Postfix email spoofing how to stop

Security in Linux, Volker Neumann

0 ratings0% found this document useful (0 votes)
300 views185 pages

Description:

LINUX Security by Volker Neumann

copyright

Available formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Did you find this document useful?

Description:

LINUX Security by Volker Neumann

Copyright:

Available formats

Download as PDF, TXT or read online from Scribd

$ echo tux
tux
$ ls
hello.c
hello.o
$ / bin / su -
Password:

tuxcademy - Linux and open source learning materials for everyone


www.tuxcademy.org ⋅ [email protected]
The tuxcademy project offers high-quality, freely available training materials
Linux and open source topics - for self-study, for schools, universities,
education and profession.
Visit https://www.tuxcademy.org/! We are at your disposal for questions and suggestions
gladly available.

Linux and security


Revision: secu: b18dce0ae917fd16: 2014-04-03
nadm: 34ccb7a5ca5eb94a: 2014-04-03 B
secu: 2cd69440d313e762: 2013-12-20 1-9
secu: BDN4000Eeo1uMBEgNWoOqd

© 2015 Linup Front GmbH Darmstadt, Germany


© 2016 tuxcademy (Anselm Lingnau) Darmstadt, Germany
http://www.tuxcademy.org ⋅ [email protected]
Linux penguin »Tux« © Larry Ewing (CC-BY license)

All representations and information contained in this documentation were made after


created to the best of our knowledge and tested with care. Nevertheless, errors cannot be completely ruled out.
shut down. The tuxcademy project is liable in accordance with the statutory provisions in the case of
compensation claims based on intent or gross negligence, and, except for
Willful intent, only limited to the foreseeable, typically occurring damage. The
Liability for culpable harm to life, body or health
as well as the mandatory liability under the Product Liability Act remain unaffected. A
Liability beyond the aforementioned is excluded.
The reproduction of product names, common names, trade names and similar
abilities in this documentation are justified even without their special identification
not to assume that such names in the sense of the trademark and brand name
property rights are free and can therefore be used as desired. All trade names
are used without guarantee of free usability and may be
registered trademarks of third parties.

This documentation is licensed under the »Creative Commons-BY-SA 4.0 International« -


License. You are allowed to reproduce, distribute and make them publicly available for as long
the following conditions are met:
Attribution You must point out that this is the documentation
is a product of the tuxcademy project.
Disclosure under the same conditions You are allowed to edit the documentation,
convert, expand, translate or change in any other way or rely on
as long as you make your contributions available under the same license as
the original.
More information and the legally binding license agreement can be found at
http://creativecommons.org/licenses/by- sa / 4.0 /

Authors: Thomas Erker, Stefan Haller, Anselm Lingnau


Technical editing: Anselm Lingnau ⟨[email protected]
Set in Palatino, Optima and DejaVu Sans Mono
$ echo tux
tux
$ ls
hello.c
hello.o
$ / bin / su -
Password:

content

1 Security: Introduction 1
1.1 What is security? . . . . . . . . . . . . . . . . . . . 2
1.2 Security as a business problem. . . . . . . . . 4th
1.3 Attacks. . . . . . . . . . . . . . . . . . . . . . . 5
1.4 attacker. . . . . . . . . . . . . . . . . . . . . . . 6th
1.5 Security Concepts. . . . . . . . . . . . . . . . . . . 9
1.5.1 Why? . . . . . . . . . . . . . . . . . . . . . 9
1.5.2 Risk analysis. . . . . . . . . . . . . . . . . . . 9
1.5.3 Cost-benefit analysis. . . . . . . . . . . . . . . 10
1.5.4 Security goals, guidelines and recommendations. . . . . . . 11
1.5.5 Audits. . . . . . . . . . . . . . . . . . . . . . 13th
1.6 Security and Open Source Software. . . . . . . . . . . . 13th
1.7 Sources of information. . . . . . . . . . . . . . . . . . . 15th

