Real World Linux Security, w. CD-ROM: Intrusion Prevention, Detection and Recovery (Open Source Technology) [Englisch] [Taschenbuch]

2nd edition. -- Dieser Text bezieht sich auf eine andere Ausgabe: Taschenbuch .

Cracker attacks are costing leading e-Businesses millions -- and spotlighting the dangers intruders pose to every participant in the new dot-com economy. If you rely on Linux, this is your systematic, comprehensive guide to protecting yourself. Security guru Bob Toxen uses real-world case studies from his own consulting career to show exactly how network and Internet security breaches can happen, what they look like when they do happen, and what you must do now to prevent them. The book is organized into four sections: securing your system, preparing for an intrusion, detecting an intrusion, and recovering from an intrusion. Toxen even provides at-a-glance icons and tables rating the severity and likelihood of each type of attack. Along the way, you'll learn how to configure systems so they alter themselves to lock out a cracker -- and notify the sysadmin immediately -- at the first sign of attack. You'll discover virtually cracker-proof techniques for protecting credit card databases, even if your web server and network are compromised.

Toxen also presents 100+ pages of techniques for ensuring that, if a break-in does occur, damage will be minimal and a full recovery can happen fast. The accompanying CD-ROM includes a complete Linux security software library -- including powerful tools written by the author to detect cracker servers, and identify running cracker programs, even if they've been deleted from disk.

"You have in your hands a book I've been waiting to read for years-a practical, hands-on guide to hardening your Linux system."

—From the foreword by Eric S. Raymond

• Secure your system, detect an attack, track the cracker, and recover quickly
• Learn the gory details of securing Web servers and Sendmail
• Explore e-commerce issues, Trojan Horses, GPG and more
• Step-by-step guide to installing and using key security tools

"A comprehensive guide to system security-covers everything from hardening a system to system-recovery after an attack. "

—Steve Bourne, Creator of the Bourne Shell

Your enemy is coming—are you ready?

It's not a question of "if" but "when." Will you be ready to protect your system when a cracker comes to call? Real World Linux Security goes beyond the books that merely detail system vulnerabilities; it offers system administrators practical solutions for safeguarding Linux systems and actively responding to break-in attempts. Veteran Bob Toxen shows you how to know your enemies and stop them at the front gate, before they can damage your system.

The hands-on guide to protecting your Linux data—and yourself

• 7 "deadly sins of Linux security"
• Set up effective firewalls
• Break-in case studies
• Develop internal security policies
• Block spam
• Recover quickly from an intrusion

About the CD-ROM

The accompanying CD contains original software that locks out crackers and alerts system administrators. In addition, it includes programs that monitor system health and report suspicious activities, detect network sniffers, and speed backup and recovery.

About the Author

Bob Toxen has 26 years of UNIX/Linux experience, and is one of the 168 recognized developers of Berkeley UNIX. He learned about security as a student at UC Berkeley, when he played for "the other team," successfully cracking several of the original UNIX systems there. He is president of Fly-By-Day Consulting, specializing in Linux security, client/server creation, system administration, porting, and C programming.

Technical Reviewers

• Kurt Seifried, Sr. Analyst, SecurityPortal
• Dr. Indira Moyer, Consultant
• Larry Gee, Architect, ApplianceWare
• Michael Warfield, Sr. Wizard X-Force, Internet Security Systems
• Stephen Friedl, Consultant
• Mike O'Shaughnessy, Quarry Technologies

Bob Toxen has over 26 years of UNIX & Linux experience. He was a developer of the original Berkeley Unix, and one of four responsible for porting Unix to SGI hardware -- kernel hacking a C2-compliant secure Unix system. Formerly Unix sysadmin for one of the world's largest shipping companies, he also architected the server that controls one of today's leading network disk appliances.

Chapter 1

Introduction

Linux is a solid operating system. It is easy to use and install, has very powerful capabilities, runs fast on almost any hardware, and rarely crashes. It has few bugs and its widespread support from a cast of thousands ensures that any remaining bugs get fixed as soon as they are discovered. It is highly versatile and can be made as secure as any UNIX system.

Unfortunately, UNIX and Linux machines are broken into every day, not because they are inherently insecure, but because the steps required to expose a system to the real world safely-the modern Internet-are not always so obvious. The single goal of this book is to teach any Linux or UNIX system administrator how to secure his systems, keep them secure, and feel confident that all necessary steps have been taken.

1.1 Who Should Read This Book?

This book will aid Linux and UNIX System Administrators (SysAdmins) in making their systems and networks as secure as possible from intruders and improper action of the users. It covers both quick and simple solutions, and some more involved solutions to eliminate every possible vulnerability.

It is organized to allow the busy SysAdmin to increase the security of the systems one piece at a time. It is recognized that one cannot take a system down for a week and work exclusively on its security for that week. In the real world, a SysAdmin's time is divided up by many tasks that cannot wait and systems are too critical to stay down for long.

