Today, millions of computers are connected to the Internet. People across the globe communicate, share business plans and goals, and store data on the network.
Storing data on a network is risky because your business rivals always stand a fair chance of accessing this data.
For example, if you send data from a computer in Washington to a computer in Tokyo, the data may have to pass through several computers in order to reach its destination. This may give other users the opportunity to intercept and alter the data. Other users on your system may even maliciously modify the data.
Organizations are well aware of the importance for security of transactions, such as online shopping and banking, because the revenue of an organization depends on the security of the networks over which these critical transactions take place.
However, security is equally necessary on a user’s desktop or laptop computer. For example, your office computer may contain business information that may prove advantageous to your competitor if they somehow get their hands on it.
In a different scenario, losing information may cost you valuable time to retrieve or recreate it. Your home PC may contain information such as financial records, personal passwords for accessing your banking and investing online accounts, credit card numbers, private documents and e-mail, and other pieces of informa-tion that could be misused by any person to cause you financial losses. The data that is deleted due to intrusion or physical damage may even be irrecoverable.
No computer can be completely secure. Hackers are always on the lookout for ways to attack your system. However, you can make it difficult for someone to misuse your system. The average home Linux user doesn’t have to make special efforts to keep the casual hacker at bay; but high profile Linux users need to take extra measures to secure their systems.
As an administrator, you should secure your system as much as possible. You should do a thorough analysis of the kind of security that your system and net-work require. You need to evaluate the threat to your systems, the vulnerability of your systems, the security holes in your systems, the estimated loss to your orga-nization in case of an intrusion, and so on.
These three factors determine the level of security you need to implement:
◆ Risk. This is the risk that is involved in providing access to the users.
You need to analyze the possibility of an intrusion. An intruder can inflict heavy damage to your system if he is able to obtain read and write permission to the file system. You might lose your data permanently.
◆ Access. You should have complete control over the kind of access that is provided to users. You should provide access judiciously. Only trusted users should be provided access. In addition, provide access to a user dependent upon his or her requirements. A user who doesn’t need write access shouldn’t be provided with it.
◆ Vulnerability. You should also do an analysis of the vulnerability of your system to attacks from users outside your local network. One way to pro-tect data and ensure user privacy is to create and implement an effective security policy. The security policy you create should be such that users are easily able to comprehend it, and they shouldn’t face any problem implementing it. The security policy should mention the permissions users have, the services a user can access, and so on. It is the responsibil-ity of the system administrator to ensure that the policies are updated and implemented properly.
Intruders constantly attempt to attack your system. Their prime targets are the servers, dial-up accounts, and the Web sites. You should be aware of the tech-niques they might use. Intruders usually look for security holes in your system and networks. One of the common security holes is the presence of insecure accounts on your system. Once an intruder gets access to your system through an insecure account, he can hack other hosts if your system is connected to a network. There
are several categories of intruders. They are categorized depending on their inten-tions and the damage they can cause.
The categories of the intruders are listed here:
◆ Curious intruders try to gather information, such as your system config-uration and settings, the data that is stored on your system, and so on.
The curious intruders don’t intend to harm your system and data; their only purpose is to gain critical information stored on your system.
◆ Malicious intruders, unlike curious intruders, intend to damage your data and system. Once they gain access to a system, they will perform
destructive activities, such as defacing Web pages, destroying system data, and so on. The purpose of these intruders is only destruction; they won’t use the data on your system for their own benefit.
◆ Competitor intruders try to gain access to the data on your computer.
They use this data for their business benefit and gain an edge over your business in the market. The purpose of their data access is to obtain your business-related data, analyze it, gain an insight into your future business plans, and use it for their own benefit.
◆ Borrower intruders lack resources that they need to perform their own activities. They intrude in your system to use your resources to fulfill their need.
◆ Leapfrogger intruders usually attack systems that are well-connected to other computers on the network. They try to attack and use resources on other computers in a network through a well-connected computer. Gate-ways are prime targets of such intruders.
In the wake of increasing Internet usage for communication and data exchange, it becomes essential for you to secure your system from attacks occurring via the Internet.
Security for the Linux environment can be categorized into four levels:
◆ Physical security
◆ Data security
◆ Network security
◆ Accounts security
In this chapter, I discuss each level of security in detail.