2 Local Security 19
2.1 Physical security. . . . . . . . . . . . . . . . . . . 20th
2.1.1 Physical security - why? . . . . . . . . . . . . . 20th
2.1.2 Planning. . . . . . . . . . . . . . . . . . . . . 20th
2.1.3 Risks. . . . . . . . . . . . . . . . . . . . . 21
2.1.4 Theft. . . . . . . . . . . . . . . . . . . . . 22nd
2.1.5 Old media. . . . . . . . . . . . . . . . . . . . 22nd
2.2 Minimal systems. . . . . . . . . . . . . . . . . . . . 24
2.3 Secure the boot process. . . . . . . . . . . . . . . . . 25th
2.3.1 Boot process and BIOS. . . . . . . . . . . . . . . . 25th
2.4 Boot Loader Security. . . . . . . . . . . . . . . . . . . 26
2.4.1 Basics. . . . . . . . . . . . . . . . . . 26
2.4.2 GRUB 2. . . . . . . . . . . . . . . . . . . . . 26
2.4.3 GRUB Legacy. . . . . . . . . . . . . . . . . . . 28
2.4.4 LILO. . . . . . . . . . . . . . . . . . . . . . 29

3 The Secure Shell (for advanced users) 33


3.1 Introduction. . . . . . . . . . . . . . . . . . . . . . 34
3.2 Basic functionality. . . . . . . . . . . . . . . 34
3.3 User Limitations. . . . . . . . . . . . . . . . . 37
3.4 Tips and tricks. . . . . . . . . . . . . . . . . . . . 39
3.4.1 User configuration for different servers. . . . . . 39
3.4.2 The subtleties of the protocol. . . . . . . . . . . . . . . 40
3.4.3 Net and false bottom. . . . . . . . . . . . . . 41
3.4.4 Having fun with public keys. . . . . . . . . . . . 42
3.5 OpenSSH certificates. . . . . . . . . . . . . . . . . . 44
3.5.1 Overview. . . . . . . . . . . . . . . . . . . . . 44
3.5.2 Authenticate the user key. . . . . . . . . . . . 45
3.5.3 Use OpenSSH certificates for users. . . . . . . 46
3.5.4 Computer keys and certificates. . . . . . . . . . . 48

4 Firewall Concepts 51
iv content

4.1 Firewalls and Security. . . . . . . . . . . . . . . . . 52


4.2 Firewall components. . . . . . . . . . . . . . . . . . 53
4.3 Implementation of firewalls. . . . . . . . . . . . . . . 55
4.3.1 A simple example: home LAN. . . . . . . . . . . . 55
4.3.2 A home LAN with a router. . . . . . . . . . . . . . 57
4.3.3 Internet connection of a company with DMZ. . . . . . . . . 57
4.3.4 DMZ for the poor: Triple-Homed Host. . . . . . . . . . . 59
4.4 Firewalls and common protocols. . . . . . . . . . . . . . 59

5 Packet filter with netfilter (»iptables«) 65


5.1 Purpose of packet filters. . . . . . . . . . . . . . 66
5.2 The packet filter in Linux systems. . . . . . . . . . . . . . 66
5.2.1 Concept. . . . . . . . . . . . . . . . . . . . 66
5.2.2 How it works. . . . . . . . . . . . . . . . . . . 68
5.2.3 Integration in the kernel. . . . . . . . . . . . . . . . 68
5.3 The command line tool iptables. . . . . . . . . . . 69
5.3.1 Basics. . . . . . . . . . . . . . . . . . . . 69
5.3.2 Extensions. . . . . . . . . . . . . . . . . . . 71
5.3.3 Definition of the action. . . . . . . . . . . . . . . . 74
5.3.4 Operations on a complete chain. . . . . . . . . . 76
5.3.5 Saving the filter rules. . . . . . . . . . . . . . . 77
5.3.6 Practical example. . . . . . . . . . . . . . . . . . . 77
5.4 Network Address Translation. . . . . . . . 82
5.4.1 Use cases for NAT. . . . . . . . . . . . . . 82
5.4.2 Variants of NAT. . . . . . . . . . . . . . . . . 82
5.4.3 NAT via Netfilter. . . . . . . . . . . . . . . . . . 83
5.4.4 Special features of NAT. . . . . . . . . . . . . . . 84

