Interview with Chen Xiaobing: Starting from internal aspects of system security defense (1)

Bkjia.com exclusive Article]BKJIA's large series of "Linux learning month" activities jointly held by several websites are coming to an end today. Today, the Linux activity month invited Chen Xiaobing, a third system security expert who visited the chatting room of the banker.

Chen Xiaobing:He is currently working in a naval department and serves as a website security consultant and assistant researcher for many companies. He is mainly engaged in system development and network maintenance. He has 8 years of experience in information system development and network security maintenance. He is mainly engaged in network security technology and database development technology. I have published "SQL Server 2000 Training Course" by Tsinghua University Press and the Electronic Industry Press published the second book "detailed explanation of hacker attack and defense cases". I am planning a series of books on network security, he has published more than 100 articles in magazine media such as world of network administrators, Hacker defense, and hacker manual, and two core journal papers.

At two o'clock P.M. on the 27 th, Chen Xiaobing had a warm interaction with netizens on Linux security issues for nearly two hours. The following is a chat record, and BKJIA is slightly sortedSort and upload video materials later).

Host and guests take a group photo

◆ Linux System Security

Host: Today is the fourth phase of our Linux study month. Today, we are very happy to invite Chen Xiaobing, a liaison officer of Chen Xiaobing in a naval department, who is mainly engaged in system development and network maintenance, now I have eight years of experience in network maintenance for information system development and have published two books, one published by Tsinghua University called "Analysis of hacker attack and defense cases. Now, I have published more than one hundred articles on cybersecurity in the world of network administrators and the Hacker defense line. Please give me a simple greeting.

Chen Xiaobing: Hello, everyone! We are glad that bkjia.com provides an opportunity to communicate with you. In fact, as a Linux expert, bkjia.com is a bit excited. I am very fond of it. I will discuss it with you here, please forgive me for correction.

Host: Today we are talking about Linux security and optimization. Let's talk about the concept of Linux security?

Chen Xiaobing: From my point of view, it can be divided into four aspects: system security, which mainly involves some basic things, such as users, directories, documents, and data, there are also some file types. The most important commands in Linux are safe. These commands are very important in maintenance and intrusion. We will briefly introduce them in the future. Second, network security focuses on the Linux network security policies of small and medium-sized enterprises, and introduces some network security tools. In fact, there are many such tools, this is a bit similar to that of martial arts. It can be used to kill people more often. Now, the same is true for Network Tools. Every tool can be used only after it is used. The third part focuses on the security of Linux services. In this section, we will mainly intrude into hosts. What should we do after the intrusion? Have some experience in this area.

Host: You talked about system security just now.

Chen Xiaobing: the third part is about Linux and LAMP, which are popular. There are many such files on the Internet. Let's take a look at them, I mainly mention something here. The fourth part focuses on Linux virus and recovery. This is a more practical part.

Host: Just now, Mr. Chen has introduced four main aspects of Linux: system, Service, Network, and virus. Can you tell me a brief introduction to the protection of Linux systems? What should we pay attention? We know that Widows is a secure operating system in Linux. Although it is secure, there may be many deficiencies, or the configuration with some defects is not safe.

Chen Xiaobing: I think that in terms of this system, we usually need to pay attention to some new things, such as new security, such as Linux and Acer, and there may be new patches, these patches may be fatal. One is to pay attention to the latest situation. In addition, you must maintain the system and check your log files frequently. After the intrusion, you must take a closer look at the cause, find the cause, and then better manage it.

As management personnel, there is also a need for security training with system management personnel. There are also social engineering attacks. Although social engineering is not a technology, it is better than technology, and there is a lot of information on the Internet. This has an story, such as gambling. For the first time, this person sent 1000 emails, and 500 of them were gambling-right, and 500 of them were wrong. There must be a result, and they must be right, one mistake is that this person is very good. The second time I repeat it, I may send 500 and 250 again in the 250. After this loop, someone will believe it, now that I have mastered a certain technology, you may have paid me 500 yuan. This is an absolute thing, so it is very important to pay attention to social engineering.

Host: One thing you mentioned just now is patch. Pay attention to some security patches provided by Linux vendors in a timely manner, and always check the logs, check sensitive directories. In terms of system security, do you need to pay attention to the Linux user directory?

