots!

Really! They may be useful for detecting the ungodly, but they do
nothing to add to one's security. Quite the reverse, you must assume
that the ungodly have a nest in your midst.


Do not soldiers train with live ammo? Do you find out if something is
waterproof by exposing it to sunlight?


They don't generally invite the opposition into the camp, and that's
what you propose.






I have noted with interest that Penetration Testing has become an
expected part of any good security audit. I believe it is not only
expected, it is practically required.


The trouble one needs to take to implement security depends on what one
has to protect.


the first step is to choose software that is and will be properly
supported into the future, and that means _not_ Fedora. There are
hardened Linux disros around, and there are NetBSD and OpenBSD:

---
NetBSD is a free, secure, and highly portable Unix-like Open Source
operating system available for many platforms, from large-scale server
systems to powerful desktop systems to handheld and embedded devices.

---
Only two remote holes in the default install, in more than 10 years!

The OpenBSD project produces a FREE, multi-platform 4.4BSD-based
UNIX-like operating system. Our efforts emphasize portability,
standardization, correctness, proactive security and integrated
cryptography. OpenBSD supports binary emulation of most programs from
SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX.

---

In contrast:
Fedora is a Linux-based operating system that showcases the latest in
free and open source software.


and I note that RH doesn't highlight security at all, that's I could
find in three clicks.





I would rather find out that my car leaks in my driveway with a water
hose than tragically on the highway! Any day! That way I find the
leak in a way I can clean it up.

Honey pots are more of a risk I would agree. Containment is a real
issue since the goal of many exploiters is to use your machine to
spread their wares. I guess I am hoping that the containment issues
can be resolved so we can have them as a tool to see what got in -
what it was and how it grows - hopefully to be able to go and deal
with it's progenitor.


You will never find out who got into anything but the honeypot, by
looking at the honeypot. Nor is one likely to highlight the viruses and
trojans your users download in their web content and email.


If there's a place for a honeypot in aiding security (and having
considered it for some years I doubt it), it's in an organisation with a
well-trained security team with the resources to set one up, isolate it
from the rest of the organisation, and monitor it.


It's not for a relative beginner who's just installed his first Linux
box and us confused about all the attacks he sees.



6. Backup your "used" areas often and in a number of different ways.
I use flash drives, CDs, and other portions of the local or remote
hard drives. I also tend to put an occasional file in an obscure
e-mail account. Be ready to "wipe and re-load" efficiently. I have
played with the idea of using "ghosted" "snapshots" for this purpose
but have only taken that to the idea level. Tar is becoming a friend.

flash drives are too easy to corrupt. I'm fairly careful with such
things, but one of mine lost its partition table. In my case recovery
was easy because I knew that copying the first sector from an identical
other drive would repair it.


What I like about them is that they are convenient, espically for a
laptop. Since they are fairly cheap what I do is always have and use
more than two. Loose one, not happy with that but little loss.


bank account details? SS number for Americans. Information about you
that could lead to someone else knowing enough about you to present
himself as you?





7. Do planned "wipe and re-loads" several times a year. For that
matter, if you simply save your used areas and then wipe and load the
new version of your distro when it comes out that is probably enough.
Be ready to restore to where you were if you need to.

That will cause more grief than it is ever likely to save. If you're
running a serious server, you're off the air for some time. A server
that's down isn't earning you money.


You yourself said:

"What you need to do depends on what you're trying to protect. If you're
not running any servers, then things are pretty cheesy - you only need
to worry about invited data (websites you visit, email you receive and
such)...."

I certainly agree with the first part, but somewhere in the
neighborhood of some six million compromised machines out there now
doing the bidding of organized crime make me down right angry at the
second part of the statement.


and reinstalling them all the time would be of limited benefit. However,
keeping up to date with vendor fixes, using firefox and thunderbird
instead of Internet Exploder and Lookout Express (these are mostly
Windows boxes) _would_ help.


A little while ago, I bought a Thinkpad R40 at auction. It had Windows
XP SP2 professional more-or-less installed, ready for me to provide a
few personal details.


It did not present me with an opportunity to set a password for
Administrator, it did create my user account[1] as an administrator (and
wouldn't let me change that), and I don't recall it wanted a password
for that either. Further user accounts also are administrators, unless
the administrator chooses otherwise.


Reinstalling every six months or so would simply exacerbate the problem.

[1] I knew that was coming, so my first user account I named "admin" and
I then created another, less privileged, account.




If there were a dread disease amongst us, you would do well to keep
your immune system maintained -- lest you be quarantined!


Better, a shield and keep the opposition on the other side.



You will need to spend time reconfiguring stuff, and I don't know about
you, but I have better things to do. Probably, the reconfiguring will
result in unintended changes that need to be fixed.



In my case I am learning Linux, having fun, and the time is not
critical to what is happening. I would not consider introducing an
untested and unapproved system into a commercial environment. I
consider an "upgraded" box as untested. I absolutely agree with you
about upgrades, they scare me too! In a commercial environment I
believe that the upgrades should go into a test environment and get
placed on the floor if they actually appear to make the grade, and
slowly at that.


and that precluded reinstalling all the time just because "it seems a
good idea." It might be okay for you, helping achieve your wish to learn
about Linux; I have a selection of alternative hardware for that, and do
not play those games on anything important.





--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-30-2007, 07:01 AM
Les Mikesell
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

John Summerfield wrote:


and I note that RH doesn't highlight security at all, that's I could
find in three clicks.


http://www.redhatmagazine.com/2007/04/18/risk-report-two-years-of-red-hat-enterprise-linux-4/
is possibly self-serving but seems pretty realistic to me.

--
Les Mikesell
lesmikesell@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-30-2007, 08:49 AM
Tim
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

On Sun, 2007-12-30 at 08:03 +0800, Ed Greshko wrote:
> It was more than a year ago when I attempted to install a Windows 2000
> system directly connected to the internet. In fact, before the system
> was fully updated with security patches it had been compromised. I
> didn't time it, but it certainly was less than 30 minutes.

That happened to a friend of mine. It was something like four seconds
after connecting to his ISP he got infected, despite my warnings about
putting a firewall on first. He didn't think he'd need it, he had
anti-virus software installed, and thought nothing could happen that
quickly, despite my assurances to the contrary.

To make matters worse, he couldn't remove the infection - his anti-virus
software didn't stop the infection, and wouldn't remove it. So he
reformatted and re-installed. An hour or so later he reconnected, and
got infected just the same way, and in just a few seconds, and couldn't
undo the damage (the virus was better at protecting itself than Windows
was). I nearly fell off the chair laughing at him.

--
[tim@bigblack ~]$ uname -ipr
2.6.23.1-10.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 09:27 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org