TIPS: solving physical security threats to Linux systems

In enterprises, it is easy to focus on technical issues that affect Linux security. After all, our users who work in Linux are technology-oriented, so we tend to focus on the security of bytes and bits. However, when talking about the risks related to Linux management, there is something we must not forget, which is often overlooked. It is physical security.

When physical security in office buildings or data centers is weak, even if other security control measures are not completely ineffective, their control capabilities are often reduced. Whether your business center or data center has audit logs with doors, security guards, or SAS 70 Type II Certification, Once attackers access the physical facilities, the entire disk will be lost. Physical security vulnerabilities affect almost every organization, building, and individual. Physical security is constantly changing, and its nature is dynamic, which increases the seriousness of the problem. Of course, some factors are closely related to physical security management. However, in actual situations, the extensive flow of personnel involves all aspects of physical security, which makes physical security management more difficult.

Linux usually runs on some key systems, and physical security is very important in these fields. The following are some common problems I have encountered in Linux:

In server rooms/data centers, any user in the network, including external users who log on via public wireless networks, can use the default administrator password based on the network to run the management interface to control the system, this allows you to disable cameras, delete DVR files, or review logs, and adjust the temperature threshold, or even more.

No cameras are available at the entry points and exit points of the server room/data center. Although reactive, they are still a desirable method of control.

Reception staff who are not serious and easy to trust others will not ask business personnel who do not have a document or hold a false document. It is very easy to create fake certificates. The holder only needs to move the certificates in front of the reception staff, or follow the rest of the trusted personnel.

The physical layer password is used in the server room. The password can be easily copied, lost, or forgotten.

The shared password of the Customer Information Query station can be used to access the access control password. The principle of accountability also applies to physical layer security. One-time passwords can help solve the nightmare of access control in high-traffic areas.

There is no lock in the protected storage area, or the lock of the storage cabinet has been broken. It is strange that people will leave sensitive information technology-related files in lockers near the office without protection measures, such as accident response plans and passwords, but this is not uncommon.

Storage media, such as disks with key file backup or IT management systems, external hard disks, and USB disks. Once this type of media is used, these backups are easily stored on other systems.

In fact, people do not have to destroy the physical security by destroying the system, as in the traditional sense, and ultimately damage information security. Once someone has the physical access permission, everything can happen. Recently, a colleague who specializes in social engineering asked me if he provided me with information about a specific goal on the network and I could gain physical access to a certain runtime environment, so can I control that system? I told him that there are several factors that will play a role: Patch Level, configuration settings, intrusion locks, whether the target system's network segment can be accessed, and so on, but what I give is a positive answer, that is, it is entirely possible to control the system. If you can access the system itself, the problem will be simpler, because we can get almost 100% access.

Never forget that protecting your Linux system is both a non-technical problem and a technical problem. As an employee, contractor, supplier, or general customer, it is very important to put physical security first. If you cannot do this, this security risk will raise its ugly head in the most unexpected time and give you a bite.