6 Security analysis 89
6.1 Introduction. . . . . . . . . . . . . . . . . . . . . . 90
6.2 Network analysis with nmap. . . . . . . . . . . . . . . . . . . 90
6.2.1 Basics. . . . . . . . . . . . . . . . . . . . 90
6.2.2 Syntax and options. . . . . . . . . . . . . . . . 92
6.2.3 Examples. . . . . . . . . . . . . . . . . . . . . 94
6.3 The OpenVAS security scanner. . . . . . . . . . . . . . 97
6.3.1 Introduction. . . . . . . . . . . . . . . . . . . . 97
6.3.2 Structure. . . . . . . . . . . . . . . . . . . . . 97
6.3.3 Use OpenVAS. . . . . . . . . . . . . . . . . 98

7 Computer-based attack detection 105


7.1 Introduction. . . . . . . . . . . . . . . . . . . . . . 106
7.2 Tripwire. . . . . . . . . . . . . . . . . . . . . . . 107
7.2.1 Structure. . . . . . . . . . . . . . . . . . . . . 107
7.2.2 Preparatory work. . . . . . . . . . . . . . . 107
7.2.3 Regular operation. . . . . . . . . . . . . . . . . . . 108
7.2.4 Establishing the monitoring guidelines. . . . . . . . . 109
7.3 AIDE. . . . . . . . . . . . . . . . . . . . . . . . 113
7.3.1 Introduction. . . . . . . . . . . . . . . . . . . . 113
7.3.2 AIDE working modes. . . . . . . . . . . . . . . . 113
7.3.3 Configuration of AIDE. . . . . . . . . . . . . . . 113
7.3.4 Example configuration of AIDE. . . . . . . . . . . . 115

8 Network-based attack detection 119


8.1 Introduction. . . . . . . . . . . . . . . . . . . . . . 120
8.2 Detecting port scans - scanlogd. . . . . . . . . . . . . . . 121
8.3 Lock out attackers - fail2ban. . . . . . . . . . . . . . . 122
8.3.1 Overview. . . . . . . . . . . . . . . . . . . . . 122
8.3.2 Structure. . . . . . . . . . . . . . . . . . . . . 122
v

8.4 Snort: Recognize messes in real time. . . . . . . . . . . 124


8.4.1 Basics. . . . . . . . . . . . . . . . . . . . 124
8.4.2 Install and test Snort. . . . . . . . . . . . . . 126
8.4.3 Snort as IDS. . . . . . . . . . . . . . . . . . . 128

9 Virtual private networks with OpenVPN 141


9.1 Why VPN? . . . . . . . . . . . . . . . . . . . . . 142
9.2 OpenVPN. . . . . . . . . . . . . . . . . . . . . . 144
9.2.1 Basics. . . . . . . . . . . . . . . . . . . . 144
9.2.2 General configuration. . . . . . . . . . . . . . 144
9.2.3 Simple tunnels. . . . . . . . . . . . . . . . . . 146
9.2.4 OpenVPN with TLS and X.509 certificates. . . . . . . . . 148
9.2.5 Server mode. . . . . . . . . . . . . . . . . . . 149

A Sample Solutions 155

B X.509 crash course 161
B.1 Introduction: cryptography, certificates and X.509. . . . . . . . . 161
B.2 Generate a certification authority. . . . . . . . . . . . . 163
B.3 Generate server certificates. . . . . . . . . . . . . . . . 166

C command index 169

Index 171
$ echo tux
tux
$ ls
hello.c
hello.o
$ / bin / su -
Password:

List of tables

4.1 A simple communication matrix. . . . . . . . . . . . . . . . . 57

7.1 Tripwire: possible tests of file properties. . . . . . . . . . . 111


7.2 File attributes for AIDE. . . . . . . . . . . . . . . . . . . . . . . . . 114

8.1 Snort attack classes. . . . . . . . . . . . . . . . . . . . . . . . . . . 137


$ echo tux
tux
$ ls
hello.c
hello.o
$ / bin / su -
Password:

List of figures

1.1 »Phishing« for account data - a real attempt. . . . . . . . . . 5

5.1 Structure of Netfilter. . . . . . . . . . . . . . . . . . . . . . . . . . . 67


5.2 Kernel parameters for netfilter. . . . . . . . . . . . . . . . . . . . . . 68
5.3 Example for the limit module. . . . . . . . . . . . . . . . . . . . . . . 72
5.4 User chains in Netfilter. . . . . . . . . . . . . . . . . . . . . . . . 75
5.5 Destination NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

6.1 xnmap,
a graphical frontend for nmap. . . . . . . . . . . . . . . . . . 96
6.2 Structure of OpenVAS. . . . . . . . . . . . . . . . . . . . . . . . . . 97
6.3 The »Greenbone Security Assistant«. . . . . . . . . . . . . . . . . . 98
6.4 Create a new OpenVAS task. . . . . . . . . . . . . . . . . . . . . . 99
6.5 OpenVAS analysis result. . . . . . . . . . . . . . . . . . . . . . . 101
6.6 OpenVAS results report. . . . . . . . . . . . . . . . . . . . . . . . 102
6.7 Extract from a Nessus report in NBE format. . . . . . . . . . 102

7.1 Example configuration for AIDE (part 1). . . . . . . . . . . . . . . . . 116


7.2 Example configuration for AIDE (part 2). . . . . . . . . . . . . . . . . 117
7.3 Example configuration for AIDE (part 3). . . . . . . . . . . . . . . . . 118

B.1 Configuration file for an OpenSSL-based CA. . . . . . . . . . 165


$ echo tux
tux
$ ls
hello.c
hello.o
$ / bin / su -
Password:

Preface
This training manual provides a thorough introduction to the safety
ministration of Linux systems. It is aimed at system administrators with
extensive experience with Linux systems and networks and sets knowledge
equivalent to the LPIC-1 certificate of the Linux Professional Institute.
After an explanation of basic safety terms and an introduction
When creating security concepts, we first consider the local one

Security “of individual Linux computers. We explain the concept of the minimal system

tems "and explain how you can protect a Linux computer against unauthorized access.
can secure. Then we deal with security in TCP / IP-Net-
zen: Some special features of OpenSSH are explained before we do a
thorough introduction to firewall infrastructures and the configuration of the li
nux-Paketfilters Netfilter “. Chapter on intrusion detection, security

Verification and VPN complete the document.
This training material is intended to support the course as effectively as possible by
the course material in closed, detailed form for reading, reading or
Preliminary work is presented. The material is divided into chapters, each for chapters
describe a partial aspect comprehensively; at the beginning of each chapter
its learning objectives and requirements are briefly summarized, at the end learning objectives
there is a summary and (where appropriate) information on further requirements
the literature or WWW pages with more information.

B Additional material or background information has been received


the "lightbulb" symbol at the beginning of the paragraph. Sometimes
these paragraphs use aspects that are actually only later in the training
document are explained, and bring the actually just presented in this way
in a broader context; such "lightbulb" paragraphs are possible-
wise only when you work through the training material for the second time
Completely understandable ways of following up the course.

A Paragraphs with the »warning sign« indicate possible problems or »suitable
dangerous places «where particular caution is required. Respect, think highly of
On the sharp turns!

C Most chapters also contain exercises that start with the »Lead Exercises
pen «symbol at the beginning of the paragraph. The tasks are
numbered and sample solutions for the most important are at the back
in this training manual. Each task is in square brackets
the level of difficulty indicated. Tasks that start with an exclamation
characters (»!«) are particularly recommended.