In the real world, some systems will be broken into despite the best efforts of talented SysAdmins. This book devotes over 60,000 words to dealing with a possible break-in. It deals with how to prepare for it, how to detect it, and how to recover from it quickly and completely with minimal loss of confidential data and money, with minimal inconvenience to one's customers and employees, and with minimal publicity. This is considered one of the unique features of this book.

On March 30, 2000, 350 "hackers" from around the world gathered in Israel for a conference. Organizers there said that they were able to break into 28 percent of Israeli computers that they tried and that this percentage was typical worldwide. This was with the permission of the computers' owners, who were convinced that their computers were invulnerable. The quoted statistics were not broken down by operating system type. Both John Draper ("Captain Crunch") and Kevin Mitnick were there.

The book is designed to be used by both the veteran of many years of Linux and UNIX experience, as well as the new SysAdmin. It does assume that the reader is somewhat knowledgeable in system administration; Prentice Hall has other fine books to help people hone their SysAdmin skills. There are many useful details here, both for the person with a single Linux box at home and for those supporting multinational corporations and large government agencies with very large networks comprised of multiple types of operating systems.

1.2 How This Book Is Organized

Part I is concerned with increasing the security of your systems. This book is organized with the understanding that some SysAdmins have only a little time right now, but certainly want to fix the most severe holes immediately, before someone breaks into their systems. (The smaller holes also need to be closed, but statistically there is more time to address them before a cracker is likely to try them. Crackers, sometimes incorrectly called hackers, are people who break into computer systems without permission for the fun, challenge, fame, or due to a grudge.) These urgent quick-to-do items are covered in Chapter 2 "Quick Fixes for Common Problems" on page 15. That chapter starts with a discussion of basic security concepts to bring those new to Linux security up to speed and to serve as a "refresher" for veterans. The author estimates that applying just the quick fixes may reduce a system's vulnerability by 70 to 90 percent, based on published reports and incidents discussing probable "points of entry." Many of these solutions are independent from each other so that a SysAdmin may pick the solutions most appropriate to his or her situation and may implement these in almost any order.

The book then progresses into more involved procedures that can be done to increase security, allowing the system administrator to progress to as secure a system as time and desire allows. It even addresses some simple kernel modifications to increase security still further. It can be treated as a workbook, to be worked through a bit at a time, or as a reference book, with relevant areas picked from the Table of Contents or from the extensive Index.

Part II deals with preparing for an intrusion. No computer or network is completely secure and anyone who thinks that theirs is 100 percent secure is, well, probably due for some "education." Most computer security books deal almost exclusively with securing systems and devote only a few pages to dealing with an intrusion, that 10-40 percent of their readers will suffer. This author considers this to be a naive disservice. (All other common platforms are considered even more vulnerable.) In many of the cases that this author has been asked to analyze, the vulnerability that allowed the break-in turned out to be a bug in system software that had not been well-known at the time. This proves the point that just securing a system is not sufficient.

Innovative solutions are presented to even the most daunting problems, such as keeping customers' credit card numbers secure even if the Web server and the entire internal network are completely compromised! This solves a major widespread problem with e-commerce companies.

This book is called Real World Linux Security: Intrusion Prevention, Detection, and Recovery because in the real world a significant percentage of computers are broken into and the prepared SysAdmin is well prepared for this. Perhaps 5-25 percent of SysAdmins who have secured their Linux boxes still will have to deal with an intrusion. Even the author's own quiet site on a Dynamic IP over PPP suffers weekly intrusion attempts (with no successes so far), but it has been prepared for intrusion attempts and even for fast recovery from a possible successful intrusion.

Switching to another platform will not reduce this risk, in my opinion. I have seen many reports of security bugs in various competing systems. Almost weekly I see a report on a newly discovered severe vulnerability in software long running and widely distributed on these closed-source platforms. Software written by independent vendors also has its share of problems.

Part III deals with detecting intrusions (both attempts and successes) and sophisticated notification and logging in detail. Part IV discusses recovering from intrusions successfully, completely, and quickly! It also covers tracking down the intruder and dealing with law enforcement officers and the courts, and what to expect from them. Outages can cost millions of dollars a day in lost revenue and bad publicity can mean more lost business and worse-the dismissal of the SysAdmins. A quick recovery may get no publicity and might even be blamed on a glitch in the Internet.

This book covers many security problems. These include problems of incorrect configuration, some services whose design prevents them from being made secure, some inherent limitations in the TCP/IP, UDP/IP, ICMP/IP, ARP, and related protocols, bugs in programs that have come with various Linux distributions or which get installed on Linux systems, and even some physical security and human factors (social engineering) matters.

Please do not get the idea that Linux is a hard-to-configure, buggy, half-baked idea not worthy of your attention! Nothing could be further from the truth....