GNU/Linux Desktop Survival Guide
by Graham Williams
There is a lot to understand about networking in order to secure your network. Fortunately Debian GNU/Linux is generally by default quite secure. That is, the default configuration of packages tend to be secure. You have to take action to make them insecure. Nontheless, it is possible!
Here are some random jottings:
To start with, if someone has physical access to your hub-based network they can plug in a machine and do many things.
With a passive ethernet frame sniffer an attacker can listen for ARP requests on a network and guess at IP addresses that may not be in use within the range of available adresses for the network and use this as its own address. Even if your network has hosts using the whole range of addresses that are available there's always the likelihood that one PC or Laptop is turned off so that its IP address is free.
If you use a switch-network and put MAC address filters on the switch an attacker can simply unplug an existing PC or Laptop and take over its MAC address.
Normally the MAC address is in the ethernet card. A typical situation is to plug a Laptop into a network and perhaps bring up the interface using DHCP to get an IP but may not be able to do much more.
In some situations the MAC address can be set in software. DECnet, for example, depends on being able to do this. Older suns had the MAC in battery-backedup ram and used the same address for all ethernet cards in the system. When you change the 48 bit MAC address you are actually turning it into a customised MAC address which will be 96 bits long consisting of the original 48 bit MAC followed by the new 48 bits you set. To the outside it appears as another MAC address.
You can change the MAC address with:
# ifconfig eth0 hw ether 00:50:56:01:00:00
Turning off DHCP will help protect against users that plug in a Laptop but not the hackers you're trying to guard against.
LinuxSecurity.Com wins Source of the Month for July, 2000
This month's LinuxLock.Org Security Source of the Month goes to a group of individuals dedicated to bringing security to the fore-front of the linux community; this is the staff of LinuxSecurity.Com. Since we started following the site in January 2000, it has evolved into one of the internet's premiere sources of Linux Security Information.
LinuxSecurity.Com contains a large newsfeed, of linux security news, articles, and press releases, to keep us on top of the industry.
This month pushed them over the top, when they released The Linux Security Quick Reference Guide. This guide is a printable pdf document with numerous security checks and tips, some of the sections include Linux Kernel Security, File Permissions, Intrusions Detection, Linux Security Resources, and more.
LinuxSecurity.Com has provided original features every month, covering things such as, how to use certain security tools, and interviews with Security Guru's. This month LinuxSecurity Interviews Carr Biggerstaff, Senior Vice President of Marketing, and Thomas Haigh, Vice President and Chief Technologist for Secure Computing, Inc. about their work with Linux and security.
LinuxSecurity.Com recieved a Slashdot post this month for an Interview they conducted with Jay Beale, the Lead Developer of the Bastille Project. This post on Slashdot is the kind of press Linux needs to be more aware of the security issues surrounding us, and the solutions that exsist.
LinuxSecurity.Com also contains a rather complete and growing Resources Section, a listing of local linux security providers, a newsletter, a mailing list, and a weekly security digest.
They also feature a LinuxSecurity.Com Security Tip of the Day, that can be found on other sites such as the highly travelled LinuxToday.Com
We all at LinuxLock.Org applaud the efforts of LinuxSecurity.Com and encourage you all to go and visit their site, and use the various features they have to offer... Keep up the good work.