Making Linux safer -- Thinking about security

Article Title: making Linux safer-thinking about security. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
　　 Security Definition
Security is an important topic in today's IT headlines. Common system vulnerabilities, security patches, and viruses and worms are familiar to everyone who uses computers. Because almost every computer system is connected to another computer or the Internet, the security of these computers is ensured, it is critical to reduce intrusion, data theft or loss, misuse, and even third-party liability.
　　
Ensuring security is important even for independent computers that are not connected to the network. Applications must be installed from trusted sources, such as verified and virus-checking discs. Be equally careful with application data. For example, Software defects in software packages (office suites) that can execute powerful macro languages or introduce illegal data may be exploited to execute arbitrary code. Therefore, application data must undergo integrity check before being copied to a computer. You can place data in a safe place to control access to the system (of course, do not consider attacks from authorized personnel ).
　　
When the system connects to the network and provides services (intentionally or unintentionally) to other computers, things become more tricky. In that case, the data may not only come from the system administrator, because the client program needs to use the provided services, and system vulnerabilities may allow intruders to control the computer.
　　
This is why security is the most fundamental problem in the entire system lifecycle from planning to removing the system. But what exactly does security mean?
　　
Generally, data security and system security can be considered separately. Data security is generally considered to ensure all efforts in the following aspects:
　　
Confidentiality ).
Integrity ).
Availability ).
　　
In combination, these are called the "CIA" of data stored on computers ". Protection of configuration data such as/etc/passwd can be classified as data security. System Security refers to the computer platform itself. National Information Systems Security Glossary (see references for links) defines system Security as follows:
　　
System security. Protection of information systems to prevent unauthorized access and modifications to information (whether stored, processed, or transmitted, it also prevents denial of authorized user services or unauthorized user services, including measures to detect, record and counter such threats.
　　
It is important to realize that System Security emphasizes a repetitive process, including applying security patches, frequent audits, and control, and at least a secure system configuration. In this regard, it is impossible to ensure absolute security, nor to provide of the security services. The goal should be to find a compromise between the efforts required for security, system availability, and maintenance. This compromise depends on the importance of security for the data stored in the computer and the expected use of the data (read Bruce Schneier's Secrets and Lies, John Wiley & Sons, 2000; see references for links ).
　　
　　 Integrity
Data with integrity is legal and has not been accidentally or maliciously modified. Integrity should be considered when data is stored or exchanged. The data received by the target must be an original copy of the source data. That is to say, on the one hand, physical transmission and storage media must be reliable so that data can be correctly transmitted without a bit error. On the other hand, data must not be accessed and modified by unauthorized entities without detection. The scope of integrity starts when the user-the final authority-delegates data to the system. Therefore, user errors are not within the integrity scope.
　　
For network connections, ensure the integrity regardless of whether the network is secure (for example, encrypted transmission ). During transmission, third parties that can access the transmission media may re-route or modify data. The physical environment involving the network and the integrity of the interconnected computer are not specific to Linux, but is true for all computer installations. Therefore, this is beyond the scope of this article. In any case, apart from other methods, measures taken at the physical layer to protect data include limiting access to computers and retaining protection for transmission media (such as cables and connectors, and avoid power outages and electrostatic release (read "Building the Ideal Web Hosting Facility: A Physical Security Perspective" and refer to references for links ).
　　
This series of articles will focus on encryption, signatures, and other measures taken in the operating system and application environment to actively ensure integrity. This article will also focus on the audit mechanism to identify integrity defects and determine the parties responsible for this.
　　
　　 Confidentiality
When the protected data can only be read or modified by authorized persons or systems, it must be kept confidential. This is a completely different concept from integrity: when data is uploaded and transmitted over the network, it may be transmitted without modification, thus ensuring its integrity, however, if it is intercepted by a third party, it is no longer confidential. When unauthorized users can access data transmission and obtain valuable information from them, integrity is not enough. The confidentiality of data raises three more in-depth questions:
　　
Who wants to access data? (Certification)
What data can be accessed? (Authorization)
How to protect data from unauthorized access?
