|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Saturday, 6 November 1999||Author: Luke Groeninger|
|Published to: featured_articles/Featured Articles||Page: 1/1 - [Std View]|
Of DVDs and Security
While many people many consider it trivial, the cracking of the DVD encryption format is a very major event. The encryption capabilities were one of the main reasons why DVD drives and disks took so long to be released. But, as in all things, many things can be learned from this. One of the major lessons is that of security....
Bad security is easy to implement, with a major example of it being the DVD encryption. By pairing relatively weak encryption with a fixed set of decryption keys, it becomes easier to break, and harder to prevent someone who has already broken one to break others, and thus makes cycling the decode keys almost pointless.
Good security, on the other hand, can take a long time to implement. On a server, for example, it is generally a rule of thumb to have your password file shadowed. Also, you should run daemons with user privileges, so that if someone were to utilize a back door in the daemon, they cannot gain root access. Setting up proper security can take a long, long time to do. No one can say "here is our latest security, use it for everything!" System security varies from system to system. Some machines, like firewalls, should only have remote login/administration capabilities from only a couple of workstations, and should use encryption for those connections that it allows. Workstations, on the other hand, should not be running daemon that they don't need. Don't run Apache unless you are actually running a Web server. Running more daemons than are required increases the possible security holes in your system.
Providing good security on your computers is almost necessary. I have been in situations, where, had I not implemented proper security, I would have had to rebuild machines and probably several servers. Good security not only requires vigilance and patience, but it also requires adapting to the latest threats and security holes. Subscribe to mailing lists such as BugTraq or CERT, read system specific pages such as Linux.com's security section, and always maintain an eye on your systems.
Luke Groeninger is currently a student, whose time is spent between working, doing work, and running several Linux servers at his school. Feel free to send him email at firstname.lastname@example.org with questions or comments. As always, all flame will go straight to /dev/null.