Chapter 8. Platform Specific Issues
Microsoft Windows-based PCs?
Strengths and vulnerabilities
The Windows operating system for the Intel x86 (or equivalent) processor is by far the most popular computer system ever built. The capabilities of the operating system and related applications, from an enduser’s perspective, are remarkable. There is a vast amount of commercial, shareware, and free software available for it. Although experts are hard to find (as with most systems), there are many people who have reasonable levels of knowledge about these systems. There are many competitors on the hardware side, resulting in much variety and relatively low prices.
From a security point of view, Windows is not quite as attractive. The core operating system was not originally written with either network connectivity or security in mind. The more recent versions (Windows 2000, Windows XP, and later) have addressed many of the original concerns, but security is still lacking and the current changes are of little help to users who are still running older systems. Until recently, Microsoft did not have a strong focus on security, although that is changing, particular with the media attention on bugs and other exploitable flaws in Microsoft operating systems.
The built-in functionality of their systems and applications has often been enhanced at the expense of security. In many cases, to make things easy for the novice user, systems are delivered with many sub-systems and capabilities enabled, which makes them available for exploitation. Due to the prevalence of these exposures and the number of installed computers, the Windows-based PC has become a major target of malicious programmers who have churned out viruses, worms, and Trojans by the tens of thousands. The Windows GUI (graphical user interface) is sufficiently user-friendly that the system is now used by millions of people with little technical knowledge or interest. This type of user base, coupled with the vulnerabilities cited above, has made Windows-based systems prone to security problems.
How to protect yourself
Virtually all of the rules in this manual apply to Windows systems and security-conscious users should consider each of the recommendations seriously.
Software currency
If you have adequate bandwidth, use Microsoft’s Windows’s Update site to keep your operating system up-to-date. If reasonable bandwidth is not available, consider using Windows Update for critical security patches (they use far less bandwidth than the larger Service Packs). If Windows Update is not practical, updates can be downloaded from Microsoft’s Download Center:
(http://www.microsoft.com/downloads).
Perhaps your ISP or some other service provider could download them and distribute them locally on CD. Although it takes significant resources, a Windows Update-like service called Software Update Services can be run on a local site for Windows 2000 systems:
(http://www.microsoft.com/windows2000/windowsupdate/sus/).
Accounts
For Windows NT, 2000, and XP which support multiple users, you should ensure that there are no unnecessary user accounts set up. In addition, make sure that all users choose robust passwords, as described earlier in Part 2 of this Handbook. Users should only be given the privileges that they require. For example, even if a machine is administered by its’ primary user, the user’s basic operational account should not have administrator privileges.
File Sharing
If you do not use file sharing or print serving, make sure that the capability is completely disabled. The procedure can be found in Windows Help or within the Microsoft support site; search for “disable file sharing XX” where XX is the version of your system, such as XP or 2000. If you do allow file sharing, make sure you give out no more privileges than necessary.
File System
The FAT and FAT32 file systems historically used by Windows cannot be properly secured, particularly if you are using file sharing. The NTFS file system should be used whenever possible, if there is any network file access. Note that NTFS can not be used in some cases where you have a dual-boot machine or need to access the hard disk from another operating system.
Systems Services
Some systems come with all services enabled in order to allow sophisticated computer-to-computer communications. If you are not in a corporate network, disable the services that you do not need.
Firewalls
Install a software or hardware firewall. Free software versions are available. Keep the firewall up-to-date. Make sure that the firewall is configured to warn you if unusual activities are taking place.
Anti-virus software
Install anti-virus software. If you cannot find freeware that is kept current, you should invest in commercial software. Some virus software companies offer dynamically downloaded free virus checking. Keep the virus signatures up-to-date; some vendors offer daily updates, others provide weekly updates, or longer term. The more current your virus definitions are, the better your system is protected.
Malware detectors
There are programs which will scan your system for all sorts ofpotentially malicious software. Pest Patrol (http://www.pestpatrol.com), Lavasoft
(http://www.lavasoftusa.com/software/adawareplus/) and SpybotSD
(http://www.safer-networking.org) all have free programs that detect various malware.
Security Review
If you are a non-technical user with no support organization available to help you, take a look at Microsoft’s recommendations for home users:
http://www.microsoft.com/security/home or http://www.microsoft.com/protect/.
If you are an IT professional, go to: http://www.microsoft.com/technet/security. If you have a newer system, consider running the Microsoft Baseline Security Analyzer
(MBSA) that covers Windows 2000 and XP systems.
Macintosh
Strengths and vulnerabilities
Historically, the Apple Macintosh computer and operating system has been far less prone to security problems that the Windows PC. Moreover, since there are far fewer Mac users than there are PC users, malicious attackers have not been as interested in targeting them. Perhaps the largest vulnerability is that, for these reasons, Mac users often think they are safe and do not bother to take precautions. MacOS systems prior to MacOS X used a proprietary operating system. MacOS X is based on the FreeBSD Unix system, and should be considered a specialized Unix system with regard to security (see next section on Unix). For MacOS X, there are many system services bundled within the core system, but they are all shipped disabled.
How to protect yourself
Software currency
Make sure that your system is full patched. Go to: http://www.apple.com and click on support. As with Windows systems, there is a good chance that an unpatched system will be infiltrated within hours or days, particularly if it is permanently attached to a network.
Accounts
Make sure that all accounts that you do not need are disabled or deleted. In particular, make sure there are no Guest accounts without a password. Limit administrative privileges to accounts that actively need them and do not use an administrative-capable account for your routine work.
