There is a lot to understand about networking in order to secure your
network. Fortunately Debian GNU/Linux is generally by default quite
secure. That is, the default configuration of packages tend to be
secure. You have to take action to make them insecure. Nontheless, it
Here are some random jottings:
To start with, if someone has physical access to your hub-based
network they can plug in a machine and do many things.
With a passive ethernet frame sniffer an attacker can listen for ARP
requests on a network and guess at IP addresses that may not be in use
within the range of available adresses for the network and use this as
its own address. Even if your network has hosts using the whole range
of addresses that are available there's always the likelihood that one
PC or Laptop is turned off so that its IP address is free.
If you use a switch-network and put MAC address filters on the switch
an attacker can simply unplug an existing PC or Laptop and take over
its MAC address.
Normally the MAC address is in the ethernet card. A typical situation
is to plug a Laptop into a network and perhaps bring up the interface
using DHCP to get an IP but may not be able to do much more.
In some situations the MAC address can be set in software. DECnet,
for example, depends on being able to do this. Older suns had the MAC
in battery-backedup ram and used the same address for all ethernet
cards in the system. When you change the 48 bit MAC address you are
actually turning it into a customised MAC address which will be 96
bits long consisting of the original 48 bit MAC followed by the new 48
bits you set. To the outside it appears as another MAC address.
You can change the MAC address with:
# ifconfig eth0 hw ether 00:50:56:01:00:00
Turning off DHCP will help protect against users that plug in a Laptop
but not the hackers you're trying to guard against.
LinuxSecurity.Com wins Source of the Month for July,
This month's LinuxLock.Org Security Source of the Month goes to a group of individuals dedicated to
bringing security to the fore-front of the linux community; this is the staff of LinuxSecurity.Com. Since
we started following the site in January 2000, it has evolved into one of the internet's premiere sources
of Linux Security Information.
LinuxSecurity.Com contains a large newsfeed, of linux security news, articles, and press releases, to
keep us on top of the industry.
This month pushed them over the top, when they released The Linux Security Quick Reference
Guide. This guide is a printable pdf document with numerous security checks and tips, some of the
sections include Linux Kernel Security, File Permissions, Intrusions Detection, Linux Security
Resources, and more.
LinuxSecurity.Com has provided original features every month, covering things such as, how to use
certain security tools, and interviews with Security Guru's. This month LinuxSecurity Interviews Carr
Biggerstaff, Senior Vice President of Marketing, and Thomas Haigh, Vice President and Chief
Technologist for Secure Computing, Inc. about their work with Linux and security.
LinuxSecurity.Com recieved a Slashdot post this month for an Interview they conducted with Jay
Beale, the Lead Developer of the Bastille Project. This post on Slashdot is the kind of press Linux needs
to be more aware of the security issues surrounding us, and the solutions that exsist.
LinuxSecurity.Com also contains a rather complete and growing Resources Section, a listing of local
linux security providers, a newsletter, a mailing list, and a weekly security digest.
They also feature a LinuxSecurity.Com Security Tip of the Day, that can be found on other sites such as
the highly travelled LinuxToday.Com
We all at LinuxLock.Org applaud the efforts of LinuxSecurity.Com and encourage you all to go and
visit their site, and use the various features
they have to offer... Keep up the good work.
Copyright © 1995-2006 [email protected]