Excerpts from configuration files, command examples and examples for


the output of the calculator appear in typewriter font. With multi-line
In dialogues between the user and the computer, the user input is shown in bold
Typewriter font indicated to avoid misunderstandings. If
Parts of a command output have been omitted, this is indicated by ""
marked. Sometimes line breaks are used for typographical reasons
required, which are not in the template on the computer; these are called »
xii Preface

«Shown. In syntax representations, words are in angle brackets


(“⟨Word⟩”) for “variable”, which can be used differently from case to case;
Material in square brackets (»[-f ⟨File⟩]«) can be omitted and a vertical one
Bar separates alternatives ("-a | -b").
Important concepts Important concepts are highlighted with "marginal notes"; the defini-
Definitions of essential terms are printed in bold in the text and also appear
on the edge.
References to literature and interesting web pages appear in the text in the
Form »[GPL91]« and are specified in detail at the end of each chapter.
We endeavor to keep this training material as up-to-date, complete and as possible
to design flawlessly. Nevertheless, it can happen that problems or un-
creeping in accuracy. If you notice something you want to improve
then let us know, for example by installing an electrical
niche message to
[email protected]

send. (For the sake of simplicity, it is best to enter the title of the training
location, the revision number on the back of the title page and the
relevant page number (s).) Thank you!
$ echo tux
tux
$ ls
hello.c
hello.o
$ / bin / su -
Password:

1
Security: Introduction

content
1.1 What is security? . . . . . . . . . . . . . . . . . . . 2
1.2 Security as a business problem. . . . . . . . . 4th
1.3 Attacks. . . . . . . . . . . . . . . . . . . . . . . 5
1.4 attacker. . . . . . . . . . . . . . . . . . . . . . . 6th
1.5 Security Concepts. . . . . . . . . . . . . . . . . . . 9
1.5.1 Why? . . . . . . . . . . . . . . . . . . . . . 9
1.5.2 Risk analysis. . . . . . . . . . . . . . . . . . . 9
1.5.3 Cost-benefit analysis. . . . . . . . . . . . . . . 10
1.5.4 Security goals, guidelines and recommendations. . . . . . . 11
1.5.5 Audits. . . . . . . . . . . . . . . . . . . . . . 13th
1.6 Security and Open Source Software. . . . . . . . . . . . 13th
1.7 Sources of information. . . . . . . . . . . . . . . . . . . 15th

learning goals
• Understand what "security" means
• Get an overview of attacks and attackers
• Know the steps to set up a security concept
• Know sources of information on security-related topics

Previous knowledge
• General Linux and administration knowledge

secu-einf.tex (2cd69440d313e762)
2 1 Security: Introduction

1.1 What is security?


When it comes to IT security, you probably think like most users
to dodgy crackers1 on behalf of the KGB or Mafia, to viruses and worries
mer, unsecured WLANs, Cliff Stoll's cuckoo egg [Sto93] and Hollywood
films like War Games and Das Netz. There is no doubt that the Internet is a popular
dangerous place, but IT security does not only consist of espionage and espionage
defense. In fact, three “cornerstones” of IT security can be identified.
ren:
Confidentiality Many types of data must not be made accessible to unauthorized persons
the. This concerns the "personal data" processed in many places,
the at least in Germany extensive legal protection
sneeze (elsewhere in the world, for example in the USA, this is by no means the case),
but of course also trade secrets (which manufacturer of things
would not like to know what its competitors are up to next year
Want to bring to the market?) Or details of the access mechanisms to a
Computer system such as usernames and passwords. Another important
Communication security The crucial area is communication security - confidentiality is not supposed to
be given only for stored data, but also for communication
content, and it is often desirable to inform the communication partner
to be able to clearly identify. This often also includes the »non-
repudiation «(English non-repudiation), where it is a question, unequivocally
to be able to prove that a certain communication with certain
Content has taken place, even if one of the communication partners
that denies.
Availability In addition to confidentiality, which is intended to ensure that unauthorized persons
cannot access important data, it is important to ensure that
that the legitimate users of the data are actually working with them.
can: The data must be available, which means that the rights
systems and the networks that connect them must function reliably.
sen. A robust operating system like Linux can be of great help
fe, but numerous applications require additional infrastructure such as
for example the redundant design of important system components
and the corresponding software configuration. This topic - »Hochver-
availability «- is not the subject of this training document.
Integrity The third aspect of security is essentially considered to be the
Data that you left unattended since last night, this morning
genes are still the way they were back then. If not, you can
Hardware damage is to blame, but nowadays malicious crackers also delete
does not reveal your hard drive anymore (that would be annoying, because you have removed it from
Have to reconstruct backup copies, but mostly do not really exist.
tentatively) but they have found it to be much more effective
can, simply in a database or an important spreadsheet
le to incorporate a few subtle flaws. These errors may
not discovered until much later, when serious business decisions
decisions were made on the basis of the wrong data. Especially for stock market
This can mean big problems for listed companies. In the sense of a
For comprehensive IT security, it is therefore necessary that the integrity
ger data - on the hardware level, for example through RAID systems
1 We use the word "cracker" as opposed to the popular "hacker". A "hacker"

