Making Linux safer-Thoughts on Security (1)

Security Definition
Security is an important topic in today's IT headlines. Common system vulnerabilities, security patches, and viruses and worms are familiar to everyone who uses computers. Because almost every computer system is connected to another computer or the Internet, the security of these computers is ensured, it is critical to reduce intrusion, data theft or loss, misuse, and even third-party liability.
Ensuring security is important even for independent computers that are not connected to the network. Applications must be installed from trusted sources, such as verified and virus-checking discs. Be equally careful with application data. For example, Software defects may be exploited to execute arbitrary code for software packages office suites that can execute powerful macro languages or introduce illegal data. Therefore, application data must undergo integrity check before being copied to a computer. You can place data in a safe place to control access to the system. Of course, attacks from authorized personnel are not considered ).
When the system connects to the network and provides services to other computers intentionally or unintentionally), things become more tricky. In that case, the data may not only come from the system administrator, because the client program needs to use the provided services, and system vulnerabilities may allow intruders to control the computer.
This is why security is the most fundamental problem in the entire system lifecycle from planning to removing the system. But what exactly does security mean?
Generally, data security and system security can be considered separately. Data security is generally considered to ensure all efforts in the following aspects:
Confidentiality ).
Integrity ).
Availability ).
In combination, these are called the "CIA" of data stored on computers ". Protection of configuration data such as/etc/passwd can be classified as data security. System Security refers to the computer platform itself. For more Information about system Security, see references:
System security. Protection of information systems to prevent unauthorized access and modifications to information, whether stored, processed, or transmitted, it also prevents denial of authorized user services or unauthorized user services, including measures to detect, record and counter such threats.
It is important to realize that System Security emphasizes a repetitive process, including applying security patches, frequent audits, and control, and at least a secure system configuration. In this regard, it is impossible to ensure absolute security, nor to provide of the security services. The goal should be to find a compromise between the efforts required for security, system availability, and maintenance. This compromise depends on the importance of security for the data stored in the computer and the expected use of the data. Read Bruce Schneier's Secrets and Lies, John Wiley & Sons, 2000; see references for links ).
Integrity
Data with integrity is legal and has not been accidentally or maliciously modified. Integrity should be considered when data is stored or exchanged. The data received by the target must be an original copy of the source data. That is to say, on the one hand, physical transmission and storage media must be reliable so that data can be correctly transmitted without a bit error. On the other hand, data must not be accessed and modified by unauthorized entities without detection. The scope of integrity starts when the user-the final authority-delegates data to the system. Therefore, user errors are not within the integrity scope.
For network connections, ensure the integrity regardless of whether the network is secure, for example, encrypted transmission ). During transmission, third parties that can access the transmission media may re-route or modify data. The physical environment involving the network and the integrity of the interconnected computer are not specific to Linux, but is true for all computer installations. Therefore, this is beyond the scope of this article. In any case, apart from other methods, measures taken at the physical layer to protect data include limiting access to computers and retaining protection for transmission media such as cables and connectors, and avoid power outages and static release read "Building the Ideal Web Hosting Facility: A Physical Security Perspective", see references for links ).
This series of articles will focus on encryption, signatures, and other measures taken in the operating system and application environment to actively ensure integrity. This article will also focus on the audit mechanism to identify integrity defects and determine the parties responsible for this.
Confidentiality
When the protected data can only be read or modified by authorized persons or systems, it must be kept confidential. This is a completely different concept from integrity: when data is uploaded and transmitted over the network, it may be transmitted without modification, thus ensuring its integrity, however, if it is intercepted by a third party, it is no longer confidential. When unauthorized users can access data transmission and obtain valuable information from them, integrity is not enough. The confidentiality of data raises three more in-depth questions:
Who wants to access data? Authentication)
What data can be accessed? Authorization)
How to protect data from unauthorized access?
Linux has several methods to ensure that the entity attempting to access data is the one it claims. Pluggable Authentication ModulesPAM), you can implement some Authentication policies, from the local machine stored on a centralized directory, NIS, Kerberos, LDAP, etc.) in a simple user name/password combination, to hardware identification or biometric feature scanning. The traditional rough UNIX file permissions can be used for File Access Authorization to solve the following problems: users, groups, or all-level read, write, and execution permissions. The new fine-grained Method -- Access Control List Access Control Lists) -- allows you to grant or deny specific permissions to specific users.
The standard Linux security concept is implemented in software and relies on the kernel to reject the use of resources by unauthorized users. However, kernel defect Privilege Escalation/automatic adjustment, unchecked parameters, etc.) may allow users to access previously inaccessible memory areas, disk space, network or other resources. By installing the keyloggers), removing the hard drive and reading from other machines, sniffing network transmission, and so on, physical access to the hardware allows users to bypass software checks. In this way, further efforts must be made to protect confidential data, such as file systems, encryption of individual files, network transmission, and/or application-level encryption. In addition, physical measures also need to be taken into account, such as security areas, secure data deletion, and accounting procedures for confidential information. However, this article does not cover this.