The Labs.Com Admin Lab Net Security

The Labs - Design & Functionality For The Net

Net & UNIX Security

UNIX is complex, and powerful, but due its complexity there are many possible security holes if things aren't properly setup. For that reason tools are very handy to keep track of things on your server.

Side Note: We won't even speak about NT, forget it to run any reliable intra- or internet server.

1. Hints
2. Security Site
3. Tools
4. Links

Following documents are highly recommended to read:

• Intruder Detection Checklist (CERT)
• Security Tools (CERT)

Beside CERT hints above, consider following as well:

1. Masquerade all version of daemons you are running (by changing version info and recompiling them), ie. named (bind), inetd, tcpd and all kind of daemons who run as root. Often hackers use scanners to prope your ports and check version numbers, if they match to their hacks they fire up their attack. Make it not that easy, hide your versions of programs dealing with the public, even the httpd as well. Most likely upgrade all deamons as often as patches or new versions appear.

2. Disable telnet, use ssh (even a Win95 port exist), that way the password never goes verbatim over the net but encrypted.

3. Reconsider to fetch your mail from a far distant POP3 server, let it forward to your dial-up provider, because with POP3 the password is given unencrypted over the net, and somebody might "sniff" the network and catch your password. Your provider more likely might have secure local net.

4. If you connect the net via an dial-up also shutdown all not urgently required services in /etc/inetd.conf. People run IP-scanners non-stop, they catch your system and run short investigation-scripts to determine if your system is worth for an attack like having old kernel, outdated sendmail (use qmail anyway), or any other kind of volunrable daemon running as root they might use as entry to gain access. Don't falsely assume because you have a dynamic IP you are not becoming a target of hacker-attack.

   Check your

   1. /var/log/secure
   2. /var/log/messages
   daily, yes daily, see if there are anybody trying to finger, imap, or pop to your workstation (when you use dial-up ISP), then you might discover even you were just 1-2hrs online someone investigated your system.

Net Security 2. Security Site

SecurityFocus.Com Best site with buqtraq and more

Net Security 3. Tools

SAINT GUI security tool

Nessus GUI security tool

SystemConsistency Our own developed security-tool

Net Security 4. Links

Unix Guru Universe Great archive of articles and programs	RootShell.Com Monthly organized, well done	TechnoTronic: UNIX Another archive of fixes
ShowDown.Org Another site with prgs and hacks	NewOrder.Box.Sk Archive of progs regarding security	InflicSec: Vulnerability Database Search for hacks and fixes

                                                                                                                                   

DNSTool

Admin Lab

MyVersion