|
Intrusion
Prevention 101 by Original Guru
Reducing a computer's vulnerability to hackers is much like
using anti-theft devices and common sense to guard against your car
being broken into. Strangely, few people would leave their keys in
the ignition while away from their vehicle, yet most might as well
hand over their workstations and servers to the lowliest hacker as
they don't have any security in place.
Just like vehicle protection measures, you can stop a lot
of potential intruders but never all. Most hackers are of the
"script kiddie" variety, non-programmers using commonly available
hacker tools to penetrate systems if only for their own amusement.
Since their skills are limited, they hunt for the easy kill rather
than a challenge, so our mission here is to make your computer as
unattractive as possible. The rules outlined below are a checklist
of things you must do to properly secure your system.
At the end of this article you'll find useful links that
will help you actually implement these measures.
Rule 1: Mind your passwords. It is simply incredible that
in this day and age most computer users persist in choosing the
weakest passwords, typically because they're easy to remember.
Forget convenience: Under no circumstance should you ever use real
words or combinations of real words, nor should you use numbers
that have any significance to you such as your birth date. Script
kiddies will use password guessing tools and it might take only
seconds to guess yours. Additionally, using the same or similar
password everywhere is foolish, sort of like leaving your credit
cards and house keys in your car! The best policy is to use random
sequences of characters for passwords.
Rule 2: Use encrypted connections. The Internet tools most
commonly used on workstations and servers are inherently insecure.
For instance, never use the popular Telnet, POP, or FTP programs
unless passwords are passed in a strongly encrypted format over the
Internet. Sadly, authentication is typically in plain text, which
makes life easy for hackers using packet sniffers to automatically
grab scores of plain text passwords from Internet noise while they
sleep. Remote shell sessions such as with Telnet should be
completely encrypted if you use such sessions to switch to other
userids or root id, lest you want to give script kiddies a big
break! SSH is the best substitute for Telnet and can also be used
instead of FTP. By the same token, sensitive information should
NEVER be sent via email. Note that any encryption between client
and server requires that both ends support the encryption method.
Rule 3: Hide! Cloaking your computer's Internet presence
via a firewall is the first line of defense. All hackers use
scanning tools to quickly find weaknesses in a computer's Internet
interfaces. Firewalls work at the packet level and not only can
detect scan attempts but also block them, thus making your system
look unattractive or even hide its existence altogether.
Rule 4: Don't trust anybody! Be very careful about what
programs you download from the Internet. Do not install software
from little known sites especially. Programs can hide "trojans" that
once launched will modify your system and/or connect to remote
servers without your knowledge, perhaps allowing hackers to slip
into your system. Nowadays, most download sites will include a
checksum, typically PGP or MD5 encoded, which can be used to verify
that the program is authentic before you install it. It's not too
paranoid to make it a rule to never trust anything from the
Internet, as even the biggest website could be subverted by hackers
and you wouldn't notice.
Rule 5: If you're managing a server, limit what other users
can do on the system. From limiting them to certain areas of the
filesystem and which applications they can run to limiting their
memory and process usage, there are many things you can do to reduce
the serious risk posed by reckless users.
Rule 6: Keep your system up to date. Vulnerabilities are
continuously being found in popular programs and operating system
kernels, some of which might allow an intruder to gain root access
to your system. Unfortunately, word of such "holes" travels quickly
in hackerdom, so it's important to be on top of them yourself.
Software creators post "patches" and/or new versions of their
programs to fix those defects. It's hard to keep track of them all,
but you can save yourself a lot of grief by subscribing to mailing
lists that warn you of such incidents. Again, software producers
often maintain such lists themselves, as do sites specializing in
computer security, and it's usually free to subscribe. You can also
reduce the risks by avoiding using new applications or those that a
long history of vulnerabilities.
Rule 7: Disconnect from the Internet when you're not
actually using it. This is the ultimate protection to stop
intrusions, but of course it doesn't stop trojans unless you
literally unplug your physical connection. In the case of servers,
where your connection is always on, disable any daemons that aren't
needed or seldom used. Note that the daemons running by default on
a newly installed operating system are quite often the most
vulnerable, and most hosting services won't bother to disable them
for you.
Rule 8: Don't continue using a computer that you know has
been compromised by hackers. To do so allows the hacker to
potentially gain access to more systems and exposes you to the
possible theft of some of your sensitive data. The only solution is
to reformat the hard disk(s) and re-install the operating system,
or smash your computer to bits if you prefer!
Rule 9: Use every security mechanism you can, not just one
or a few. They serve different purposes and thus complement each
other. Always rolling-up the car windows and locking the doors is a
good start, but you wouldn't really call that a security system,
would you?!
Stick to the rules or let the script kiddies rule the day!
Some useful links you can follow to get further knowledge
on the subjects discussed today:
SSH:
http://www.ssh.com http://www.openssh.org
http://www.fsecure.com
Vulnerability reports:
http://www.securityfocus.org http://cve.mitre.org
Firewalls:
http://www.zonelabs.com http://www.firewallguide.com
Other Security Sites:
http://www.net-security.org/
Credits
-Original Guru
|