Before getting into specifics, let's try to briefly answer some questions
about why we need to be concerned about security in the first place.
It is easy to see why an e-commerce site, an on-line bank, or a government
agency with sensitive documents would be concerned about security. But what
about the average user? Why should even a Linux home Desktop user worry about
security?
Anyone connected to the Internet is a target, plain and simple. It
makes little difference whether you have a part-time dialup connection, or a
full-time connection, though full-time connections make for bigger targets.
Larger sites make for bigger targets too, but this does not let small users
off the hook since the "small user" may be less skilled and thus
an easier victim.
Red Hat, and Red Hat based distributions, tend to make for bigger
targets as well, since the installed user base is so large.
There are those out there that are scanning just for easy
victims all the time. If you start logging unwanted connection attempts,
you will see this soon enough. There is little doubt that many of these
attempts are maliciously motivated and the attacker, in some cases, is
looking for Linux boxes to crack. Does someone on the other side of the globe
really want to borrow my printer?
What do they want? Often, they just may want your computer, your IP
address, and your bandwidth. Then they use you to either attack others, or
possibly commit crimes or mischief and are hiding their true identity behind
you. This is an all too common scenario. Commercial and high-profile sites
are targeted more directly and have bigger worries, but we all face this type
of common threat.
With a few reasonable precautions, Red Hat Linux can be very
secure, and with all the available tools, makes for a fantastically fun and
powerful Internet connection or server. Most successful break-ins are the
result of ignorance or carelessness.
The bottom line is:
These are all real possibilities, unless we take the appropriate
precautions.
| If you are reading this because you have already been broken into, or
suspect that you have, you cannot trust any of your system utilities to
provide reliable information. And the suggestions made in the next several
sections will not help you recover your system. Please jump straight to the
Have I been Hacked? section, and read that
first.
|
Ideally, we would want one computer as a dedicated firewall and router. This
would be a bare bones installation, with no servers
running, and only the required services and components installed. The rest of
our systems would connect via this dedicated router/firewall system. If we
wanted publicly accessible servers (web, mail, etc), these would be in a
"DMZ" (De-militarized Zone). The router/firewall allows
connections from outside to whatever services are running in the DMZ by
"forwarding" these requests, but it is segregated from the rest
of the internal network (aka LAN) otherwise. This leaves the rest of the
internal network in fairly secure isolation, and relative safety. The
"danger zone" is confined to the DMZ.
But not everyone has the hardware to dedicate to this kind of installation.
This would require a minimum of two computers. Or three, if you would be
running any publicly available servers (not a good idea initially). Or maybe
you are just new to Linux, and don't know your way around well enough yet. So
if we can't do the ideal installation, we will do the next best thing.