　　
Linux has several methods to ensure that the entity attempting to access data is the one it claims. With Pluggable Authentication Modules (PAM), you can implement some Authentication policies, from a simple user name/password combination stored on a local machine in a centralized directory (NIS, Kerberos, LDAP, and so on, to hardware identification or biometric feature scanning. The traditional (rough) UNIX file permissions can be used for File Access Authorization: the user, group, or all-level read, write, and execution permissions. The new fine-grained method-Access Control Lists-allows you to grant or deny specific permissions to specific users.
　　
The standard Linux security concept is implemented in software and relies on the kernel to reject the use of resources by unauthorized users. However, kernel defects (Privilege Escalation/automatic adjustment, unchecked parameters, etc.) may allow users to access previously inaccessible memory areas, disk space, networks, or other resources. By installing the keyloggers, removing the hard drive and reading it from other machines, sniffing network transmission, and so on, users can bypass software checks for physical hardware access. In this way, further efforts must be made to protect confidential data, such as file systems, encryption of individual files, network transmission, and/or application-level encryption. In addition, physical measures also need to be taken into account, such as security areas, secure data deletion, and accounting procedures for confidential information. However, this article does not cover this.
　　
　　 Availability
Even if the integrity and confidentiality are ensured, if the data cannot be accessed, it is useless, that is, unavailable. Availability measures ensure that data is never lost and can be accessed at a predefined performance level when requested. Availability may be threatened in different ways:
　　
Destructive attacks-Denial-of-Service (DoS) attacks-these attacks target availability. They consume all available network, CPU, storage, or operating system resources (such as file handles) to make a computer or a service unavailable.
The target is an attack on the data itself, trying to delete or overwrite the data.
Accidental data destruction. In most cases, it is impossible to avoid accidental damages to data, because users with proper permissions are considered as the final authority. You can only make preparations by using a backup/dump infrastructure at an appropriate location.
Last but not least, defects, misconfiguration, physical environment, hardware failure, power failure, and unnecessary system reboot may also affect availability. Software-related topics in this list should be classified into system security, which will be further discussed later. As mentioned above, hardware-related topics are not discussed in this article. However, if you are interested in these topics, please refer to the references section for more links.
　　
Specific Linux measures to solve the first two problems listed above include network packet protection (firewalling)/filtering (filtering) to protect the integrity of the file system, and additional resources that can be added as needed (for example, using Tivoli®Intelligent Orchestrator; see references for links ).
　　
　　 Linux System Security
Linux is a modern open-source operating system that can be freely released and copied. Each user has the permission to modify its source code, so it is easy to customize Linux for your environment, add new components to the operating system, discover defects and provide patches, and check for security vulnerabilities in the source code.
　　
Although data security and system security are considered separately, system security will have a major impact on data security. This is why Linux has many integration components that address confidentiality, integrity, availability, and system security issues. It includes IP protection, authentication mechanism, system log and audit, encryption protocol and API, kernel-level VPN support, and so on. In addition, system security can be supported by (Open Source) software applications, these applications provide security services, harden and/or control Linux systems, prevent and detect intrusions, check system and data integrity, and provide barriers to prevent different attacks.
　　
A major concern for security is that the difference between Linux and an operating system that does not open source code lies in the open source code development process. Since every user or developer of the software can access its source code, many people are controlling and reviewing possible security vulnerabilities in the source code. Software defects will soon be discovered. On the one hand, this will cause these defects to be exploited earlier; on the other hand, there will soon be available security patches.
　　
　　 Conclusion
Considering its reliability, stability, scalability, manageability, performance, and last but not least, Linux has proved to be suitable for professional enterprise applications. Thanks to its open-source philosophy, Linux is becoming increasingly popular because it allows users to customize and expand systems to meet specific needs. Therefore, Linux administrators need to understand the security mechanisms that reinforce Linux and protect it from possible attacks. The next article in this series will discuss the first step to Secure Linux systems: plan and execute installation.