Linux Security HOWTO
: Overview
: What Are You Trying to Protect?
Previous: How Secure Is Secure?
Next: Developing A Security Policy
2.3. What Are You Trying to Protect?
Before you attempt to secure your system, you should determine what
level of threat you have to protect against, what risks you should or
should not take, and how vulnerable your system is as a result. You
should analyze your system to know what you're protecting,
why you're protecting it, what value it has, and who has
responsibility for your data and other assets.
- Risk is the possibility that an intruder may be successful in
attempting to access your computer. Can an intruder read or write
files, or execute programs that could cause damage? Can they delete
critical data? Can they prevent you or your company from getting important work
done? Don't forget: someone gaining access to your account, or your
system, can also impersonate you.
Additionally, having one insecure account on your system can result in
your entire network being compromised. If you allow a single user
to login using a .rhosts
file, or to use an insecure
service, such as tftp
, you risk an intruder getting 'his
foot in the door'. Once the intruder has a user account on your
system, or someone else's system, it can be used to gain access to
another system, or another account.
- Threat is typically from someone with motivation to gain unauthorized
access to your network or computer. You must decide who you trust to
have access to your system, and what threat they could pose.
There are several types of intruders, and it is useful to keep their
different characteristics in mind as you are securing your systems.
- The Curious - This type of intruder is basically
interested in finding out what type of system and data you have.
- The Malicious - This type of intruder is out to either
bring down your systems, or deface your web page, or otherwise force you
to spend time and money recovering from the damage he has caused.
- The High-Profile Intruder - This type of intruder is
trying to use your system to gain popularity and infamy. He might use
your high-profile system to advertise his abilities.
- The Competition - This type of intruder is interested in
what data you have on your system. It might be someone who thinks you
have something that could benefit him, financially or otherwise.
- The Borrowers - This type of intruder is interested in
setting up shop on your system and using it's resources for their own
purposes. They typically will run chat or irc servers, porn archive
sites, or even DNS servers.
- The Leapfrogger - This type of intruder is only
interested in your system to use it to get into other systems. If your
system is well connected or a gateway to a number of internal hosts,
you may well see this type trying to compromise your system.
- Vulnerability describes how well-protected your computer is from
another network, and the potential for someone to gain unauthorized
access.
What's at stake if someone breaks into your system? Of course the
concerns of a dynamic PPP home user will be different from those of a
company connecting their machine to the Internet, or another large
network.
How much time would it take to retrieve/recreate any data that was
lost? An initial time investment now can save ten times more time
later if you have to recreate data that was lost. Have you checked
your backup strategy, and verified your data lately?
Linux Security HOWTO
: Overview
: What Are You Trying to Protect?
Previous: How Secure Is Secure?
Next: Developing A Security Policy