(originally a very positive term) is simply someone who deals with interest and new
greed for a matter - typically programming - approaches and deals with it until it
mastered it almost perfectly. He only becomes a "cracker" when he has his knowledge
exploited, for example, to gain access to computer systems on which he has nothing to do with
has to look. Conversely, not every cracker is automatically a hacker - many crackers are stupid
like bean straw. By the way, we don't believe in the "hacker ethic" of just looking around-
But don't touch anything, as a cracker can cause damage just by looking around
can, often without even realizing it.
1.1 What is security? 3

and regular backup copies, and against unwanted manipulation


on through suitable cryptographic measures. Of course they are among them
"Data" also includes the programs that are involved in processing critical business
data are involved, from the operating system to the application programs
men.

B In general, cryptography - the study of methods for encryption


selection and decryption of data - an important part of the
most IT security procedures, at least with regard to confidentiality and inte-
grity concerns. On the other hand, she's not a panacea, so one
Understanding of cryptographic procedures and especially their limits
It is very important to be able to assess aspects of IT security.
A practical introduction to this topic is [Sch96].

The problems of IT security are not fundamentally different from the
Problems of security in life in general. Experience shows that the threats
threats in the »digital world« are basically the same as those in the »physical
sischen Welt ": If a" physical "bank can be robbed, so can it
a "digital" one. An internet scam is not very different from one
Fraud in the "physical world". There are contracts and breaches of contract everywhere,
just like intrusions into privacy (from the tensioner with his binoculars over
the cracker who reads emails that are none of his business). The only differences
de result from the fact that computers and the Internet have a few properties
that do not find themselves in the same form in the physical world:
Computers are fast Unlike people, computers don't have a problem
by repeating monotonous tasks very quickly and often. A com
puter can try to find all phone numbers in a given area network
to see if there is a modem behind it, while that for you
Represents a very annoying task to people.
The Internet has no limits While a thief breaking into your home
If you want to physically go there, your web server is in the
Internet can in principle be accessed from any other computer on the Internet.
accessible and can also be attacked from there. The group of po-
The potential attacker is therefore much larger than in the real world.
Word of successful attacks gets around computers make it possible to
to make successful attacks accessible to people in precooked form.
that would not be able to attack themselves
to tap into. This also increases the group of potential attackers:
While in the real world, for example, opening safes without
Knowing the combination is something that requires some practice and expertise
otherwise completely inexperienced users can do so in the digital world
Individuals use a pre-built exploit to fix a security vulnerability
to exploit in a vulnerable system.

B There are now even construction kits for malware that do too


Allow less tech-savvy offenders to pick up new viruses,
To "click" worms and Trojans together, so to speak. Not really
good prospects for the troubled security administrator ...