Chen Xiaobing: in fact, this definition may not be very accurate for Linux users. Compared with Duast for Windows users, I have asked many users after Linux. Without this distinction, there may be some groups, security permissions: two groups. In these two groups, the general principle is that do not use the advanced administrator permission during running. Directory Permissions must be well done. There are some similarities with Windows security, such as the/home directory and other directories. You define each directory, including the concept in ANP, the package is packed in and can only be done in it without affecting the system.

Host: This is about file access permissions. it is safer to set users to only access certain directories?

Chen Xiaobing: Yes.

Host: The types of some files may be very different from those of Windows and Linux. Can you briefly introduce the differences between the types of Windows files and those of Linux Files?

Chen Xiaobing: in fact, the file types in Windows and Linux are some the same, there are some differences, such as compressed files, TDZ compressed files are ended with Tar files, there are also gz, tbz, and tgz, because it is open-source and many people provide it after development. In fact, it is similar to Win2, and there are some common ones, such as sound files. az, image file gif, HTML, PDF, TXT, this is public. There are also some files mainly related to the system, such as. conf and. lock. They are locking some files, and there is also an important format of IPM, software-managed files. I will introduce the file type here.

Host: Some basic file types in Linux are relatively basic knowledge. If we talk about Linux security, these basic knowledge is absolutely indispensable, including some network commands, some basic file operation commands are not detailed here. I would like to ask a question: what security needs to be paid attention to during our O & M process? For example, what should I pay attention to when remotely logging on to the host, setting the network environment or system services?

Chen Xiaobing: personal experience in network O & M is not necessarily true. One principle is to use the minimum permission principle. The second principle is to set a password for permissions, and the third is strict configuration management. Most people know the principle of least privilege, but some people do not pay attention to it, including some time ago, a friend also announced a method of using the system, that is, the virtual host, through a very small detail, the entire service group has one machine, but this machine stores all the script files on the server, which contains the username and password.

The second is to set a strong password, which is not a common issue. In my personal experience, many people prefer to set birthday, user name, or name of their children, this is not a strong password. Some people mentioned how to set up strong passwords during our meetings. Here, I want to mention that the wireless encryption method is very fast, including the 120G hash table provided on the Internet recently. After downloading it, it can be cracked in minutes.

What is a strong password? It must have at least 20 characters. I think we should have an advantage. because we have a lot of Chinese poems, I will choose one of them. For example, I came to bkjia.com today, I took out each word above, and added an upper case in the middle or a time plus my own name. This is a strong password.

Strict configuration management. What does this mean? In general, intrusion is not so easy. In fact, he is also looking for vulnerabilities. Apart from undisclosed vulnerabilities, if you set them well, it is still not easy to penetrate that system. It may obtain some permissions and modify some files.

This configuration management is similar to Windows, especially M transliteration. There is a user password record in it. Anything with a user password port is sensitive. You can deploy the JAR package for the management frequency, if the hacker gets the user name and password, and sometimes the password is not set at the end, I can log on directly, just upload a GSP system, it is easy to control the system, I may use the UE editor to open it and form a baker transliteration file. Someone once found that the user name and password are all written in the file on the website. This is based on the configuration.

In addition, many programs are not developed by themselves. They may be developed by a company. during the development process, programmers may use a password, such as A4A123456, which has not been modified, this is also very dangerous, because there are also a lot of tools, after getting the password, you can directly log on to the server for operations, and his original developers, bad may do some bad things.

There is also a MySQL transliteration). If you get this password, there will be a lot of data connected to it, you can see your data, you can operate on your data, you can modify, add, delete, that's easy. The preceding principles are three principles.

HostOne is to use the minimum permissions, including the file permissions and user permissions. The second is to set a strong password. With so many years of experience, Mr. Chen introduced a method to set a strong password, such as using ancient poetry or a sentence.

Chen Xiaobing: This must be easily remembered by yourself. For example, you can remember the lyrics well-known, but remember not to talk about them everywhere in the future. For example, you are like Chairman Mao's quotations, take one sentence.

Host: You mean that the old poem "When is the moon, ask the wine to Qingtian" cannot be set on this server.

Chen Xiaobing: I have found that many computers exist. The administrator cannot remember the passwords. In all systems, the Administrator passwords are the same. This is very dangerous.

Host: The password cannot be set to the same?

Chen Xiaobing: Yes, there is a slight difference. For example, if this is 01, the following change to 02 requires a continuity.