[buug] Great Links re. Internet/Linux Security

Zeke Krahlin zk_lists at yahoo.com
Mon Aug 7 00:36:21 PDT 2000 

--- Rick Moen <rick at linuxmafia.com> wrote:
> Here's part of what's bothering me, Zeke (and I hope this doesn't strike
> you as just ill temper):  _How_ can you decide that something is a
> "great link regarding Internet/Linux security", before having a good
> grasp of that topic?

No, I really *can't make such a decision. What to me may seem *great could
make Linux wizards groan. I hope though, that my batting average, even as
a beginner, will rate reasonably high overall.

> I'm not raising this problem in order to provide a pat answer.  It's a 
> thorny problem without any good, simple answer.  But it's a highly
> relevant problem to always bear in mind, anyway.

And as you already pointed out, the suggestion to mess with /etc/services
was totally bogus. So for me to pass it off as *great was unfair, though
not intentionally. I will post my references more fairly in future,
knowing that I really know very little in this subject. It is "great" that
I have members of my board eager to share...but this is not the same thing
as the references themselves being "great".

I have already forwarded your advice to my board, re. not messing with
/etc/services, so that this newbie (and others) may realize that caution
is advisable when newbies recommend tips to other newbies.

> Give the public physical access to the system box, and the game is over.
> You then have no system security -- if only because the bad guys can
> extract your hard drives and take them home.  You can play cat and mouse
> with the public, by password-protecting LILO, setting the BIOS so it
> will not boot from removable media, password-protecting the BIOS, etc.,
> but you've really already lost, if you allow physical access.

Yes, I see what you mean, Rick. Protection of a network, and every
computer connected to it, is based on software methods with adminstration
vigilance. If anyone has access to the physical parts, he or she can just
crush a hard drive with a hammer, or walk away with it. So to finagle
software tricks to protect a system from physical proximity of a potential
abuser, is essentially a ruse.

The only way to provide physical protection is with a better lock, a
better case, a better door...or some other physical layer of protection;
including *distance from unwelcome visitors.

> If can't find much wrong with the rest of those two pages except for a
> mild Red Hat bias and the fact that Dave Wreski (the author) didn't
> mention that the Tripwire security-auditing package he recommends is
> proprietary software.  The publisher says it intends to open-source it
> later this year, but has not done so yet.  There's already an
> open-source (GPLed) equivalent by Rami Lehti of Finland, "AIDE", 
> http://www.cs.tut.fi/~rammer/aide.html .

Thanks for another juicy tip. I have tripwire on a CD that came with
"Linux Administration for Dummies". Instead, I'll use AIDE.

=====
Zeke Krahlin
zk_lists at yahoo.com
---
FreeNetCubs BBS & Chat
http://www5.50megs.com/fnc

__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

More information about the buug mailing list