The clocks are running faster on the Internet The virus and worm attacks of the last
months and years have shown again and again that from the first appearance
nes such harmful program until the moment when millions of
Computers worldwide are affected, often only for a very short period of time
- hours or days - lie. The "incubation times" are extremely short.
In the real world, pathogens are usually found to be
Lich slower, so that there is more time to take countermeasures
think. On the Internet, proactivity is often more successful than reactivity.
4 1 Security: Introduction

As the operator or administrator of a computer system that connects to the Internet
closed, act irresponsibly if you talk about "security"
to ignore. Even if you don't see safety as a personal problem yourself.
find (typically: "Nothing can happen to me, I'm so small and unresponsive
due, and I have good backup copies "), it can still be that way,
that you become an involuntary accomplice, for example if your (Windows) computer is from
infected by a "spambot" or by a cracker in a distributed denial of
service attack on an important web presence is shared. It's up to you,
to exclude this as far as possible; the internet is only as secure as the sum of its
Parts.

Exercises
C 1.1 [2] How would you try to check the integrity of records in a
Backup database?

1.2 Security as a business problem


Security as primary A widespread but dangerous tendency is security as primarily technical
technical problem view problem that can be solved by technical means (»We instal-
lier a firewall, and then our network is safe «). This mindset is driven by
Manufacturers of "security products" who suggest to their customers
they would have perfect solutions to offer, which the customer could do without large (expensive)
Time expenditure can be used. This is usually a - sometimes momentous -
rer - error.
The problem is that computer systems are usually only part of a
System represent their »system«, which, for example, also includes the people involved
includes. Your firewall may keep you from getting crackers from outside your home
Break in the network and steal your important data, but it won't stop you
an employee who was persuaded (with money) to share the same data on a
smuggle a USB key fob past the factory security. Their customers
may contact your server via SSL-encrypted websites
on to sign up there, but they give away a friendly voice on
Phone their usernames and passwords if only convincing enough
claims to act on your behalf. And finally, is your firewall system
perhaps largely invulnerable to today's attacks, but what
is with the attacks of tomorrow and the day after tomorrow?
Security: not a finished product Security is not a finished product that you can buy, but an ongoing
A very difficult process - and there are no “off the peg” standard solutions. Effective
you as the system operator or administrator must always involve full security.
den, just like the users of the system, and is never "finished" in the sense
that you no longer have to worry about it.
one hundred percent security Another very important observation is that “one hundred percent security
heit «is not really possible. The more you focus on your ideal of perfection-
approach, the more expensive each improvement becomes, and exponentially. On the
There is a risk of quoting a commonplace: Security costs money, and from one point onwards
at some point, more security costs a lot more money. It is obvious that
You shouldn't be spending more money on security measures than you are losing
would if the event occurred against which these measures are intended to protect you.
But this turns security from a technical problem to a problem of
Actuarial Mathematics: How likely is it that a certain scholar
does it happen, and what will it cost you to repair the damage if it does?
This gives an upper limit to the effort that you should go into
to exclude this damage in advance.
1.3 Attacks 5

Date: Fri, Oct 15, 2004 10:16:05 AM -0500


Message-Id: <74643946.80880 @ support @ citibank.com>
From: Customer Support
To: Hugo
Subject: NOTE! Citibank account suspend in process

Dear Customer:

Recently there have been a large number of cyber attacks pointing


our database servers. In order to safeguard your account, we require
you to sign on immediately. This process is mandatory and if you did
not sign on within the nearest time your account may be subject to
temporary suspension.

Please use our secure counter server to indicate


that you have signed on, please click bellow:

http://221.4.199.31/verification/

Thank you for your prompt attention to this matter and thank you for
using Citibank (R)

Regards,
Citibank (R) Card Department

Figure 1.1: »Phishing« for account data - a real attempt

1.3 Attacks
What attacks could you (or your computers) be exposed to? Here is a short
zer overview:

Destructive attacks "A cracker has erased all of our data!" - the
Every system administrator's nightmare. Or? Of course you have good safety
backup copies that you can import quickly so that your system can be restored soon.
which is available (meaningfully after the security vulnerability over which
the cracker even got access to your system, identified and