File Sharing
Disable file sharing if you are not using it. If you are using file sharing, make sure the privileges are granted at minimum level required.
Services
Do not enable services that you do not need. If you enable them temporarily, but will not use them often, disable them when you are through.
New applications
If you install new network-oriented applications, particularly those originally designed for Unix, be aware that they may be vulnerable in ways that were uncommon in systems built prior to MacOS X.
Firewalls
Install a software or hardware firewall. Keep it up-to-date. Make sure that the firewall is set to warn you if unusual activities take place.
Anti-virus software
Install anti-virus software. If you cannot find freeware that is kept current, you should invest in commercial software. Keep the virus signatures up-to-date. The more current your virus definitions are, the better your system is protected.
Unix, Linux, and Related Systems
Strengths and vulnerabilities
Unix systems have historically been used as servers (both for system services and for multi-user computing) and as workstations in computer science and physical science environments. Over the last decade, they have made some modest inroads against Windows and Macintosh systems as single-user workstations in other environments.
With the recent popularity of Linux, this phenomenon has spread, partly because the system is so attractive and partly because Linux is viewed as a (free) replacement for Windows. This latter trend is probably stronger in the developing world than it is in developed countries, due to the higher relative cost of software compared to salaries in developing countries. Traditionally, Unix’s strengths have been its flexibility coupled with the impressive base of user and corporate-developed software that has grown over the years.
Unfortunately, Unix’s flexibility and power has not been accompanied by a user-friendly front-end (from a novice user’s point of view). As a result, when these systems have been used as workstations for those who do not wish to become Unix experts, strong systems support staff were needed. To some extent, this is being addressed, with MacOS X being the best example. However, the foundation of the system is still complex, and there are many opportunities for a naive user to leave doors open for security breaches. Although Unix systems have been relatively virus free, they have the distinction of hosting some of the earliest worms and Trojans; these are still major potential problems.
How to protect yourself
The following comments augment information supplied in the rest of this Handbook. Virtually all of the items in the preceding seven chapters apply to Unix, Linux and related systems, and must be addressed if your computer is to be moderately secure. This section focuses primarily on single-user workstations. Those responsible for servers should read Part 5 of this Handbook.
Multiple Unix Variants
Because there have been a variety of versions of Unix-like operating systems, many pre-installed security mechanisms are vendor-specific. It’s particularly important to read all of the manuals for your vendor’s version of Unix. Several good books, web sites, and mailing lists devoted to Unix security are listed in Annexes 2-5.
Software currency
It is imperative that software be kept current, and that all security patches be applied quickly. Details on where to get updates and how to apply them vary from system to system.
User Privileges
The user root (uid 0) is the superuser and usually has the ability to modify every aspect of the system. Accordingly, protecting the root account and processes that run with root privileges is a critical aspect of Unix security. Avoid using the root account for routine activities, and disable logins by root. When you must use root, use the superuser command (su, or a variation like sudo) to change from your normal user account to root.
If you have multiple users on your system, consider using access control lists of other mechanisms to limit the file access that these users have.
When possible, run network services as a non-root user.
Never unpack or compile new software as root. It’s often possible to compile software in a chroot environment to protect yourself against some kinds of Trojan horses.
Remote disk mounts
If you use some mechanism to allow remote access to your disks (whether to other Unix systems or to PCs) use robust passwords and, when possible, limit access to the files that the applications demand.
System Services
Many Unix systems are shipped with a large variety of system services including FTP servers, web servers, and mail servers. In many cases, these systems are active and operating by default. All networkbased services that you are not using should be disabled. Some people feel that since the service is there, it should be used, even though they do not have the technical expertise to manage it securely. This is a big mistake and such services should not be run on user workstations without good reason and adequate support.
Many network services are started by the inetd (or xinetd) daemon. Examine the configuration file(s) used by this daemon and disable any services that you do not need. Other network services are started at system boot by files in the /etc/init.d or /etc/rc*.d directories on in the files /etc/rc and /etc/rc.local. Disable any services that you do not use. Pay particular attention to services that may provide outsiders with information about your system or its users, such as fingerd.
If you run anonymous FTP services, use an up-to-date version of the FTP daemon. Don’t provide your real /etc/passwd file in the FTP area. Make sure that /etc/ftpusers, the list of users who cannot connect by FTP, includes at least root, uucp, bin, and any other account that does not belong to a human being. Be wary of directory permissions and ownership in the FTP area; configure “incoming” directories to prevent downloads and “outgoing” directories to prevent uploads. Scan your FTP logs regularly.
Firewall
Every Unix system should run its own host-based packet-filtering firewall. Consult vendor documentation to determine if your system has a firewall and how to use it. Typical firewall configuration tools include ipfw, ipchains, and iptables. These firewalls should be configured to block all packets by default, and to allow only packets destined for services that you intend to provide.
Default Accounts
Many Unix systems come with several default accounts that are used to separate process or file ownership privileges, such as daemon, bin, uucp, etc. Make sure that the encrypted password entry for all of these accounts begins with a “*” character so that no possible password can be used to access the account. Only the root account should have a valid password. No one can log into the other accounts (although root can still assume their privileges with the su command if necessary).
Malware detectors
There are a number of tools which help a Unix administrator ensure that there is no malicious software on their system. One of the oldest is Tripwire, which verifies that the critical system utilities (and other files) have not been surreptitiously altered.
|
