|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Wednesday, 19 January 2000||Author: Ryan Bridges|
|Published to: develop_articles/Development Articles||Page: 1/1 - [Printable]|
Kernel Level Security
In this feature article by Ryan Bridges, discover tips and techniques to secure your Linux system at the kernel level.
|Page 1 of 1|
As technology gets more and more advanced, the need for better electronic security becomes higher. Many technology companies have made millions by providing user-space security programs and Web Appliances. While this top-down approach to security has served its purpose, there has been a push towards a more bottom-up solution.
The flexibility of the Linux kernel allows for such an approach. There are several new kernel patches that can prevent the basic exploits used to breech security. The Linux Intrusion Detection System (LIDS) is a kernel patch that can completely secure files on your hard disk. When the LIDS kernel components are in effect, a specified list of files CANNOT be changed, not even by root. An instance where this patch would be exceptionally handy is preventing the new trend of web graffiti. If you don't think web page defacing is a problem, visit www.2600.com and view the archive of hacked web sites. The LIDS patch can be used to secure the HTML and CGI scripts used by your web server. This means that even if a hacker obtains root access, he cannot edit or remove these files.
Another popular hacking technique is to replace 'ls' command with an altered version which will not list the extraneous directories the hacker is placed on your filesystem. One of the more advanced features of LIDS is its ability to protect the Master Boot Record. Webmotion, Inc. has merged their own intrusion detection system with the LIDS product. The new features that Webmotion has added are an alert mechanism for security breach attempts, the ability to block insertion of modules into the kernel, or to require a password, and the ability to hide processes in ps and in the /proc filesystem.
The Secure Linux Patch adds limitations to user-space memory to decrease the ability of an attacker to perform the more common buffer exploits. Secure Linux Patch also limits the ability tp place symbolic links and FIFOs in the /tmp directory. Since the /tmp directory is world readable and writable, programs could take advantage of this to exploit race conditions. Another popular exploitation is to redirect the 0, 1, and 2 file descriptors of a file. These descriptors (standard input, standard output, and standard error respectively) would then be directed to write to or take input from another file or FIFO. Secure Linux insures that these file descriptors are opened properly upon each process execution. This patch can also block certain parts of the /proc filesystem from being viewed by all users. This keeps potential hackers from gaining precious user and process information about your server.
The International Kernel Patch allows for the inclusion of strong cryptography in the Linux Kernel. This, in conjunction with other software, can allow the inclusion of strong cryptography in almost every aspect of the kernel. One of the most impressive implementations of this is the EHD patch to the util-linux set of basic Linux utilities, allowing for encryption of mounted devices, to prevent hijacking of information. EHD will encrypt a user's home directory so that only those who know the passphrase can access his/her files. The encryption is implemented via the International kernel patch and an encrypted loop device. Combining the two allows a user to mount and decrypt their home directory across an encypted loop device. This makes sniffing data virtually impossible.
Another implementation of the International kernel patch is the Crypto IP Encapsulation (CIPE). This implements the transmission of encrypted UDP packets between routers. This makes for a quick and dirty sort of Virtual Private Network. You can use this encrypted correspondance between routers to connect two secured subnets across an unsecure network in between. One example would be to use CIPE to connect two corporate networks across an insecure production network in between.
These tips, in conjunction with a secure network layout, will keep your data safe from the prying eyes of the internet.
|Page 1 of 1|