This section is intended for those who have not previously dealt with the
security implications of having a full-time Internet connection. Or may not
understand some of the basic concepts of security. This is meant to be just a
quick overview, not a comprehensive examination of all the issues! Just
enough to give you a gentle shove in the right direction. Please see the Links section for sites with more details. Also, your
distribution surely has plenty of good information as well.
Before going on-line full-time, do not underestimate the need for securing
your connection. You will have two things that mischief makers and crackers
of the world are looking for: bandwidth, and a Unix-like OS. You instantly
become an inviting target. It is just a matter of time before someone
comes knocking. Possibly a very short time. A quick start:
Turn off any daemons and services that aren't absolutely essential, and
can be accessed from outside. You can't get compromised through a port
that isn't open. Use ps and netstat
to see what services are running. (See man pages for specifics). Do you
really need named, sendmail,
telnet, ftp running and accessible
to one and all? If not sure, then they should not be running. Then take
whatever steps necessary to make sure they don't start again on the next
boot. See your distribution's documentation on this.
Many distributions start some well known services by default. You may not
have done anything yourself explicitly to start these. And may not even
realize these are indeed running. But it is up to you to know what is
running, and how safe it is. Don't rely on a "default"
installation of any distribution to do this for you, or to be secure.
Chances are it isn't.
If you decide some services are essential, make sure you are running the
most current version. Exploits are found, and then get fixed quickly.
Don't get caught with your pants down. A full-time connection makes
staying updated very easy -- and very important. Check with your
distribution to see what new packages are available. Then stay in
touch. If they have a security mailing list, get on it.
Take passwords seriously, using non-dictionary "words". Use
shadow passwords (this should be a standard feature of newer
distributions). Do not allow remote root logins. See the
Security
HOWTO for more details and ideas.
Use ssh instead of telnet
or rsh.
Set up a firewall to limit access, and log connection attempts. This will
be different depending on which kernel series you are using:
ipfwadm for 2.0, ipchains for 2.2,
and iptables for 2.4. See the below HOWTOs for a more
in depth discussion on this and other security related topics:
Additional references are in the Links Section
below.