[ale] Cracked many Linux systems

Jerry Z. Yu z.yu at Ptek.com
Wed Mar 28 11:15:22 EST 2001 

like Joonathan said, a distri. should be made safe for the 'public'
thus the 'being cracked' horror stories can be avoided. Otherwise the
LINUX's reputation can really be tarred.

To cater to the greater public, a distri should have a 'workstation'-type
cluster and should be the most strongly recommended cluster, unless the
user really know what he/she is doing. 	Numerous warning/explanation for
any change shift from the default setting.

the 'workstation' cluster should have
1) limited service/daemon if any.  A checkbox list w/ warning/explanation
during installation and after.
2) restrictive firewall by default. nice GUI to adjust during and after
install.
Zonesalarm-type security config level works for me on the windows side:
set different security  levels and use rule set accordingly. Capability
is also desired to drill-down to customize an individual rule (which
home-use zonesalarm doesnot have)

By default the 'workstation' cluster's firewall should be at level
'paranoid' or at least 'high':

0) paranoid: ifdown all interface except lo (rermove nic/dsl/ppp/cable/wireless)

1) high: lan/wan interface is up, w/ most restrictive firewall rules:
	0) disallow forwarding
	1) disallow any incoming connection other than from loopback
	interface, esp. to X and to database
	2) allow only limited outgoing connection request types
	http/https/ssh/domain/ntp/limited icmp types
	3) only allow related incoming response for the types in 2)

2) medium:

3) low:

4) free4grab/open2all:

Do feel free to fill the blanks or review...


On Wed, 28 Mar 2001, Jonathan Rickman wrote:

#On Wed, 28 Mar 2001, Bob's ALE Mail wrote:
#
#> One knowledgeable security expert estimated that the average life of an
#> unhardened Red Hat 6.2 system on the Internet (before being cracked)
#> is two weeks.
#
#Depending on who you speak with, I may or may not be considered fairly
#knowledgeable so take this for what it's worth.
#
#<RANT>
#At the present time, anyone who places a stock RH 6.2 box on the public
#Internet would be extremely lucky to make it two DAYS. I'm still getting
#IDS logs from Ramen, nearly three weeks after the worm went public. It's
#still out there. Haven't got hit by Lion yet, but I'm sure that will
#change by the end of the day. I've heard of RH 6.0 boxes being compromised
#within hours of the first boot. I've seen my own systems probed within
#seconds of coming online. If you're on a cable or DSL connection, these
#rules do not apply to you. You WILL be cracked in the first few days.
#Don't tempt fate. If nothing else, go to freshmeat and download
#pmfirewall. Linux has earned a decent reputation when it comes to security
#but this is rapidly changing. Perception is everything. If every Linux
#user takes the appropriate steps to secure their systems we, as a
#community, might be able to step out of the way of the freight train that
#is currently bearing down on us. That freight train is loaded with
#corporate execs that hold the future of our beloved OS in their hands.
#If we destroy the Linux reputation through blatant stupidity we will see
#Linux relegated to "hobby status". Personally, the thought makes me sick.
#But the fact remains, Linux didn't really take off until the gaze of the
#corporate world fell on it. The pace of Linux development has tripled in
#the last three years. Don't kid yourselves, it's not because the open
#source community is that dedicated...it's because someone tossed enough
#money into the pot to allow many in the community to turn their hobby into
#a full time job. Right now the statistics show Linux slowly losing ground
#to W2K in terms of overall system security. We all know that this isn't
#true. Misconfigurations (or no configuration) can weaken any system. It
#just so happens that, at the moment, more folks are screwing up with
#Linux. This trend has to stop...
#</RANT>
#
#If anyone out there in ALE land has a question related to security, please
#do not be afraid to ask. I am willing to help any home user or non-profit
#org who asks, and I'm fairly certain that if I can't answer your
#questions...someone on this list can.
#
#<MINIRANT>
#It wouldn't hurt if the vendors started locking down their distros by
#default either.
#</MINIRANT>
#
#--
#Jonathan Rickman
#X Corps Security
#http://www.xcorps.net
#
#
#
#--
#To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
#

Jerry Z. Yu					+1-404-262-8544 (O)
Systems Engineer				https://punch
IS Support, Voicecom,				www.voicecom.com
A business unit of PTEK Holdings, Inc.		www.ptek.com
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
Manage all your important communications ==\
and information in one place using	 ===>	www.orchestrate.com
Voicecom's Orchestrate 2000 service.	 ==/

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list