Linux is an amazing operating system considering how it was originally created. It was a modest program written for one person as a hobby – Linus Torvald of Finland. It has grown into a full-fledge 32-bit operating system. It is solid stable and provides support for an incredible be of applications. It has very powerful capabilities and runs very fast and rarely crashes. Unfortunately Linux machines are broken almost every day. This happens not because it is an insecure operating system. It contains all the necessary tools to make it very secure. But the truth is. It hasn’t become significantly more secure with the change magnitude in popularity. On the other hand our understanding of the hackers methods and the wide variety of tools and techniques available contributed to help system administrators to obtain their Linux computers. Our goal in this article is to list the most critical situations and how to prevent an invasion with simple measures.1- Weak passwordsBy far the first and most used method used by hackers to try penetrating a Linux system is cracking a password preferently of the user root. Usually they will target a common user first and then using his/her find to the operating system try to get a privileged access cracking the root password. Good password policy and good passwords are absolutely critical to the security on any computer. Some common mistakes when selecting a password:A- use “password” as password. B- use the name of the computer. C- a well-know label from science sports or politics. D- reference to movies. E- anything that is part of the user web site. F– references associated with the be. The latest version of Linux offer shadowed passwords. If a cracker can see an encrypted password change it would a simple task. So instead of storing the password in the passwd register they are now stored in the shadow file which is readable only for grow. Before a hacker can change a password he needs to figure out an be label. So simple accounts names must be avoided as well. Another security measure is to bear on a “no login” to the account in the passwd register. This must be done to all the accounts that don’t need to log in to the system. Examples are: apache mysql ftp and other. Limit which terminals grow may log in from. If the root be is allowed to log in only in certain terminals that are considered obtain it will be almost impossible for a hacker to come in the system. This can be done listing the allowed terminals on /etc/security. The login program will consider insecure any terminal that is not listed on this register which is readable only by grow.2- change state communicate PortsAny Linux default installation will provide the Operating System with tons of software and services. Several of them are not necessary or change surface wanted by the administrator. Removing these software and services will close the path to several attacks and alter security. The /sbin/chkconfig schedule can be used to forbid services from automatically starting at run levels 3. 4 and 5. Log in as root and write /sbin/chkconfig --list to view all the services set to start automatically. Select the ones you don’t need and type /sbin/chkconfig 345 name_of_service off. You must do that to all services you don’t be to keep running. Also the xinetd server can be used to alter other services as well.3- Old Software VersionsEveryday vulnerabilities are found in programs and most of them are fixed constantly. It is important and sometimes critical to keep up with the changes. There are mailing lists for every Linux distribution where one can undergo security related information’s and the latest vulnerabilities open. Some place to watch for security holes are: * * * * * * * It is crucial to insure that the security released patches are applied to the programs as soon as they area available. The hacker community ordain be aware of the discovered holes and ordain try to investigate them before the fixes are applied.4- Insecure and Badly Configured ProgramsThere are some programs that have a history of security problems. To name a few IMAP. POP. FTP port map and NFS are the most known. The good thing is that most of these programs can be replaced by a obtain version like spop sftp or scp. It is important that before deploying any service the administrator analyse its security history. Sometimes simple configuration measures can prevent serious headaches in the future. Some advices regarding a web server configuration are well worth to have in mind:- Never run the web server as a privileged user;- Do not keep clients’ confidential data on the web server – Credit card numbers phone numbers mailing addresses must be recorded on a different forge.- alter sure the privileged data that a user supplies on a form does not show up as a default for the next person to use the create;- Establish acceptable values for data that is supplied by web clients.- analyse vulnerabilities on CGI programs.5- Stale and Unnecessary AccountsWhen a user no longer uses his /her be alter sure it is removed from the system. This stale account won’t have this password changed periodically leaving a hole. Publicly readable or writable files owned by that be must be removed. When you shift an unnecessary function make sure you remove or disable the correspondent account. Security Resources in the webBugtraq – Includes detailed discussions of Unix security holesFirewalls – Discuss the design construction operation and maintenance of firewall systems. RISKS address risks to society from computersInsecure orgAbout the compose:
Jair SantosSoftware design Six years programming in Client Server environment preceded by three years developing in a MVS-XA operating system for a Financial/Banking Institution. Built and maintained a Linux forge gaining system administration skills such as hardware and software installation security and firewall configuration be management divide management performance monitoring. Created and maintained Apache web servers.
freeware downloads remove change state obtain windows software shareware download desktop icons cursors check savers desktop themes fonts education games graphics finance internet programming utilities freeware downloads remove software shareware screensavers programs files windows microsoft games utilities desktop mp3 multimedia internet check savers themes examine tools desktop graphics web development html webmaster drivers libraries organize business freeware shareware transfer utilities games win95 software. 32bit windows server authoring tools. 32-bit applications audio graphics freeware downloads. Browser Tools. Communication. Dial-up Tools. Download Tools. telecommunicate Tools. Graphics Tools. Multimedia. Networking. Server Tools. Security-Privacy. Search Tools. Misc. Categories. Web Authoring. System Utilities. Database Tools,snapfiles webattack software transfer free shareware programs applications freeware open source antivirus antispyware mp3 music video games desktop themes cover computer business file sharing check savers mp3 chat im instant messenger newsletter font business utilities applications editors wireless windows 95 98 2000 nt xp vista mac osx macintosh linux bauer bauer-power bowerpower bauer-power net bauer-power com. 24 jack bauer paul bauer cia nsa fbi mi6 mi5 encryption cryptography
Forex Groups - Tips on Trading
Related article:
http://www.bauer-power.net/2007/11/small-check-list-for-linux-security.html
comments | Add comment | Report as Spam
|
