Search:  
Gentoo Wiki

SECURITY_Logical_Levels_of_Defence

This article is still a Stub. You can help Gentoo-Wiki by expanding it.

Contents

Intro

Since we trust our computers with a lot of confidential information like trade secrets, business condition, personal banking, emails, and so on... a good question would be how trustworthy is your box, where are the weak spots and how can they be improved? This article is an attempt to organize my own vision of the problem and consolidate common solutions on different logical levels.

If you are looking for an expert information follow official Security-HOWTO

Physical Access to the Hardware

If you can touch the system, you have "physical access" to it. This is the hardest computer to secure. You might have thought of everything, with software patched and up-to-date, unguessable passwords, and firewalls to keep everyone bad out, and then the janitor decides to pawn your server to make a quick buck (or to shut it off to plug the vacuum cleaner in).

Aside from outright theft of the system, a "local" user can boot other media in an attempt to get around login systems, install keystroke loggers, network sniffing equipment, and other nasty things. Less maliciously, they can be unplugged, knocked off a desk, kicked, turned off, used to hold drinks, and more.

Typically, securing the physical access aspect of the computer is done by locking it in a room which only designated administrators can open. Even fancier would be a keycard system that tracks who opened the door at what time, so that in the event of the room suddenly becoming empty, someone can be blamed.

Boot Media Substitution

To make the "floppy access" to the system a little bit more difficult, you can consider running a computer without a floppy drive :-), I mean you can leave the floppy drive and CD drive in place, just don't plug in the data cable. It will extend the time needed for intruders to do their work (they just don't expect to have to do troubleshooting on your system).

You can set up the boot sequence (in the BIOS setup) so that the system boots from the hard drive before the floppy and CDROM are tried, and add an administrative password for changes to the BIOS settings. Still, I worry that these BIOS passwords are very easily crackable, or that one could remove the small battery that sustains the BIOS setting.

So push it to the edge: unplug the data cable for the Floppy and CD/DVD. Unplug your keyboard and mouse and disable them in the BIOS. Lock up the room and set biometric ation system at the entrance.

Access to the Media

Somebody could also remove the hard drive and connect it to another computer for reading. So your media should be encrypted.

You may wish to carry your data with you at all times, there are many types of removable hard drives and caddys you could use for this purpose, but don't forget: if you then lose your hard drive, you've lost your data!

Online Security

From Inside

From Outside

Weakest Link

Human

Social Engineering and human attacks are one of the hardest to guard against in many respects. These can include anything from phoning up an employee and pretending to be someone in another depeartment or an isp etc. in an attempt to get passwords or information that can then be used for attacking the system to even things like a disgruntled employees attacking a system.

The only way to really guard against attacks such as these are to remove the human element from the situation where possible and to limit any impact that anyone can have if they do manage to get in. In addition logging will help to identify any intrusion into a system and if it is made known that logs are kept then it can sometimes act as an effective deterrent.

Software

Hardware

Intervention Prevention

Incident Workout

Retrieved from "http://www.gentoo-wiki.info/SECURITY_Logical_Levels_of_Defence"

Last modified: Mon, 08 Sep 2008 07:20:00 +0000 Hits: 6,543