Safety net

Posted on 3 Jul 2002 at 16:24

1 of 5

No Linux system is an island, entire of itself; every Linux system is a piece of the continent n and that's where the problems start. Charles Stross shows you how to protect yourself from unscrupulous types lurking on the internet

If you use a Linux system that never connects to the internet, you're safe. In fact, you are safe as long as nobody else logs on to your machine, you never install any new software and you're certain that there is no modem or Ethernet card on your PC. This, however, applies to very few people.
What if you have a network card connected to a cable modem? Or an ADSL line? Or a modem, for that matter? Or a server co-located in a hosting facility's racks? Linux is not particularly insecure but, like all large modern operating systems, it harbours several undetected bugs and security flaws, some of which can be exploited by attackers. The Honeynet project ran a study last year, exposing machines with standard out-of-the-box operating systems to the internet. Its findings were alarming. One machine was fully compromised within seven hours of going online, while on average the exposed systems came under attack within minutes of being connected. Most of them succumbed within a week.
There are ways and means of 'hardening' a Linux system that is exposed to the risks of the internet. There's nothing magical about this: it's just a matter of knowing how network services are controlled, how to switch them on or off and secure them and how to keep track of current security alerts and install upgrades in order to prevent attacks.
This is standard good practice for a professional system administrator, but as Linux becomes more widespread the availability of people who know how to deal with security issues effectively will become a problem.
As many as 20 million PCs run Linux. As Linux is usually installed because a user is interested in it, it follows that most of these PCs are run by people with a greater than average interest in their PC. As a back-of-the-envelope estimate, if only one in a thousand of them is inclined to try cracking security on other people's systems, that gives us a community of 20,000 'script kiddies'. Any one of these could be scanning for a back door that will let them into your machine.
Knowledge is power
The fundamental problem of network security in the internet age is that it is possible to write a tool that can scan hundreds of IP addresses per second looking for a known vulnerability and, having found a machine with a weakness, to exploit it automatically. Most people with the nous to unearth new bugs or vulnerabilities are good guys who see their work in terms of fixing weaknesses. Some, however, take the security holes they discover and package them as automated attack toolkits. The script kiddies out there use these toolkits to scan random machines, looking for one that will succumb. The result is that the internet is a massive force-multiplier for the attackers. That one bad guy in a thousand translates into tens of attacks per day on every system on the net.
The purpose of an attack on a computer is to gain access to its resources n disk storage space, ability to run processes, its network address and network services and so on. If your system is running a file transfer protocol (FTP) server that permits anonymous uploads, attackers may create subdirectories on your machine and publicise its whereabouts for exchange of bootleg software, music or other files. This will hoover up disk space at a rate of knots and monopolise your bandwidth as the hordes log in and grab files or donate their own items. Again, if you're running an old copy of sendmail that is configured to operate as a mail relay, spammers will find it and start relaying millions of 'MAKE MONEY FAST!!!' adverts to their unwitting and angry victims. This gobbles up your bandwidth and when the recipients start complaining to your upstream service provider you may find your connectivity is yanked or your cable modem account is suspended.