Preface

Preface

If you run a Linux machine, you must think about security. Consider this story told by Scott, a system administrator we know:

In early 2001, I was asked to build two Linux servers for a client. They just wanted the machines installed and put online. I asked my boss if I should secure them, and he said no, the client would take care of all that. So I did a base install, no updates. The next morning, we found our network switch completely saturated by a denial of service attack. We powered off the two servers, and everything returned to normal. Later I had the fun of figuring out what had happened. Both machines had been rooted, via ftpd holes, within six hours of going online. One had been scanning lots of other machines for ftp and portmap exploits. The other was blasting SYN packets at some poor cablemodem in Canada, saturating our 100Mb network segment. And you know, they had been rooted independently, and the exploits had required no skill whatsoever. Just typical script kiddies.

Scott's story is not unusual: today's Internet is full of port scanners?both the automated and human kinds?searching for vulnerable systems. We've heard of systems infiltrated one hour after installation. Linux vendors have gotten better at delivering default installs with most vital services turned off instead of left on, but you still need to think about security from the moment you connect your box to the Net . . . and even earlier.



    Chapter 9. Testing and Monitoring