"Linux Gazette...making Linux just a little more fun!"

Security for the Home Network

By JC Pollman and Bill Mote

Security for the home network is your responsibility.  With all the tools available to the crackers and script kiddies, it is not a matter of if but rather when you will be probed and possibly attacked.  I have personally been connected via modem for less than 5 minutes and been port scanned!  Your ISP really does not care if you are being attacked by "x" because if they shut down "x", tomorrow it will be "y" attacking you. Fortunately there are several things you can do to greatly increase the security of your network.

Disclaimer: This article provides information we have gleamed from reading the books, the HOWTOs, man pages, usenet news groups, and countless hours banging on the keyboard. It is not meant to be an all inclusive exhaustive study on the topic, but rather, a stepping stone from the novice to the intermediate user.  All the examples are taken directly from our home networks so we know they work.

How to use this guide:

Prerequisites: This guide assumes that you have tcp wrapper and ipchains installed, that you are running kernel 2.2.0 or higher, that you have selected a legal/private domain name,  that you're using IP Masquerade to "hide" your machine from the internet, and that you are consistently able to connect to the internet.

Why crack me? Most of us believed, at one time, that we were so insignificant that a cracker would not waste his time with us. Additionally, there are so many computers connected to the internet that the odds of being cracked were virtually nil. Five years ago that was probably a correct assessment.  With the advent of the script kiddies, this is no longer true. The tools available to them make it so easy to find and crack systems that anyone who can turn on a computer can do it.

There are two main reasons they may want to crack your home system: the thrill of another conquest, and to get information to use your ISP account to launch other attacks. Life will become distinctly unpleasant when the authorities come to your door investigating why you were using your ISP account to break into the pentagon.

The following information comes from a series of excellent articles by Lance Spitzner. They should scare you straight if you have taken security lightly up to now.

The script kiddie methodology is a simple one. Scan the Internet for a specific weakness, when you find it, exploit it. Most of the tools they use are automated, requiring little interaction. You launch the tool, then come back several days later to get your results.  No two tools are alike, just as no two exploits are alike. However, most of the tools use the same strategy. First, develop a  database of IPs that can be scanned. Then, scan those IPs for a specific vulnerability.
Once they find a vulnerable system and gain root, their first step is normally to cover their tracks.  They want to ensure you do not know your system was hacked and cannot see nor log their actions.  Following this, they often use your system to scan other networks, or silently monitor your own.
And now for the bad news: CERT® Coordination Center has only one solution if you have been cracked: reinstall everything from scratch!

The Firewall Machine: Ideally your firewall should be a machine dedicated to just that: being your security. Given that you only need the power of a 486, this should not be to hard to handle. By using a computer to just be your firewall you can shutdown all the processes that normally get attacked - like imap, ftp, sendmail, etc. A simple solution would be to create a boot floppy with everything you need on it and run it out of a ram disk. That way, if you are cracked, you just reboot the machine, and without a hard drive it will run much cooler. Check out the Linux Router Project for how to set it up.

However, for the purposes of this article the authors assume you're setting this up on your primary server and that you've been following along with the previous month's articles on DNS and SendMail.

What we will cover: There are hundreds, maybe even thousands, of ways to crack into your computer. And for every way in, you need to provide a defense. We are not going to cover everything here: we will cover just the basics to get your machine secured from the most likely attacks.

ip spoofing
tcp wrappers
What we will not be covering:
physical security
specific programs you run
encrypting data

Here are some final thoughts to whet your appetite. Next month we will be discussing dhcp.

Copyright © 1999, JC Pollman and Bill Mote
Published in Issue 46 of Linux Gazette, October 1999

[ TABLE OF CONTENTS ] [ FRONT PAGE ]  Back [ Linux Gazette FAQ ]  Next