Our Security Philosophy

Computer security is full of tradeoffs among risks, costs, and benefits. In theory, nothing less than 100% security will protect your system, but 100% is impossible to achieve, and even getting close may be difficult and expensive. Guarding against the many possibilities for intrusion, not to mention counter-possibilities and counter-counter-possibilities, can be (and is) a full-time job.

As an example, suppose you are a careful communicator and encrypt all the mail messages you send to friends using GnuPG, as we discuss in Chapter 8. Let's say you even verified all your friends' public encryption keys so you know they haven't been forged. On the surface, this technique prevents hostile third parties from reading your messages in transit over the Internet. But let's delve a little deeper. Did you perform the encryption on a secure system? What if the GnuPG binary (gpg) has been compromised by a cracker, replaced by an insecure lookalike? What if your text editor was compromised? Or the shared libraries used by the editor? Or your kernel? Even if your kernel file on disk (vmlinuz) is genuine, what if its runtime state (in memory) has been modified? What if there's a keyboard sniffer running on your system, capturing your keystrokes before encryption occurs? There could even be an eavesdropper parked in a van outside your building, watching the images from your computer monitor by capturing stray electromagnetic emissions.

But enough about your system: what about your friends' computers? Did your friends choose strong passphrases so their encryption keys can't be cracked? After decrypting your messages, do they store them on disk, unencrypted? If their disks get backed up onto tape, are the tapes safely locked away or can they be stolen? And speaking of theft, are all your computers secured under lock and key? And who holds the keys? Maybe your next-door neighbor, to whom you gave a copy of your housekey, is a spy.

If you're the security chief at a Fortune 500 company or in government, you probably need to think about this complex web of issues on a regular basis. If you're a home user with a single Linux system and a cable modem, the costs of maintaining a large, multitiered security infrastructure, striving toward 100% security, very likely outweigh the benefits.

Regardless, you can still improve your security in steps, as we demonstrate in this book. Encrypting your sensitive files is better than not encrypting them. Installing a firewall, using SSH for remote logins, and performing basic intrusion and integrity checking all contribute toward your system safety. Do you need higher security? That depends on the level of risk you're willing to tolerate, and the price you're willing (and able) to pay.

In this cookbook, we present security tools and their common uses. We do not, and cannot, address every possible infiltration of your computer systems. Every recipe has caveats, exceptions, and limitations: some stated, and others merely implied by the "facts of life" of computer security in the real world.

    Chapter 9. Testing and Monitoring