Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

< Previous Section: Introduction to Linux Security

1.1      Do I need to worry about security?

This is certainly a valid question. Your system is one of tens of millions of computers connected to the internet. You aren’t a high profile bank that is likely to be targeted by criminals looking for bank account numbers. Should you really worry? After all, how will the hackers possibly find your system amongst all the others? 

Let’s explore this briefly and see if we need to take steps to protect our system. Like most people I have a DSL internet connection into my home provided by the local telephone company. They have assigned me an Internet Protocol (IP) address that distinguishes me from other users on the internet and supplied me with a DSL modem that is connected to the phone line.

So that everyone in my family can gain access to the internet connection without having to run network cables throughout the house I have a wireless network. This consists of a wireless router/base station that is connected to the DSL modem. The base station is a fairly common low cost device that, like most routers, includes a firewall that provides the first line of defense for my home network. I have configured my wireless network to use the highest level of encryption so the wireless transmissions are as safe as I can make them with current consumer grade technology. 

Has anyone found my IP address and tried to get into my network? First we need to talk a little about the way a possible attack might begin – don’t worry, we’ll cover these topics in greater detail later. Computer systems talk to each through “ports”. Specific applications are configured to talk to other systems through specific ports. For example computers might transfer files between each other using something called ftp (File Transfer Protocol). The ftp client and server talk to each other through port 21. The telnet command that allows users to log into one system from another over a network does so over port 25. In fact a Linux system has 65,535 ports that can be used for various forms of communication between different systems on a network. Most of these ports on a Linux system are closed by default – but some are left open simply because closing them renders the system inaccessible to anyone except the person at the keyboard.

It is not surprising to learn, therefore, that the first thing a potential intruder will try to do is see if any useful ports are open. When intruders find my IP address (usually by running a program that tries every IP address known to man until they get a response) they will scan a range of ports to see if any of them are open. So, has anyone tried to find an open port on my system? The firewall in my wireless router has a log file I can check using a web browser. In an 8 hour period the firewall logged 130 attempts to find an open port to enter my home network. The log file is full of entries that read: 

2005/07/15 06:17:45 Connection attempt to base station from WAN blocked --
src:<xxx.xxx.xx.x:2364> dst:<nn.nnn.nnn:3306>

Each of these lines represents an attempt to break through the firewall and into a system on my network. Note that he IP addresses have been removed in the above log entry to protect the innocent (as the author of a book on Linux security it would be unwise to publish my IP address) and also, ironically, to protect the guilty (the IP address of the person trying to break into my system from outside). 

Now let’s take this one step further. I work outside my home from time to time and often need remote access to the Linux server on my home network while on the road. I do this using something called ssh (Secure Shell). The ssh utility is used to remotely log into a computer system from another system. ssh uses port 22. Needless to say I have port 22 open on my firewall and people have found this open port. I checked the logs on my Linux system to find any failed attempts to log in. I found 20 attempts to log in. All these attempts failed because invalid login and password information were entered.

Based on these experiences on what is probably a typical Linux configuration it is safe to say that no matter who you are, as long as you are connected to the internet, either directly via a cable modem or indirectly via a router there is a very good chance you will not escape the attention of those who make it their business, for what ever reason, to try to break into other computer systems.

< Previous Section: Introduction to Linux Security  Table of Contents   Next Section: The "Hacker" Word >

 
 
  © Copyright 2005-2010 Linuxtopia. All Rights Reserved.