Crackers use many methods to gain access to a system, here is a list of most common methods to block unwanted access :
- Every Servers that you run is a potential doorway for both legitimate users and cracker to have access to your system. So if you don’t absolutely need a server to run, shut it down. If a computer has less server running, crackers have less means to exploit a bug in that server.
- If you abosolutely have to run a service, make sure it is the latest version. Almost always the latest version is a bug fix from the prevision version, along with other usefull features. So check out the change logs before you do so.
- Many servers use passwords to control access to the computer. For such servers, password maintenance is extremely important. Most servers use the main Linux password database, so setting user passwords with passwd handles them all. A few servers, though, use their own password databases, ie, samba either the Linux password database for unencrypted passwords or its own password database for encrypted passwords. Virtual Network Computing (VNC) is a remote login tool that normally uses passwords stored in users’ home directories.
- To prevent abuse, you might want to keep anybody but computers on your local area network (LAN) from accessing a VNC login server. You’d still implement password protections on this server; however, nobody from outside your LAN has any business even trying to access it, so you block any such attempts before they can even get the chance to enter a password. You can use similar restrictions to block only known troublemaker IP addresses or to grant access to specific systems outside of your LAN—for instance, to enable employees to use the VNC server to work from home if they have broadband Internet connections with static IP addresses. These IP address restrictions can be plemented using, Firewall, TCP wrappers and xinetd.
- Because a potential bug in a server can give a cracker full access to your system, the best way to stop this is to give a server limited access to your system. Two common ways do this:
1) Running a Server as a Minimum-Privilege User: A font server only needs to be able to access font files, process them, and pass the results over the network. Therefore, there’s no reason to run a font server as root. Doing so only increases the odds that a cracker will be able to abuse a security flaw to gain root privileges on your system. On the other hand, some servers, such as most that accept user logins, need to run as root. Server documentation usually specifies the minimum privileges the server needs. Many low-privilege servers can run as nobody (a special low-privilege account that’s standard on most systems). Others may require or benefit from server-specific accounts.
2) Using a Jail: A chroot jail is a way of running a server in a special Linux subsystem. The idea is this: Set up a directory tree that contains all the files a server needs to operate, including library files, executables, configuration files, and so on. Once this is done, run the server in such a way that it can’t access files outside of this special directory tree, even with root privileges. This approach isn’t perfect, but it can slow down intruders.