Safety in the Computer and Internet Community

(last update 1. Aug 1999)

This is divided in several sections. First I present some proposals, how you can increase your systems safety while working in the Internet. This includes measures for avoiding undesired mails etc.
 
  • Cookies are threatening your privacy: sometimes it's not sufficient, to discard them all, therefore you should consider to use the "ask before accept" option of your browser (of course in most cases you will choose no). If this requires too much interaction from you, than activate it only, if you need it (examples: online subscriptions to Science, Nature or some serious commercial stores need them occasionally). You will probably not forget, to discard again all cookies after this visit with question-triggered cookies... Finally, eventual some day any criminal computer expert will use a bug in the browsers, to manipulate your system by these cookies!

  • JAVA is a great potential danger for any Internet user: in this complex system any bug on the browser side can open up dangerous safety lacks in your system. Therefore you should generally completely deactivate the JAVA capabilities of your browser and - similar as in the cookie case - only reactivate it (temporarily! don't forget to deactivate afterwards again!), if you need it really. Besides, this language is often used, to open up annoying, undesired extra windows automatically by some providers and people.

  • Don't give away your email address without serious consideration! It could be lead otherwise to "spam" emails to your address and eventually may force you to change your address, despite this "spamming" method is forbidden in most countries. This is especially a problem in news/use groups: there is the alternative, to use there a costless, other email address, which is easy and without paying to change, if necessary, or you enter your address with any character changed compared to the real address, to avoid automatically searching criminals to get by this way your real email address and sending mass/advertising or similar email via this method (of course you have to give an hint to other members, what you have changed!).

  • Always use the configuration, that a warning is displayed, if you transmit any information potentially unsafe and detectable by thirds.

  • Nowadays I strongly recommend, that you NEVER perform any personal financial transactions with your bank on an Internet bound computer nor store real critical informations on such a machine! This is because, there is never absolute safety against hackers, unless you cut the connection to ANY data net... If you want to buy/pay something with credit card in the Internet, you should do so only, if the homepage owner offers the method of SSL security system. You see it in your browser, if this mode is activated (eventually you have to enable it by the options) while trying the action. This DES based method is safe enough for practical purposes, because there are only few informations encoded and transmitted by it (especially the credit card number, which you have to protect anyway well!). In the future the AES system will increase even further the safety of such systems. This safety aspect applies also to mails, if you have really problematically contents and are forced anyway, to send them via email.

Now follow a few further hints for UNIX users, the only ones so far I know, who have a real chance to block their systems nearly 100 % against criminals, who try to break into computers via network.
 
  • First of all: the passwords are essential for security! You should ever comply to the "Kerberos" rules and change the passwords regularly on a base of four weeks to at most three months, regardless if for root or any other user. For those, who not know these rules, here they are: each password must have at least six characters, have to contain at least one digit or special character (but please use only specials such as $ or similar, because otherwise there could arise keyboard or even operating system dependent problems!) and at least two normal letters and every change of this password requires at least three characters to change for acceptance. On many systems root will have forced (or should do it!) these rules by the system configuration for all users anyway!

  • Depending of the type of your Internet connection it can be useful, to restrict all connections possible to the only required, for example to the provider used for your system at home. This is already well done by entering only the one (or all, you wish to use) phone number of your system and the one of the provider. The details are matter to change, depending if you use a modem or ISDN card, PPP or SLIP etc.

  • Especially with firewall protected intranets, you should never create other entries into this intranet! This destroys all potential safety gain by a firewall... Firewalls increase the difficulty for hackers to penetrate, but are no way an absolute protection anyway, as it's sometimes wrongly stated. Important is also, that a firewall computer should not be used for any other purpose than connecting the intranet and Internet and blocking hackers...

  • A root user should forbid all network services, he or his users don't need. Any service like ftp, inetd etc., which is supported, increases the number of possibilities for criminals, to break in.

  • If you have your own, personal LINUX or even commercial UNIX computer at home, never work without being forced to as root respective su user! Especially in a networking environment this also increases chances for a hacker, to get into the system; besides, it raises the danger of havoc to your system by infamous commands, mistyped or entered at another level of the directory, than you supposed,  like "rm -rf *" (please never use or at least double-check it, before you perform it!).

  • You should forbid core dumps system wide: these memory extracts may contain security relevant informations and can therefore be abused by hackers. Sometimes they produce such for this sole purpose! (for example as root install in /etc/profile an "ulimit -c 0", to avoid these core dumps)

  • For a similar reason it is recommended, that you should not include the actual directory in your root search path. This prevents from execution of eventual by users with lower rights constructed traps in directories, where they have write access too. Alternatively, you may simply avoid to make a directory the current directory, in which others also have writing rights; for example for system management you need in general only your root home directory (/root in most cases) and the /etc. Especially never execute commands in the /tmp directory as root! This is the most dangerous location for such attacks. Also you should never use .rhosts for a root user and - if possible - forbid any login as root via network (rlogin etc.)!

  • In the case of a special, bilateral connection between computers without using the Internet, but only the usual phone ways, you can increase security by using the callback mechanism on the appropriate side. For example, a central system may call back with their numbers the incalling other computers, so the identification security is clearly increased.

  • After a certain time, when a kernel was distributed, the hackers discern gaps in its security and can exploit these. The only method of blocking this, is to actualize on a regular base your kernel, because known weaknesses are fixed with patches respective kernel releases in the time after. But it's difficult to give an advice, in which time you should do so. Best method is, to watch all informations in this respect and to update, when security topics are affected by the newer version compared with your actual. This principal problem is sharpened, if the kernel sources are free (LINUX) or inside the criminal hacker community they are known (suspected for SOLARIS, for example).

  • The last possibility (the "ultima ratio") is some sort of control mechanism, if any attack takes place. For example, it is not difficult, to write a shell script, which checks the integrity of the most important (and nearly ever by hackers manipulated) directories, and for example executes as a root cron job this script, changing to runlevel 1 or S when a safety problem occurs, to eliminate all invaders by simply network shutdown. If you want to do such a script, I give you recommendations, what you should check: all entries in /var/log/messages, which display unusual, at normal networking conditions not occurring network entries, are a dangerous sign. If you have forbid core dumps, there presence is also a clear problem... In /etc you should control on a byte-by-byte and timestamp (change) base the files passwd, shadow (if present), group, services (compare above), inetd.conf and crontab. Also the /var/cron/tabs could be searched for any problem, but this is less likely. Of course the kernel deserves also strict control, and so do all dynamical lib-directories (somebody may try to replace some of them!). The root home directory is also to control as /root/bin and of course the system directory /bin, in which the login binary is often replaced by the criminals. For the case an intruder succeeded despite all security, you should have at best a checksum about all threatened packages/packets and of course an original CD respective a tape or CD ROM with the last version stored.

 

back to top   back to LINUX main   back to main

comments, questions, suggestions to:  stefan.urbat@apastron.lb.shuttle.de

(URL:  http://www.lb.shuttle.de/apastron/safety.htm)