Basic LinuxSystem Security Bill Stearns Senior Research Engineer

Basic Linux/System Security Bill Stearns, Senior Research Engineer Institute for Security Technology Studies, Investigative Research for Infrastructure Assurance Dartmouth College 19 Jun 2001 New Jersey Infragard

Physical Security • Physical access to machines • Switches instead of hubs 19 Jun 2001 New Jersey Infragard

Principle of least privilege • Fewest accounts necessary • Fewest open ports necessary • Fewest running applications 19 Jun 2001 New Jersey Infragard

Root Account • Used as little as possible – Master key to a building – Apps use other accounts, if possible – People use su, sudo • http: //www. ists. dartmouth. edu/IRIA/knowle dge_base/linuxinfo/sudo. v 80. htm 19 Jun 2001 New Jersey Infragard

Passwords • • >=7 characters Mixed case, letters and symbols Not names or words Keep private Don’t leave them out in the open Change once a month to 6 months Passphrases http: //www. ists. dartmouth. edu/IRIA/knowledge_b ase/linuxinfo/essential_host_security. htm 19 Jun 2001 New Jersey Infragard

Open ports • Close all unneeded applications – “netstat –anp” or lsof to see what’s open – Ntsysv, linuxconf to shut down • Firewalls as a special case for a network • Disable, or at least limit, file sharing • http: //www. ists. dartmouth. edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm 19 Jun 2001 New Jersey Infragard

Plaintext network connections • Email, telnet, web traffic • Sniffers • http: //www. ists. dartmouth. edu/IRIA/knowle dge_base/linuxinfo/ssh-intro. htm 19 Jun 2001 New Jersey Infragard

Encrypted network connections • Ssh – Terminal session – File copying – Other TCP connections • http: //www. ists. dartmouth. edu/IRIA/knowledge_b ase/linuxinfo/ssh-techniques. v 0. 81. htm • IPSec – All packets traveling between systems or networks – http: //www. freeswan. org • https web servers http: //httpd. apache. org/related_projects. html 19 Jun 2001 New Jersey Infragard

Package updates • Available from Linux distribution vendor – Sign up for announcements list – Use automated update tools: up 2 date, red carpet • http: //www. ists. dartmouth. edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm 19 Jun 2001 New Jersey Infragard

Intrusion Detection System • Snort – Reports on attack packets based on a regularly updated signature file – Install inside the firewall • http: //www. snort. org 19 Jun 2001 New Jersey Infragard

Advanced techniques • Audited OS: Open. BSD http: //www. openbsd. org • Stack overflow protected OS: Immunix http: //www. immunix. org • Chroot applications, capabilities • Virtual machines: VMWare and UML • http: //www. vmware. com, http: //www. user-modelinux. sourceforge. net • TCFS http: //tcfs. dia. unisa. it 19 Jun 2001 New Jersey Infragard

Resources • Distribution security announcements list • ISTS Knowledgebase http: //www. ists. dartmouth. edu/IRIA/knowledge_b ase/index. htm – Worm characterizations and removal tools – Linux and network security papers covering many of today’s topics • Ssh key installer ftp: //ftp. stearns. org • Sans training http: //www. sans. org • Bastille Linux http: //www. bastille-linux. org 19 Jun 2001 New Jersey Infragard

Thanks • Les Morton, PSEG and Jim O’Neill NJ Infra. Gard for inviting me • ISTS and George Cybenko for sponsoring the presentation 19 Jun 2001 New Jersey Infragard

Contact • http: //www. ists. dartmouth. edu/IRIA/ • William Stearns wstearns@ists. dartmouth. edu • Questions? 19 Jun 2001 New Jersey Infragard