[95930] in RedHat Linux List
Re: Security for (SOHO) Newbies
daemon@ATHENA.MIT.EDU (Mike Johnson)
Thu Oct 22 10:46:04 1998
Date: Thu, 22 Oct 1998 10:41:35 -0400
To: redhat-list@redhat.com
From: Mike Johnson <Mike.Johnson@GSC.GTE.Com>
In-Reply-To: <362E5FD7.6D337870@mcmail.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
At 11:27 PM 10/21/98 +0100, you wrote:
>Hi
>
>Most of the questions on security issues are asked by Network Administrators.
>What, if any, problems are lurking for the (SOHO) user like myself who has
>his/her system set up straight off the RedHat CD and is a sole user with
>connection to the outside world by dial-up access to an ISP (using PAP) at
>irregular intervals for email but occasional on-line purchasing of various
>products or downloading software.
Well, you really should be securing your system like a network admin. The
only difference is you don't have to worry as much about problems from
local users. Basically, your first step is to become paranoid. Assume
that your network traffic is being sniffed at any point between you and
your destination. -Never- submit credit card info over anything less than
a 128bit SSL session. Assume that you'll be hit with a random port scan
periodically (usually, crackers will scan a class C network, and if you
happen to be online at the time...).
>Is there any risk of someone gaining access to the system, it seems
unlikely >but I would like to be sure. I suppose the risk is greater the
longer on line, >to newsgroups for example.
If someone manages to grab control of your system while you're online, and
hides themselves well enough, your machine is compromised, be it online,
or not. They could add all sorts of scripts that operate while you are
offline, then when you reconnect, a script to let the cracker know your
new IP address.
>What, if anything, should be removed from the system to make it more
secure >and what sort of modifications should be made to config files for
services,
>protocols etc. I am guessing that the standard installation loaded some files
>that are really only needed for networking. If netscape is the only interface
>with the ISP do I need to keep sendmail, pine elm etc that are there by
>default.
Check out:
http://scrye.com/~kevin/lsh/Security-HOWTO.html
http://www.ecst.csuchico.edu/~jtmurphy/
http://www.best.com/~aturner/RedHat-FAQ/
In those you'll find some good pointers (I'm sure there's more, but that's
what I came up with). First thing you need to do is open up /etc/hosts.deny
and type, on a line by itself, ALL : ALL. Next, open /etc/hosts.allow and
add ALL : LOCAL. That'll protect you from a log of things. For more tips,
read the Security-HOWTO. Removing sendmail might be a good idea, assuming
you use your ISP's mail server to send mail. pine and elm aren't really
a problem as they only operate locally. Next, open up /etc/inetd.conf and
comment out -everything-. Since you said that you are the only one that
uses your machine, and I assume you don't telnet into your box, that'll
also close a lot of holes. Restat inetd with
/etc/rc.d/init.d/inet restart
You'll need to keep up on RedHat errata updates, too. Welcome to the world
of Linux security...
Mike
--
Mike Johnson - mike.johnson@gsc.gte.com
Network Engineer - Prototype Development
GTE Government Systems - All opinions are mine, not GTE's.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.