jenn@linuxchix.org

Megan Golding

meggolding@yahoo.com

2002-02-24
Revision History
Revision 0.1 2002-02-17 Revised by: MEG
Converted from text file. Modified wording.
Revision 0.2 2002-02-23 Revised by: MEG
Incorporated Jenn's suggestions.
Revision 0.3 2002-02-24 Revised by: MEG
Conforming to LDP standards. Added abstract.

In this introduction to protecting your computers from intrusion, the author
discusses concepts of computer security. Selecting good passwords, using
firewalls, and other security concepts are introduced.

-----------------------------------------------------------------------------
Table of Contents
1. Introduction
1.1. Copyright Information
1.2. Overview


2. The Locked Front Door
3. Passwords
4. Permissions
5. Firewalls
6. Other security measures
6.1. Unused programs
6.2. Bugs & patches
6.3. Monitoring
6.4. What do I do if I think I've been broken into?
6.5. Final words


7. Links and further information

1. Introduction

1.1. Copyright Information

Copyright (c) 2002 by Jennifer Vesperman. This material may be distributed
only subject to the terms and conditions set forth in the Open Publication
License, v0.4 or later (the latest version is presently available at [http://
www.opencontent.org/openpub/] http://www.opencontent.org/openpub/).
-----------------------------------------------------------------------------

1.2. Overview

If your computer is not connected to any other computers and doesn't have a
modem, the only way anyone can access your computer's information is by
physically coming to the computer and sitting at it. So securing the room
it's in will secure the computer[1]. As soon as your computer is connected to
another computer you add the possibility that someone using the other
computer can access your computer's information.

If your network (your connected computers) consists only of other computers
in the same building you can still secure the network by securing the rooms
the computers are in. An example of this would be two computers sharing the
same files and printer, but not having a modem and not being connected to any
other computers.

However, it's wise to learn about other ways to secure a network of connected
computers, in case you add something later. Networks have a tendency to grow.
If you have a network, an intruder who gains access to one computer has at
least some access to all of them.
-----------------------------------------------------------------------------

2. The Locked Front Door

As soon as your network connects to somewhere outside your building, you need
the virtual equivalent of a locked front door. If you don't have that, all
the information you have on your computers is vulnerable to anyone who wants
to gain access.

Like real doors, virtual doors come in a wide variety of types, security
levels, and expense.

The simplest, but not the safest, way to secure your network is to keep
'moving' - if you're connected to the internet through a modem and have a
'dynamic IP address' (ask your service provider), your address keeps
changing. If your address keeps changing, and you're never on the internet
for very long, it's very hard for someone to deliberately intrude on you.
However, many computer intruders are like teenagers - they will go to great
lengths for what they perceive as 'fun'. I recommend at least some security
beyond this, even if all you ever do is read and write email.

As soon as you have a stable address and a permanent connection, you lose the
'obscurity' advantage that a dynamic IP and sporadic connection provides. You
must install a real 'front door'.
-----------------------------------------------------------------------------

3. Passwords

The most basic lock for your front door is a password. Ensure that every
computer on your network requires a password before anyone from the network
can read your information or write to your hard drive. If a password isn't
required, there is no front door at all. If you're not sure how to ensure
that passwords are necessary, I strongly recommend getting hold of a computer
expert, or at least a very good manual.

Note Most computer systems will not password-lock someone sitting at the
computer itself. There are ways to do it, but there's usually a way that
someone at the computer itself (not on the network) can get in and
change the passwords. This is to prevent the computer from becoming an
expensive doorstop if the passwords are forgotten. This does, however,
mean that you still need physical security.

Changing forgotten passwords isn't easy, however. It's better not to forget
them in the first place. If your system has a 'master password' that has
access to everything, make sure two people in your company or household know
that password. If there's only one, what happens when that person is on
vacation on that tropical island with no phones?

Passwords are only as secure as they are difficult to guess - if your
password is your name, for instance, or the word 'password', it's like
putting a lock on the front door and never bothering to actually lock it.

There are a lot of suggestions for how to make passwords difficult to guess -
here're a few of them:

* no less than eight characters long

* include both upper and lower case letters, numbers and punctuation marks

* don't use anything which can be guessed by someone who knows you or has
your information - no names of family members or pets, no licence numbers
or passport numbers or phone numbers or similar, not a street address
(current or past!), not any words which are visible from your desk (like
the brand of monitor)

* no legitimate words in any language, brand names or logos

* no swear words

* not a simple substitution (ABC as 123, to as 2, Ziggy as 2166Y)

* not the same password as on as another computer, or the same one you had
last year. ANY password can be figured out in time, and if someone
guesses one of your passwords they might try the same thing for another
computer

* not a common misspelling of a word

Suggestions for good passwords include

* take something you'll recognise - a line from a book or a line of poetry
- and use the third letter of each word. Include punctuation (but not
spaces)

* a really, REALLY bad misspelling of a word

* two words from different languages stuck together with punctuation marks

* a short phrase

Think up other suggestions. For passwords, weird and idiosyncratic is good.
-----------------------------------------------------------------------------

4. Permissions

Passwords usually come with usernames as well. A good username-and-password
system will enable you to set up several roles for your computers. Each role
will need different types of access, will use different programs and
different data.

If an intruder guesses or finds out one person's username and password, they
will have access to any programs or data that that person usually has access
to. For this reason, you might like to limit what each person is allowed to
access.

Most computer systems have something in place which does this. Under most
systems, it is called 'permissions'. Your computer manual or local expert can
help you set it up on your computers.

Give each person what they need to do their jobs, plus a little personal
space of their own. That personal space is often used to 'to-do' lists and
other minor things which make their job easier or more comfortable.
-----------------------------------------------------------------------------