|
1. Introduction
While Internet connectivity offers enormous benefits in terms of increased access to information, Internet connectivity is not necessarily a good thing for sites with low levels of security. The Internet suffers from glaring security problems that, if ignored, could have disastrous results for unprepared sites. Inherent problems with TCP/IP services, the complexity of host configuration, vulnerabilities introduced in the software development process, and a variety of other factors have all contributed to making unprepared sites open to intruder activity and related problems.
The security problems of a big Internet site can be devided into three parts: base security of Unix system, local network security and security of Internet connections.
2. Security of the Unix system
The Unix operating system, although now in widespread use in environments concerned about security, was not really designed with security in mind. The reasons for this state are largely historical. Unix was originally designed by programmers for use by other programmers. This does not mean that Unix does not provide any security mechanisms: indeed, several very good ones are available. The only problem is that host security rely only on proper configuration of the system by system administrator.
Unix system security can be devided into three main areas of concern. Two of these areas, account security and network security, are primarily concerned with keeping unathorized users from gaining access to the system. This section describes the Unix security tools provided to make each of these areas as secure as possible.
2.1 Account security
One of the easiest ways for a cracker to get into a system is by breaking
into someone's account. This is usually easy to do, since many accounts
whose users have left the organization, accounts with easy-to-guess
passwords, and so on. The following describes how to configure password
security.
When setting password, several rules are to be keep in mind:
The second important feature is expiration dates for passwords.
If your system have many users, it's not easy to guess which of them
use the system and which do not. These accounts are major security hole:
not only can they be broken into if the password is insecure, but because
nobody is using the account anymore, it is unlikely that a break-in will be
noticed.
Guests accounts present still another security hole. The best way to
deal with this problem is to never use guest accounts.
Accounts without passwords also must be prohibited.
2.2 Network security
One of the most convenient features of the Berkeley (and Sun) Unix
networking software is the concept of "trusted hosts". The software allows
the specification of other hosts (and possibly users) who are to be
considered trusted, i.e remote logins and remote command execution from this
hosts will be granted without requiring the user to enter a password.
The trusted hosts concept represent potential security problem: if you
allow users to specify trusted hosts for each of them, you'll lose control
of the access to your system. Trusted hosts are usially specified in .rhosts
file in user's home directory. The compromise between security and
advantages of 'r' functions can be found by specifying trusted hosts for
you system in one file: /etc/hosts.equiv , which must be only under control
of the administrator, and forbidding .rhosts files in user's home
directories.
Under newer versions of Unix, the concept of "secure terminal" has been
introduced. Simply put, the super-user (root) may not log in on a nonsecure
terminal even with a password. The best solution is to leave only one secure
terminal: console, and all other terminals must be unsecure.
The Network File System (NFS) is designed to allow several hosts to share
files over network. /etc/exports file defines which filesystems are exported
and permittions of read, write, execute for exported filesystems. Also it is
possible to specify hosts, subnets, to which only a filesystem will be
exported. The secure rule is: never export filesystems with write permitions
to anyone. Export only that filesystems, which indeed are to be exported.
Many security problems appear because of nonsecure configuration of FTP
daemon. To get your daemon secure, try to obtain it's latest version and
carefully install it according to manual. Many problems with ftp security
begin from misconfiguration and wrong permitions.
Sendmail - Unix mail system is known to have security problems. The only
way to solve them is to constantly update the destribution.
Such services, as finger, sysstat can provide cracker with important
information about your system. So, where such services are not absolutely
nesessary, don't use them.
3. FireWalls
Fortunately, there are readily-available solutions that can be used to improve site security. A firewall system is one technique that has proven highly effective for improving the overall level of site security. A firewall system is a collection of systems, routers, and policy placed at a site's central connection to a network. A firewall forces all network connections to pass through the gateway where they can be examined and evaluated, and provides other services such as advanced authentication measures to replace simple passwords. The firewall may then restrict access to or from selected systems, or block certain TCP/IP services, or provide other security features. A well-configured firewall system can act also as an organization's ``public-relations vehicle'' and can help to present a favorable image of the organization to other Internet users.
A simple network usage policy that can be implemented by a firewall system is to provide access from internal to external systems, but little or no access from external to internal systems. However, a firewall does not negate the need for stronger system security. There are many tools available for system administrators to enhance system security and provide additional logging capability. Such tools can check for strong passwords, log connection information, detect changes in system files, and provide other features that will help administrators detect signs of intruders and break-ins. A firewall system can be a router, a personal computer, a host, or a collection of hosts, set up specifically to shield a site or subnet from protocols and services that can be abused from hosts outside the subnet. A firewall system is usually located at a higher-level gateway, such as a site's connection to the Internet, however firewall systems can be located at lower-level gateways to provide protection for some smaller collection of hosts or subnets. Firewall Components:
1. Network Policy
There are two levels of network policy that directly influence the design,
installation and use of a
firewall system. The higher-level policy is an issue-specific, network
access policy that defines those
services that will be allowed or explicitly denied from the restricted
network, how these services will
be used, and the conditions for exceptions to this policy. The lower-level
policy describes how the
firewall will actually go about restricting the access and filtering the
services that were defined in
the higher level policy.
2. Advanced authentication
Advanced authentication measures such as smartcards, authentication tokens,
biometrics, and software-based mechanisms are designed to counter the
weaknesses of traditional passwords. While the authentication techniques
vary, they are similar in that the passwords generated by advanced
authentication devices cannot be reused by an attacker who has monitored a
connection. Given the inherent problems with passwords on the Internet, an
Internet-accessible firewall that does not use or does not contain the hooks
to use advanced authentication makes little sense.Some of the more popular
advanced authentication devices in use today are called one-time password
systems. A smartcard or authentication token, for example, generates a
response that the host system can use in place of a traditional password.
Because the token or card works in conjunction with software or hardware on
the host, the generated response is unique for every login. The result is a
one-time password that, if monitored, cannot be reused by an intruder to
gain access to an account.
3. Packet Filtering
IP packet filtering is done usually using a packet filtering router designed
for filtering packets as they
pass between the router's interfaces. A packet filtering router usually can
filter IP packets based on
some or all of the following fields:
4. Application Gateways
To counter some of the weaknesses associated with
packet filtering routers, firewalls need to use
software applications to forward and filter connections for services such as
TELNET and FTP. Such
an application is referred to as a proxy service, while the host running the
proxy service is referred
to as an application gateway. Application gateways and packet filtering
routers can be combined to
provide higher levels of security and flexibility than if either were used
alone.