The good thing about physical security is that there are a reasonably small number of people you to worry about. In your home, you worry about the people who come into your home or who live with you. At work, you have the people who have access to your work, the coworkers and such. And in a dorm you have the other people in the dorm. You get to decide if any of these people are a threat that you have to worry about. Often the answer is no and you can ignore physical security. Sort of.

A computer connected full time to the Internet has large periods of time that nobody is watching the computer. Thus if the computer starts doing lots of network communication or processing, it is possible that nobody is around to notice. Another attribute of a computer connected full time is that it is probably expected to supply services to the Internet (e.g. web, telnet, ftp), while a part time Internet host is likely just acting as a terminal and need not have any (or just a few) services available to the Internet. Obviously, if you don't offer telnet, web, or FTP services to the Internet, the options for attacking your system are minimized.

The section of IP firewalls describes a way to have all of the services available for your own use, but not allow those services out onto the Internet.

Now if you are attached full time to the Internet and want to offer services to the net, then you have some other options available to you (which I'll describe later).

Take a look through the file. There are lots of services supported on a typical system. Each of these services is a potential security problem. Look at the services offered, and comment out any service which you don't want to provide. An example is FTP; most computers don't need to be FTP servers.

You will have to restart the inetd server after you've changed the /etc/inetd.conf file. This can be done with:

	ps xalw | fgrep inetd
	kill -HUP process_id_reported_above

There are ways to offer services, but to restrict who can get the services. One that shows up in the /etc/inetd.conf file is called IP Wrappers. This works by not starting the service program directly, but a wrapper program which looks at control information and other configuration files and decides to start the actual service program or no.

Another option is to use IP firewalls or a router to get some of this control.

However, even if you trust your users, you need to be careful. People attacking your computer can attempt to compromise a single user's account, and use that as a springboard for getting more access into your computer. So even if you think you can trust your users, it is best to be careful.

Users get to their accounts through the login program typically using a password. An attacker has to subvert one of these to get user access into your computer. It is thus very important that all accounts with shell access have good passwords associated with them. Typically the standard password program distributed with Linux systems is fairly light duty. It requires passwords that are somewhat long, but that's about it. Some of the add on packages are more strict and require that the password not look like a name, or a word in a dictionary.

Passwords should be different for each computer. That's hard to do, so at least keep them different between different organizations. For instance, if somebody were able to get my password on Peak, I wouldn't want that password to work on my computers at work.

The original password scheme was meant to be fairly slow for a program to just grind through all possible passwords on a typical minicomputer of the 1970s. In many places, the password scheme hasn't changed since then (to allow encrypted passwords to be used on a collection of computers), but computers today are a bit faster than the minicomputers of the 1970s. Thus there are shadow password configurations which attempt to hide the encrypted passwords. While this is not particularly the best way to do things, it is pragmatic. Run a shadow password suite.

Some login programs (actually the telnet server) have configuration options which can be configured to only allow connections from certain other places. While this can probably be spoofed by a determined attacker, it is quite effective against all "doorknow shakers" and many other attackers. If you are offering services to a small number of users, this can be quite effective.

When a unix computer starts up, there are a number of programs which get executed with root permissions. Some of these programs are simple shell files; programs made up of a series of commands you'd be able to type at the keyboard. This is all normal and good.

However, if any of these files is writable by a user, or any of the directories above that file are writable by a user, it is possible for an attacker to slip in additional commands which will trivially open up the system to abuse.

It is important to keep control of the file permissions. There are some packages like tripwire which can do this. Another way is to simply keep a directory listing of all important directories, and periodically (with cron) go through and see if there are any differences from the baseline. If there are, mail the differences out to appropriate people and make them acknowledge the difference. These schemes aren't perfect, but do keep an eye on things.

If you don't need a web server, don't run one. If you do want a web server, look at the configuration files to see that the normal file tree is handled correctly. Then go through the cgi-bin directory and delete/disable/etc. any program which you don't have a use for. They may be OK, but unless you need them, you don't need to take a chance.

The WU FTP server has a number of security options which can be useful. One of the items allows FTP access only from selected networks, or alternatively, you can disallow networks where bozos have shown themsleves.

A user on your system can do this by having programs with traditional names in places you might run them. The classic is an ls program which does a directory listing, but if executed by root creates a hole of some sort.

This is typically answered by having the $PATH of root be very restrictive, and does not search the current directory.

Another way is to distribute a program via the Internet that you would find useful to have. Once run, it opens a hole in your system, and possibly notifies the attacker that the opening has been made.

This isn't a huge problem, but you should be aware of it. Don't run as root any more than you have to.

It is possible to write trivial little programs which look at log files, and pull out information which needs to be looked at, and mail the results to somebody if it finds something suspicious. An example is something which looks for bad login attempts.

Log files should be trimmed in some fashion on a periodic basis to keep them from filling the disk drives.

This package turns your Linux box into a fairly configurable router. You might also look at the IP Masquerade inforamtion for an even more interesting use of a Linux box as a router. This package allows you to do all of the things that a standalone router does, at the expense of requiring every packet to and from the local network going through the Linux box, and that the Linux box might be exposed to implementation problems in the IP Firewall package which an attacker can somehow exploit. I don't know of any such holes, just as there may very well be holes in commercial routers.