Archive for the ‘Anti Virus’ Category
Check List for Linux Security
December 26th, 2011 | 
Author: Check List for Linux Security
Linux is an amazing operating system considering how it was originally created. It was a modest program written for one person as a hobby – Linus Torvald of Finland. It has grown into a full-fledge 32-bit operating system. It is solid, stable and provides support for an incredible number of applications. It has very powerful capabilities and runs very fast and rarely crashes.
Unfortunately Linux machines are broken almost every day. This happens not because it is an insecure operating system. It contains all the necessary tools to make it very secure. But the truth is. It hasn’t become significantly more secure with the increase in popularity. On the other hand, our understanding of the hackers methods and the wide variety of tools and techniques available contributed to help system administrators to secure their Linux computers.
Our goal in this article is to list the most critical situations, and how to prevent an invasion with simple measures.
1- Weak passwords – By far the first and most used method used by hackers to try penetrating a Linux system is cracking a password, preferently of the user root. Usually they will target a common user first, and then, using his/her access to the operating system, try to get a privileged access cracking the root password. Good password policy, and good passwords are absolutely critical to the security on any computer. Some common mistakes when selecting a password:
A- use “password” as password.
B- use the name of the computer.
C- a well-know name from science, sports or politics.
D- reference to movies.
E- anything that is part of the user web site.
F– references associated with the account.
The latest version of Linux offer shadowed passwords. If a cracker can see an encrypted password, crack it would a simple task. So, instead of storing the password in the passwd file, they are now stored in the shadow file which is readable only for root. Before a hacker can crack a password he needs to figure out an account name. So, simple accounts names must be avoided as well. Another security measure is to apply a “no login” to the account in the passwd file. This must be done to all the accounts that don’t need to log in to the system. Examples are: apache, mysql, ftp and other.
Limit which terminals root may log in from. If the root account is allowed to log in only in certain terminals that are considered secure, it will be almost impossible for a hacker to penetrate the system. This can be done listing the allowed terminals on /etc/security. The login program will consider insecure any terminal that is not listed on this file, which is readable, only by root.
2- Open Network Ports
Any Linux default installation will provide the Operating System with tons of software and services. Several of them are not necessary or even wanted by the administrator. Removing these software and services will close the path to several attacks and improve security. The /sbin/chkconfig program can be used to stop services from automatically starting at run levels 3, 4 and 5. Log in as root and type /sbin/chkconfig –list to view all the services set to start automatically. Select the ones you don’t need and type /sbin/chkconfig 345 name_of_service off. You must do that to all services you don’t want to keep running. Also, the xinetd server can be used to disable other services as well.
3- Old Software Versions
Everyday vulnerabilities are found in programs, and most of them are fixed constantly. It is important, and sometimes critical, to keep up with the changes. There are mailing lists for every Linux distribution where one can have security related information’s, and the latest vulnerabilities found.
Some place to watch for security holes are:
· http://www.redhat.com/mailman/listinfo/redhat-announce-list
· http://www.debian.org/MailingLists/
· http://www.mandrakesecure.net/en/mlist.php
· http://www.suse.com/us/private/support/security/index.html
· http://www.freebsd.org/security/index.html
· http://www.linuxtoday.com/
· http://www.lwn.net/
It is crucial to insure that the security released patches are applied to the programs as soon as they area available. The hacker community will be aware of the discovered holes and will try to explore them before the fixes are applied.
4- Insecure and Badly Configured Programs
There are some programs that have a history of security problems. To name a few IMAP, POP, FTP, port map and NFS, are the most known. The good thing is that most of these programs can be replaced by a secure version like spop, sftp or scp.
It is important that, before deploying any service, the administrator investigate its security history. Sometimes simple configuration measures can prevent serious headaches in the future.
Some advices regarding a web server configuration are well worth to mention:
- Never run the web server as a privileged user;
- Do not keep clients’ confidential data on the web server – Credit card numbers, phone numbers, mailing addresses, must be recorded on a different machine.
- Make sure the privileged data that a user supplies on a form does not show up as a default for the next person to use the form;
- Establish acceptable values for data that is supplied by web clients.
- Check vulnerabilities on CGI programs.
5- Stale and Unnecessary Accounts
When a user no longer uses his /her account, make sure it is removed from the system. This stale account won’t have this password changed periodically leaving a hole. Publicly readable or writable files owned by that account must be removed. When you remove an unnecessary service make sure you remove or disable the correspondent account.
Security Resources in the web
Bugtraq – Includes detailed discussions of Unix security holes
http://www.securityfocus.com/
Firewalls – Discuss the design, construction, operation, and maintenance of firewall systems.
http://www.isc.org/services/public/lists/firewalls.html
RISKS Discuss risks to society from computers
http://www.risks.org/
Insecure.org
http://www.insecure.org/
Are You Safe From Hackers?
We don’t use E-gold very often since most of our online business and customer sales are conducted through our online merchant account. However, we occasionally have someone who will request paying by E-gold so we keep an account there for this reason. Once a month or so we withdraw the funds and decided to do so yesterday. Imagine our dismay when we logged into our E-gold account yesterday and found our balance to be a big fat ZERO! We had checked the balance just a few days ago so we knew this was not correct. After investigating the history of the account, we found that a spend had been made to another e-gold account user WITHOUT our knowledge or authorization. We had been hacked!
