Originally Published: Tuesday, 2 October 2001 Author: Jeff McClure and Katharine McCoy
Published to: enchance_articles_security/Advanced Security Articles Page: 2/3 - [Printable]

A Beginner's Introduction to Network Security

Linux.com writers McClure and McCoy write "We hate to break it to you, but crackers don't just hack the important stuff, they hack whatever networks or boxes they can get into, just because they can." As you may already know it is as important to "lock" your computer as it is to lock your front door, especially if you live on an "always on" broadband connection. But where to start? Well, start here.

  << Page 2 of 3  >>

Why Do I Care About Network Security?

You may ask, "Why do I need security on my network? There are no national secrets here. Nothing important for anyone to hack into." We hate to break it to you, but crackers don't just hack the important stuff, they hack whatever networks or boxes they can get into, just because they can. Just because the information on your computer isn't valuable to an attacker doesn't mean that he won't delete it just for fun. Also, your computer can be used by a cracker to attack others. This very concept makes possible the huge distributed denial-of-service attacks that have been seen lately.

Your Broadband Connection

With broadband Internet connections becoming more available to the general public, crackers now have more and easier targets. How? A cable modem or DSL modem provides you with an always-on, high speed pipe to the Internet. This has both its good and bad points. The same broadband connection that allows you to connect to the Internet faster and more freely can also allow others on the Internet to connect to your computer faster and more freely. Broadband providers don't usually filter their users' connections, so you cannot depend on your provider to protect you from attacks. Computers on broadband connections are part of large, well-known, consecutive blocks of IP addresses. Attackers use this fact to run easy port scans on entire blocks of broadband users in the hopes of finding a few computers that have exploitable vulnerabilities. Software exploit tools are readily available to allow even experienced attackers to take advantage of these vulnerabilities.

Compounding this problem, some distributions of Linux install with lots of services enabled by default. The more services that are enabled (even the ones not being used), the more chance that the attacker will be able to find one with a vulnerability he can exploit.

How Do I Secure My Network?

Now that we've established some of the reasons that you would want to secure your network, let's talk about ways to actually do it. In the interest of space and keeping these tips distribution- neutral, we're only going to discuss general concepts here. If there is enough interest, we can go into greater detail in later articles.

Disable every network service you don't use.

Yes, that's right, everything. Every running service is another possible entry point. What do we mean by services? Some of the better-known services are FTP, Telnet, and web (e.g. Apache) servers. Some lesser-known examples include SMTP servers like Sendmail, the finger server, network time servers, and NFS (which actually runs under another commonly-enabled service known as the RPC portmapper). To find out just what services your computer is offering, try running the "netstat" command with the '-a' switch and look under the "Active Internet connections" section. You may be surprised by just how long that list is.

The bad news is that many distributions of Linux come with most or all of these services enabled unless you specify otherwise. The method for disabling services varies depending on the service and the distribution, but the first choice is to use your distribution's package management system (e.g. RPM) to remove the service altogether. If that doesn't work, there are other methods. A standalone service is disabled by preventing its daemon from running. Usually a system startup script runs the daemon at boot time. Check your distribution's documentation for information on how to modify the startup scripts. Services that don't have standalone daemons are started by a program called "inetd". Disabling these services involves editing the file "/etc/inetd.conf". For a decent explanation of these issues, check out section 5.8 of the Linux Networking HOWTO, at: http://www.linuxdoc.org/HOWTO/Net-HOWTO/index.html

Know the services that you have to use.

If you must make some services available to the network, be sure to understand them so that you can make them as secure as possible. One of the most common causes of security breaches is incorrect configuration. Things like mis-configured anonymous FTP servers have brought down many systems. Most of the commonly-used network servers have extensive documentation, often included right in the configuration files. Read it. Learn it. Live it. If you don't understand how a particular service works, you're inviting trouble. Pay special attention to how the service passes its data over the network. Does the service require users to log in? If so, are the usernames and passwords encrypted? FTP and Telnet are examples of services which pass usernames and passwords over the network in clear text. That means anyone along the way can sniff those sessions and use them to log into your computer. That's why we recommend using SSH instead of Telnet and something like SCP instead of FTP.

Keep your software (and your knowledge) updated.

Once you've researched and properly configured your services, keep them updated. Our recommendation is to use the latest stable version of each service you use. If the service was installed using your distribution's package manager, keep an eye on the web site for your distribution for updates. While you're watching for new versions of the software, keep your eyes open for new information about those services. Watch a few security-related web sites for new alerts.

  << Page 2 of 3  >>