Server Security

• Do you administer (or use) an NT server, Unix, Netware, etc?
• Administrators have a lot to worry about if the server is connected to the Internet. Even local systems (e.g., in a school or library) could have security problems.
• End users need to know about policies in place, and possible vulnerabilities.

Issues:

• Servers are used by lots of people (or other computers) at a time. It's often hard to know everything they do or how all their software works.
• Servers are, by their nature, networked. They may be Internet Web servers, file servers, or email servers. They may be LAN servers for applications. They may host user's home directories.
• Servers have ways of limiting access to files or programs.
• Problems occur when:
  1. Software is incorrectly installed
  2. Defaults (like default usernames and passwords) are not changed
  3. People post information about bugs in your software that are exploitable
  4. People are granted more access than they need

Vocabulary:

Server: A frequently used term with lots of meanings!

1. A general-purpose computer meant to communicate to other computers, often in a non-peer way. For example, the server computer for a school might use NT and host lots of programs and files shared by other computers.
2. Particular software meant to "serve" information. For example, Apache httpd is Web server software used by many computers to send Web pages to the world
3. Some combination of #1 and #2.

Major threats:

1. Internet hackers: if your system is on the Internet, it will be subjected to attacks -- even if it is "hidden" or private. Only a firewall or similar security system can stop hackers can reaching your system (obscurity doesn't work).
   • All systems have vulnerabilities
   • All software has bugs
   • The Internet is an open and trusting network, so easy to abuse
   • There are thousands of potential hackers who will use simple well-known exploits to try to break in
2. Internal abusers: People with legitimate access to your servers will attempt things they shouldn't (sometimes by mistake, other times on purpose). There are probably fewer people inside your organization who will try to gain such access than there are outside (outside hackers), but they will have several advantages to make them harder to stop.
3. Viruses, etc.: they are not as much an issue with server computers because server operating system software (NT, Novell, Unix) enforces access controls. However, a hacker would want to insert a trojan horse program that looks legitimate, but actually does something undesirable.
   • Can you spot a trojan horse? Only if you have a way of checking whether your files have changed. Tripwire is one tool for this.
   • Do many users have full administrative control of your systems, or do you have a hierarchy of levels of access?

What to do?

1. Devise policy for who should have access to what
2. Understand your software and have it installed correctly
3. Keep posted of new security problems, patches to software, etc. and upgrade frequently (easier a little at a time than a large change later!). Remember, thousands of hackers are also keeping informed this way!
4. Watch the logs
5. Keep good backups. Stuff happens.
6. Install Tripwire or another file integrity checker
7. Consider a firewall or other network access control device for Internet access

   ---

   Themes

   PCs: viruses, trojans, and shared systems

   Servers: file protection, access control, server software vulnerabilities

   Privacy: policy, copyright, laws, internationalization

   Data integrity: encryption, IP security

   Resources on Computer Security

   ---