Scribd Logo
Upload

Welcome to Scribd!

  • Basic Linux Security

    Uploaded by

    Faisal Khan
    22 views14 pages
    Basic Linux / system security by bill stearns. Principle of least privilege Fewest accounts necessary Fewest open ports necessary Fewest running applications. "Netstat -anp" or lsof to see what's open - "ntsysv, linuxconf to shut down" firewalls as a special case for a network Disable, or at least limit, file sharing.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Basic Linux / system security by bill stearns. Principle of least privilege Fewest accounts necessary Fewest open ports necessary Fewest running applications. "Netstat -anp" or lsof to see what's open - "ntsysv, linuxconf to shut down" firewalls as a special case for a network Disable, or at least limit, file sharing.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views14 pages

    Basic Linux Security

    Uploaded by

    Faisal Khan
    Basic Linux / system security by bill stearns. Principle of least privilege Fewest accounts necessary Fewest open ports necessary Fewest running applications. "Netstat -anp" or lsof to see what's open - "ntsysv, linuxconf to shut down" firewalls as a special case for a network Disable, or at least limit, file sharing.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Basic Linux/System Security

    Bill Stearns, Senior Research Engineer Institute for Security Technology Studies, Investigative Research for Infrastructure Assurance Dartmouth College

    19 Jun 2001

    New Jersey Infragard

    Physical Security
    Physical access to machines Switches instead of hubs

    19 Jun 2001

    New Jersey Infragard

    Principle of least privilege


    Fewest accounts necessary Fewest open ports necessary Fewest running applications

    19 Jun 2001

    New Jersey Infragard

    Root Account
    Used as little as possible
    Master key to a building Apps use other accounts, if possible People use su, sudo

    http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/sudo.v80.htm

    19 Jun 2001

    New Jersey Infragard

    Passwords
    >=7 characters Mixed case, letters and symbols Not names or words Keep private Dont leave them out in the open Change once a month to 6 months Passphrases http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/essential_host_security.htm
    New Jersey Infragard 5

    19 Jun 2001

    Open ports
    Close all unneeded applications
    netstat anp or lsof to see whats open Ntsysv, linuxconf to shut down

    Firewalls as a special case for a network Disable, or at least limit, file sharing http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm
    19 Jun 2001 New Jersey Infragard 6

    Plaintext network connections


    Email, telnet, web traffic Sniffers http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/ssh-intro.htm

    19 Jun 2001

    New Jersey Infragard

    Encrypted network connections


    Ssh
    Terminal session File copying Other TCP connections

    http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/ssh-techniques.v0.81.htm IPSec


    All packets traveling between systems or networks http://www.freeswan.org

    https web servers http://httpd.apache.org/related_projects.html


    19 Jun 2001 New Jersey Infragard 8

    Package updates
    Available from Linux distribution vendor
    Sign up for announcements list Use automated update tools: up2date, red carpet

    http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm

    19 Jun 2001

    New Jersey Infragard

    Intrusion Detection System


    Snort
    Reports on attack packets based on a regularly updated signature file Install inside the firewall

    http://www.snort.org

    19 Jun 2001

    New Jersey Infragard

    10

    Advanced techniques
    Audited OS: OpenBSD http://www.openbsd.org Stack overflow protected OS: Immunix http://www.immunix.org Chroot applications, capabilities Virtual machines: VMWare and UML http://www.vmware.com, http://www.user-modelinux.sourceforge.net TCFS http://tcfs.dia.unisa.it
    19 Jun 2001 New Jersey Infragard 11

    Resources
    Distribution security announcements list ISTS Knowledgebase http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/index.htm
    Worm characterizations and removal tools Linux and network security papers covering many of todays topics

    Ssh key installer ftp://ftp.stearns.org Sans training http://www.sans.org Bastille Linux http://www.bastille-linux.org
    19 Jun 2001 New Jersey Infragard 12

    Thanks
    Les Morton, PSEG and Jim ONeill NJ InfraGard for inviting me ISTS and George Cybenko for sponsoring the presentation

    19 Jun 2001

    New Jersey Infragard

    13

    Contact
    http://www.ists.dartmouth.edu/IRIA/ William Stearns wstearns@ists.dartmouth.edu Questions?

    19 Jun 2001

    New Jersey Infragard

    14

    You might also like