What makes a system insecure?
Switching it on. The adage usually quoted runs along these lines:
"The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it." (the original version of this is attributed to Gene Spafford).
Security holes manifest themselves in several ways; two possibilities are:
- Physical Security Holes
The potential problem is caused by giving unauthorized persons physical access to the machine, where this might allow them to perform things that they shouldn't be able to do.
An example of this is the need to restrict access to confidential backup tapes, which may (otherwise) be read by any user with access to the tapes and a tape drive, whether they are meant to have permission or not.
- Software Security Holes
The problem is caused by badly written items of "privileged" software (daemons, cronjobs) which can be compromised into doing things which they shouldn't. The most famous example of this is the "sendmail debug" hole which would enable a cracker to bootstrap a "root" shell. This could be used to delete your filestore, create a new account, copy your password file, anything.
New holes like this appear all the time, and your best hopes are to:
- try to structure your system so that as little software as possible runs with root/daemon/bin privileges, and that which does is known to be robust.
- subscribe to a mailing list which can get details of problems and/or fixes out to you as quickly as possible, and then ACT when you receive information.
In summary, don't trust installation scripts/programs! Such facilities tend to install/run everything in the package without asking you. Most installation documentation includes lists of "the programs included in this package;" be sure to review it.
Why and how do systems get broken into?
This is hard to answer definitively. Many systems which crackers break into are only used as a means of entry into yet more systems; by hopping between many machines before breaking into a new one, the cracker hopes to confuse any possible pursuers and put them off the scent. There is an advantage to be gained in breaking into as many different sites as possible, in order to "launder" your connections.
Another reason may be psychological: some people love to play with computers and stretch them to the limits of their capabilities. Some crackers might think that it's "really neat" to hop over 6 Internet machines, 2 gateways and an X.25 network just to knock on the doors of some really famous company or institution (eg: NASA, CERN, AT&T). Think of it as inter-network sightseeing.
As to the "How" of the question, this is again a very sketchy area. Suppose a computer account is be passed back and forth between students:
Mary gives her account password to her boyfriend Bert at another site, who has a friend Joe who "plays around on the networks." Joe finds other crackable accounts at Marys site and passes them around among his friends. Pretty soon, a whole society of crackers is playing around on the machines that Mary uses.
One solution is in education - teaching that the use of the computer is a group responsibility and making sure that users understand that a chain is only as strong as its weakest link.
To whom do I report a suspected Security incident?
First, your supervisor or department head. The Office of Computing and Communications Services (OCCS), if the incident involves resources managed by them firstname.lastname@example.org or call 757.683.3192. The Data Security Administrator and others can advise, assist and work with others on your behalf. The Security Administrator will coordinate investigations, notify appropriate individuals, maintain incident reports and contact outside sites. If warranted, OCCS will contact
- The University Hearing Officer in the Student Services Office if the suspect is a member of the University student community and has violated University policy;
- The persons supervisor/dean if the suspect is a member of the faculty or staff; most likely, the University Auditor and Human Resources will be contacted as well;
- An administrative contact at another site if the incident originated off-campus at that site;
- The University Police if the suspect is unknown or not affiliated with ODU or if the incident is serious and violates federal or state laws. They will work with the local police or FBI office if necessary. In addition, they can take a report for information purposes only and close it without an investigation.
What should I do when I receive spam email or chain letters?
You can either delete the note or contact email@example.com. It is not as simple as sending the spam back to the sender himself, for, in most cases, the sender not only does not care, but has shielded him or herself with fraudulent message headers, and/or has used a disposable account to commit the offense. Additionally, if the reply does reach the spammer, the only thing this accomplishes is letting him know he has a valid address when he sent the spam to you.
If you post to newsgroups, make your address worthless by using your newsreader's settings to add something like "-nospam" to your e-mail address. "Free" e-mail services usually mean lots of spam. If you choose to use them, be forewarned.
Never click on any web links or open attachments associated with spam. If you're given the "option" to remove your address, don't do it unless you're certain the organization is reputable. More often, this is just a way to verify that your address is still actively used and therefore still of value to the spammer.
Never forward spam to others, unless it is to Computer Services. Please read How to Avoid Spam.
What can I do about spyware?
OCCS has posted a page addressing spyware: Spyware Protection.
What do I do if I receive a harassing email?
First of all, do not delete the offending email. The original note (not a forwarded copy) is necessary to retrieve the email headers. Email is quite easy to forge, and therefore, the routing information contained in the headers is crucial to tracking the true source (address). Without having the headers, and therefore some evidence that a site is involved, most sites we contact wont even begin an investigation, much less take action against the offender.
How can I generate safe passwords?
With enough time and effort, passwords can be broken. Therefore you can't really generate safe passwords - you can choose good passwords and by following a policy of changing them often significantly reduce risk of compromise. The key word here is GENERATE. Once an algorithm for creating passwords is specified using some systematic method, it merely becomes a matter of analyzing your algorithm in order to find every password on your system.
Unless the algorithm is very subtle, it will probably suffer from a very low period (i.e., it will soon start to repeat itself) so that either:
- a cracker can try out every possible output of the password generator on every user of the system, or
- the cracker can analyze the output of the password program, determine the algorithm being used, and apply the algorithm to other users to determine their passwords.
The only way to get a reasonable amount of variety in your passwords is to make them up. Work out some flexible method of your own which is NOT based upon:
- modifying any part of your name or name+initials,
- modifying a dictionary word,
- acronyms, or
- any systematic, well-adhered-to algorithm.
For instance, NEVER use passwords derived from ANY dictionary word (or personal information), modified in ANY way, as this will result in a potentially guessable password.
Why are passwords so important?
Because they are the first line of defense against interactive attacks on your system. It can be stated simply: if crackers cannot interact with your system(s), and they have no access to read or write the information contained in the password file, then they have almost no avenues of attack left open to break your system.
This is also why, if crackers can at least read your password file (and if you are on a vanilla modern Unix, you should assume this) it is so important that they are not able to break any of the passwords contained therein. If they can, then it is also fair to assume that they can (a) log on to your system and can then (b) break into "root" via an operating system hole.