Please read Chinese with BIG5
Words for S.O.H.O.
Intrusion Prevention 101
By : Tom Germa
Reducing a computer's vulnerability to hackers is much like using
anti-theft devices and common sense to guard against your car being
broken into. Strangely, few people would leave their keys in the
ignition while away from their vehicle, yet most might as well hand
over their workstations and servers to the lowliest hacker as they
don't have any security in place.
Just like vehicle protection measures, you can stop a lot of
potential intruders but never all. Most hackers are of the "script
kiddie" variety, non-programmers using commonly available hacker
tools to penetrate systems if only for their own amusement. Since
their skills are limited, they hunt for the easy kill rather than a
challenge, so our mission here is to make your computer as
unattractive as possible. The rules outlined below are a checklist
of things you must do to properly secure your system. At the end of
this article you'll find useful links that will help you actually
implement these measures.
Rule 1: Mind your passwords. It is simply incredible that in this day and
age most computer users persist in choosing the weakest passwords,
typically because they're easy to remember. Forget convenience: Under no
circumstance should you ever use real words or combinations of real words,
nor should you use numbers that have any significance to you such as your
birth date. Script kiddies will use password guessing tools and it might
take only seconds to guess yours. Additionally, using the same or similar
password everywhere is foolish, sort of like leaving your credit cards and
house keys in your car! The best policy is to use random sequences of
characters for passwords.
Rule 2: Use encrypted connections. The Internet tools most commonly
used on workstations and servers are inherently insecure. For
instance, never use the popular Telnet, POP, or FTP programs unless
passwords are passed in a strongly encrypted format over the Internet.
Sadly, authentication is typically in plain text, which makes life easy
for hackers using packet sniffers to automatically grab scores of plain
text passwords from Internet noise while they sleep. Remote shell sessions
such as with Telnet should be completely encrypted if you use such
sessions to switch to other userids or root id, lest you want to give
script kiddies a big break! SSH is the best substitute for Telnet and can
also be used instead of FTP. By the same token, sensitive information
should NEVER be sent via email. Note that any encryption between client
and server requires that both ends support the encryption method.
Rule 3: Hide! Cloaking your computer's Internet presence via a
firewall is the first line of defense. All hackers use scanning tools to
quickly find weaknesses in a computer's Internet interfaces. Firewalls
work at the packet level and not only can detect scan attempts but also
block them, thus making your system look unattractive or even hide its
existence altogether.
Rule 4: Don't trust anybody! Be very careful about what programs you
download from the Internet. Do not install software from little known
sites especially. Programs can hide "trojans" that once launched will
modify your system and/or connect to remote servers without your
knowledge, perhaps allowing hackers to slip into your system. Nowadays,
most download sites will include a checksum, typically PGP or MD5 encoded,
which can be used to verify that the program is authentic before you
install it. It's not too paranoid to make it a rule to never trust
anything from the Internet, as even the biggest website could be subverted
by hackers and you wouldn't notice.
Rule 5: If you're managing a server, limit what other users can do on the
system. From limiting them to certain areas of the filesystem and which
applications they can run to limiting their memory and process usage,
there are many things you can do to reduce the serious risk posed by
reckless users.
Rule 6: Keep your system up to date. Vulnerabilities are continuously
being found in popular programs and operating system kernels, some of
which might allow an intruder to gain root access to your system.
Unfortunately, word of such "holes" travels quickly in hackerdom, so it's
important to be on top of them yourself. Software creators post "patches"
and/or new versions of their programs to fix those defects. It's hard to
keep track of them all, but you can save yourself a lot of grief by
subscribing to mailing lists that warn you of such incidents. Again,
software producers often maintain such lists themselves, as do sites
specializing in computer security, and it's usually free to subscribe. You
can also reduce the risks by avoiding using new applications or those that
a long history of vulnerabilities.
Rule 7: Disconnect from the Internet when you're not actually using
it. This is the ultimate protection to stop intrusions, but of course it
doesn't stop trojans unless you literally unplug your physical connection.
In the case of servers, where your connection is always on, disable any
daemons that aren't needed or seldom used. Note that the daemons running
by default on a newly installed operating system are quite often the most
vulnerable, and most hosting services won't bother to disable them for
you.
Rule 8: Don't continue using a computer that you know has been
compromised by hackers. To do so allows the hacker to potentially
gain access to more systems and exposes you to the possible theft of some
of your sensitive data. The only solution is to reformat the hard disk(s)
and re-install the operating system, or smash your computer to bits if you
prefer!
Rule 9: Use every security mechanism you can, not just one or a few.
They serve different purposes and thus complement each other. Always
rolling-up the car windows and locking the doors is a good start, but you
wouldn't really call that a security system, would you?!
Stick to the rules or let the script kiddies rule the day!
Some useful links you can follow to get further knowledge on the
subjects discussed today:
SSH:
http://www.ssh.com http://www.openssh.org http://www.fsecure.com
Vulnerability reports:
http://www.securityfocus.org http://cve.mitre.org
Firewalls:
http://www.zonelabs.com http://www.firewallguide.com
Hacking:
http://www.webpronews.com/rd/yahoohack.html
AUTHOR: Tom Germain has been our ace programmer here at iEntry.com. He has
expertise in several different languages and operating systems. Basically,
he's just a geek stud. -Pete
| The BannerCo-Op - 1-1 Exchange + Cash | |
©ö ¸g »P » ´ä ªÑ É]
The 11th Commandment:"Thou Shalt Not Should on Thyself (or others)." We’ve Decided Not to Participate in an Economic Slowdown 7 Ways to Increase Your Link Popularity Cash Ponies -- Sleeker and Faster than Cash Cows The Expertise Gap - A Costly Missing Step "The Top 3 Free Advertising Methods" The 4 Steps to Successful Goal-Setting "Diamonds are Forever - The Art of Website Optimization" Resolutions for Year 1 of the New Millennium The Growing Net and Your Business! What the Heck is Direct Marketing? 10 Killer Ways To Keep Your Profits Rolling! Why Adding Humor To Your Site Is No Joke! How to succeed if your energy level is the same as a
'Slug In A Puddle' Are You Expecting To Be Disappointed? "You can't teach an old dog new tricks." Merged Firms Need Unified Salesforce
to Avoid "Bands of Selling Nomads Decision Making for Giants and Elves Streetwise Relationship Marketing on the Internet Ten Excellent Ways How Failure Can Be More Beneficial
To You Than Success. What the Heck is Direct Marketing?
Why I'm Bullish On America
List of
Previous Publishes
E-biz Consultant
°ê »Ú ºô °Ó ÅU °Ý
Back to Home Index!
