Well, linux was my summer project. I learned a lot more than I thought I would, not just about linux, but the workings of a computer in general. Anyhow, I'm taking my computer back to school next week. I was wondering if anyone had any suggestions for security measures to take before I go. I've read some of the board, and they all suggest things like turning off ctrl + alt + del rebooting (not sure why? you could always put a password on lilo, right?), disabling the physical login of root and leaving su enabled, hiding su, etc... If that's all I need to know before I go, then great. But I was wondering if there was anything else...only because I read somewhere once that because X is a "server", it is vulnerable to a lot of security issues and it could be dangerous to leave it connected. Any suggestions would be greatly appreciated. By the way I'm running Slackware 9, if that helps.

Originally posted by dwyatte
Well, linux was my summer project. I learned a lot more than I thought I would, not just about linux, but the workings of a computer in general. Anyhow, I'm taking my computer back to school next week. I was wondering if anyone had any suggestions for security measures to take before I go. I've read some of the board, and they all suggest things like turning off ctrl + alt + del rebooting (not sure why? you could always put a password on lilo, right?), disabling the physical login of root and leaving su enabled, hiding su, etc... If that's all I need to know before I go, then great. But I was wondering if there was anything else...only because I read somewhere once that because X is a "server", it is vulnerable to a lot of security issues and it could be dangerous to leave it connected. Any suggestions would be greatly appreciated. By the way I'm running Slackware 9, if that helps.

you might want to consider a firewall like the ones offered here http://freshmeat.net/search/?q=firewall&section=projects&x=0&y=0
or you can write one simila to this one http://www.linux-firewall-tools.com/ftp/firewall/standalone.firewall.1

Hi,
I would suggest you do the following before connecting the computer to the network:

1. Disable telnet/ftp access. If you need to access the system remotely use ssh..

2. Disable NFS unless you need it.
3. Disable SAMBA unless you are using it.
4. Password protect LILO
5. Make sure that the screensaver is password protected
6. Shutdown all un-needed services.
7. Install a firewall. I use Firestarter (http://firestarter.sourceforge.net/).

These are all I can think of right now. Will post more when they occur to me.

Hope this helps.

- Suramya

So, I should consider a personal firewall. Is the network's firewall not good enough? What advantages would a personal firewall have? Sorry, I don't know a whole lot about networking (I'm on dial-up at home and don't stay online for long periods of time...so I don't really have to worry terribly about these kinds of things).

Also, I plan on using Samba, as we have something called CFS (common file system). I haven't messed with Samba yet as I've had no need to, but how would I go about using it securely (and what other security risks are involved with using it?)

I found these somewhere on my university's unix user's support group webpage. From the looks of it, they'd help secure any system. I thought I'd post them in case anyone wants to take a look at them

http://www.itso.iu.edu/howto/secure-unix.pl

http://www.itso.iu.edu/howto/triminetd-unix.epl

http://www.itso.iu.edu/howto/

Yes you should definetly install a personal firewall. The network firewall blocks outsiders (People offcampus) from connecting to the campus netwok. It doesn't stop the people on campus(Behind the firewall) from trying to hack a computer on the same network.

On my university network most of the attacks on the campus servers/computers originate in the dorms.

I havn't used samba at all so someone else will have to answer your questions on that.

- Suramya

I would avoid Samba like the plauge on a hostile network. On your own LAN where you can protect all your resources it would be one thing, but I would consider a university campus network to be by far the most dangerous place to put a computer. Think about it, many computer savvy people in one place, most of them are not mature and have no concept of responsibility or respect, many of them are learning new things about computers that they want to test, and they want to show off their "skills" to their friends, there's tons of free bandwidth, and very rarely is it ever monitored. That's a recipe for disaster if you ask me.

Any machine that you connect to a university network should be treated like it's actively under attack 24/7, because that's probably not far from the truth. Most virii and DDoS attacks originate from universities. In a university you also have to have very high physical security because of roomates and the constant traffic of their friends, and their friend's friends, etc.