Linux Security: Some Basics

Passwords

Make the passwords at least 6 characters long. Mix the case of the passwords. Use at least one numeral. Use at least one non-alphanumeric character. Change the passwords on a regular basis. About once every two months should do for the casual user. I have found that using “k-rad” or “leet-speak” helps when you need to make up a password. For example, instead of using the password “foobar”, try using “f00b4R!”. Also, get and install shadow passwords. You might have to recompile a few services, but it’s worth the extra protection.

syslog

At least once a day, you need to go check the syslog and see what’s been happening. You can find it /var/adm/syslog You’ll want to look for multiple connections coming from places you don’t know in a short period of time. If they look suspicious, then don’t hesitate to slap an entry for the domain into /etc/hosts.deny

SYN FLOOD ATTACK

We’ve seen in our discussion of TCP’s three-way handshake that a server allocates and initializes connection variables and buffers in response to a received SYN. The server then sends a SYNACK in response, and awaits an ACK segment from the client. If the client does not send an ACK to complete the third step of this 3-way handshake, eventually (often after a minute or more) the server will terminate the half- open connection and reclaim the
allocated resources. This TCP connection management protocol sets the stage for a classic Denial of Service (DoS) attack known as the SYN flood attack. In this attack, the attacker(s) send a large number of TCP SYN segments, without completing the third handshake step. With this deluge of SYN segments, the server’s connection resources become exhausted as they are allocated (but never used!) for half-open connections; legiti- mate clients are then denied service. Such SYN flooding attacks were among the first documented DoS attacks [CERT SYN 1996].