5.5.10 Can my home computer get broken into?
Unfortunately, this is perfectly possible and attempts to do so are quite common. Every time you are connected to your Internet Service Provider (ISP) you are at risk. Read the previous answer if you would like to know how it is possible. Obviously, the risk is much higher if you have a permanent Internet connection (e.g. cable modem), and it is lower if your connections are more transient (as typical with short-duration, over-the phone modem connections).
The real danger is that the intruder, if s/he is able to login onto your machine on any account, may find (may know of) a "local security exploit" and get root access. This is particularly possible if you are a real newbie administrator and/or your machine is not really security oriented (you are at home, aren't you--who would care about security, you think!).
To protect yourself, just never let a stranger log onto your computer. Have fairly long passwords that contain both numbers and letters for all accounts on your computer. Change the passwords occasionally. The best way to enforce the password policies on all users of your computer is to run (as root, available in RedHat) linuxconf and under "password and account policies" change the minimum password length to 6 or more characters, the minimum number of non-alpha characters (i.e., not-letters) to 1 or 2, the number of days after which the password must be changed to something like 90 or less, and set a warning about password expiry to something like 7 days before the expiration. Check here (FAQ2.htm#pass_security) for more info on weak passwords. Absolutely NEVER create an account with no password, or with a silly weak password. Do not habitually work on your computer as "root"--if you run a program with a known "security hole" as root, somebody may find a way to hack you. Older Linux distribution have known security holes, so use an updated version if you let untrusted people log onto your computer, or if you run "server side" network services (e.g., ftp or http server).
It is also an excellent idea to occasionally screen the files that contain a record of all the logins onto your computer: /var/log/secure (the most recent log) /var/log/secure.1 (older log) /var/log/secure.2 (yet older log), etc. There are also other useful log files in the directory /var/log that you might want to view, check them out from time to time. The most typical "warning" sign is a scanning of the ports on your computer: there are repeated entries on connection request from the same IP number to your system telnet, ftp, finger and other ports--somebody tried to learn more about your system.
If you never use remote connections to your home Linux machine, it is an excellent idea to restrict the rights to use the "server side" network services (all the network services are listed in the file /etc/inetd.conf) to the machines on your home network. The access is controlled by two files:/etc/hosts.allow and /etc/hosts.deny . These access-control files work as follows. When an outside connection is requested, the file /etc/host.allow is scanned first and if the name of the machine from which the connection is requested is matched, the access is granted (irrespectively of any entry in /etc/host.deny ). Otherwise, the file /etc/host.deny is scanned, and if the name of the machine from which the connection is requested is matched, the connection is closed. If no matches are found in either file, the permission is granted.
B. Staehle (a Linux modem guru) wrote to me to advice not to install network services at all. "If your network services are not configured properly, you may wind up with your computer owned by some script kiddie. A newbie should _never_ be allowing services (ftp, telnet, www) to the world. If you "must" install these, make sure to only permit connections from systems you control. The file /etc/hosts.deny should contain
ALL: ALL
and /etc/hosts.allow should only have
ALL: 127.0.0.1
to permit connections only from that named host. Do NOT use hostnames! " <end of Bill advice>.
Indeed, my /etc/host.deny is exactly as advised above (ALL: ALL), but my /etc/hosts.allow two extra trusted computers to connect to all my network services, and another computer to access telent and ftp: (the IP numbers
* License