Since we have up to date anti-virus and firewall software on our computer, we assumed we were safe. Not so! It seems this is not enough to keep away the hackers as the software does not prevent “Spyware” from being installed on your computer.
“Spyware” is software that gets onto your computer and literally “spies” on your activities. The spying can range from relatively harmless use of cookies tracking you across multiple websites… to extremely dangerous “keystroke loggers” which record passwords, credit cards, and other personal data. That data then gets relayed to the person who put the software on your computer.
Spyware gets on your computer in one of several different ways.
First, it rides along with software you download from the ‘Net and install on your system.
Second, they come as email attachments (much like viruses) and automatically install themselves on your computer when you open the email message.
Third, hackers find an open port on your computer and use the “back door” to install basically anything they want.
And fourth, the more malicious types, like keystroke loggers, can even get installed by someone with direct physical access to your computer such as an employer, suspicious spouse, business competitor, or someone who wants to know exactly what you’re doing.
So how do you protect yourself against these malicious hackers? You need a program that specifically scans your system for the tens-of-thousands of existing spyware programs along with the new ones appearing daily.
Below are two programs which specifically check for and remove spyware from your system:
“Spybot Search & Destroy” – http://www.safer-networking.org
“Ad Aware” – http://www.lavasoft.de/software/adaware/
You may have spyware lurking on your computer right now so protect yourself today by downloading one of the above programs!
As a point of reference, we contacted E-gold and informed them that we had been hacked. We provided them with the account number of the person who received the funds and asked for a contact e-mail address on the person. E-gold informed us that they could not provide that information without a “court order” and that basically there was no way of getting the money back!
Take action today to protect yourself from this growing threat! The bottom line is: – Keep your anti-virus program current
- Install a firewall
- Carefully screen software before installing it
- Scan specifically for spyware weekly
- Stay current on this growing threat.
Are computer viruses spread by the media?
If you believe what you hear in the media, there are an awful lot of viruses going around. No, I’m not talking about the make-you-sick kind of virus, though they get plenty of airtime, too. I’m talking about the kind of virus that enters via your internet connection rather than your nasal passages.
What the mainstream media often don’t tell you–at least, in most radio and television newscasts and in the crucial headlines and opening paragraphs of newspaper articles– is that many of these “viruses” are not viruses at all.
What Computer Viruses Really Are
The main reason the mainstream media always are in alarm over viruses is that they tend to call any malicious computer program a virus. In reality, there are at least eleven distinct types of malicious software, or malware, commonly affecting computers today. The most common of these are worms, Trojans, and spyware.
So, what’s the difference between computer viruses and the other types of malware? The difference is that computer viruses are just about the only ones that regularly shut down computers and cause other obvious damage. The most common of the other kinds of malware–worms, Trojans, and spyware–are usually only detectable with a special scan.
The Real Danger of Computer Viruses
If the other types of malware are so unobtrusive that they can only be detected with a special scan, then what’s to worry about? For starters, these programs are called malicious for a reason: they are designed to cause some kind of damage, if not to your computer, then to someone else’s.
Worms are most famously used to damage, destroy, or disrupt other computer networks than the one on which the host computer is located. For instance, worms have been used by website owners to shut down rival websites by sending overwhelming numbers of requests to the computer that hosts that website. Worms have also been used to send out viruses to other computers, often without infecting the host machine–after all, what would it benefit the worm to shut down its host computer?
Trojans, in turn, are often used to insert worms and other malware on your computer, even if the Trojan itself does no damage.
But even if you don’t care what happens to anyone else, you should still be concerned about one kind of malware: spyware, a kind of malware that, true to its name, collects data from your computer and sends it back to a remote host.
Most spyware is only interested in monitoring your internet usage so it can tell other programs, called adware, what advertising to popup on your computer. However, there are criminal spyware programs that steal financial data, or perform a thorough identity theft. Don’t think you have personal or financial data on your computer? Some spyware programs contain a keylogger, which is a program that copies whatever you type, usually in order to snatch passwords. Even if you keep no financial information on your computer, if you ever buy anything over the web, the keylogger would allow its owner to buy stuff using the same information you typed in to buy stuff yourself.
Why Blame the Media?
Given the danger of all these different types of malware, isn’t it a good thing that the mass media are becoming hysterical about it? And can’t they be forgiven the sloppy reporting of calling Trojans, worms, spyware, and other malware “viruses”?
No, no, no.
This is a classic case of bad reporting doing more damage than no reporting at all. In this case, the damage bad reporting has done is to promote a common myth that goes something like this: “The only malicious software is a virus. Viruses damage your computer. Therefore, if my computer is working OK, my computer has no malicious software. I only need to scan my computer for problems when there is a sign of problems.”
Thanks to this myth, many people complacently let their antivirus software go months out of date, not wanting to be bothered with scheduling an automatic update. Just as bad, many people don’t have any extra software to combat the other types of malware that may not be covered by antivirus software.
In fact, it’s not uncommon for people who have found malware on their computers after a scan to say, “but I never had malware on my computer before!” But how would they have known if they had never scanned!
Until the biggest mainstream media–and especially television–start educating the public about the need to have their computers automatically scanned at least daily, the world will continue to have major, drawn-out problems with malware that could have been wiped out as soon as soon as the anti-malware software makers discovered it.
And until that day, the mainstream media will have many more opportunities to run hysterical stories about “viruses,” thereby forcing them to sell more newspapers and broadcast to even larger audiences of people who suck at the information trough yet somehow never become full.