24.2 Destructive Attacks

There are a number of ways to destroy or damage information in a fashion that denies service. Almost all of the attacks that we know about can be prevented by restricting access to critical accounts and files, and protecting them from unauthorized users. If you follow good security practice to protect the integrity of your system, you will also prevent destructive denial of service attacks. Table 24-1 lists some potential attacks and indicates how to prevent them.

Table 24-1. Potential attacks and their prevention



Reformatting a disk partition, writing garbage data to a raw partition, or running the newfs/mkfs command

Prevent anyone from accessing the machine in single-user mode. Protect the superuser account. Physically write-protect disks that are used read-only.

Deleting critical files (e.g., needed files that are in /dev or the /etc/passwd file)

Protect system files and accounts by specifying appropriate modes (e.g., 755 or 711). Protect the superuser account. Set ownership of NFS-mounted files to user root and export read-only.

Shutting off power to the computer

Put the computer in a physically secure location. Use uninterruptible power supplies. Put a lock on circuit-breaker boxes, or place them in locked rooms. (However, be sure to check the National Electric Code Section 100 regarding the accessibility of emergency shutoffs. Remember that a computer that is experiencing an electrical fire is not very secure.)

Cutting network or terminal cables

Run cables and wires through conduits to their destinations. Restrict access to rooms where the wires are exposed.

Car or truck bombs blowing up the building containing the computer

Provide for redundant off-site computer systems and storage.

    Part VI: Appendixes