Encryption and certificates
The defense-in-depth strategy toward security requires system administrators to take every possible action to improve security. One significant improvement to security can be obtained by widespread use of encryption. With respect to the UNIX workstation, the following are security advantages to be gained:
- If a workstation gets compromised and taken over by an attacker, previously encrypted files are likely to be protected. This assumes that passphrases used to encrypt the data are kept in the users' memory and not on the workstation.
- By encrypting traffic on the local area network (LAN), the risk of being attacked from a local source is greatly reduced. Many organizations consider their biggest security feature to be the firewall between the LAN and the Internet. Hower, other workstations on the LAN also pose a significant threat. For example, if the LAN is hubbed, any workstation can listen in on all instant messaging to and from another worksation. Even if the network is switched there are readily available tools, such as ettercap, that can monitor all traffic in and out of a workstation.
- Much of the traffic that travels over the Internet, such as e-mail or FTP, is in the clear or unencrypted. The only protection afforded to this traffic is security through obscurity. In other words, the telnet, e-mail, and FTP traffic can be read in many places as the traffic is routed, but who would want to? Most users would not find this level of security very comforting.
Like most things in life, the decision to use encryption is based on a cost-benefit analysis. The benefits are huge. Because encryption is getting easier to implement the cost is certainly being reduced. It is now reasonable for an organization to encrypt all telnet, e-mail, and FTP traffic.
GNU Privacy Guard
GNU Privacy Guard (GPG) is a UNIX implimentation of the popular and robust Pretty Good Privacy (PGP) encryption program by Phil Zimmerman. Files encrypted by one can be decrypted by the other (and vice versa). GPG is free and available for all versions of UNIX.
GPG is most commonly used to encrypt files and e-mail messages. E-mail clients, such as Evolution, integrate well with GPG. If an e-mail client does not support GPG integration, the messages must be saved as a file before decrypting.
GPG uses the public-key method of encrypting data. Public-key encryption (also called asymmetric encryption) involves a pair of keys-a public key and a private key-associated with the user. A user's public key can be widely distributed and used to encrypt a file or message being sent to the user. The user then uses his or her private key and a passphrase to decrypt the file or message. In simple terms, a file encrypted with the public key can only be decrypted with the private key, and vice versa.
In addition to encrypting files and messages, GPG can be used to sign an e-mail message. A signed message allows the recipient to verify the sender. The recipient can verify that the message was signed with the sender's private key.
Users must protect their passphrase and private key. Both are needed to decrypt a file or message. If a user's private key is stolen, an attacker could attempt a brute force attack on encrypted data. Therefore, a strong (hard-to-guess) passphrase is also important. If someone obtains a user's private key and passphrase, the person would be able to impersonate the user in e-mail traffic.
The Secure Shell program
The Secure Shell (ssh) program supports logging into and executing commands on a remote machine. It is intended to replace rlogin and rsh and provide secure encrypted communications over a network. XWindows connections and TCP/IP ports can also be forwarded over the secure channel.
The ssh application uses public-private key technology to exchange a session key. All the ssh traffic is then encrypted with the session key.
The ssh application can be used to forward ports through the secure tunnel. The following is an example of using ssh to secure the transfer of e-mail to and from a mail server. The command is shown spanning multiple lines, to aid in this discussion.
ssh -l user1 \ -L 110:smtp.somedomain.org:110 \ -L 25:smtp.somedomain.org:25 \ smtp.somedomain.org
The first part of the command calls ssh with a -l (ell) option that gives the user name to be used to log into the mail server. The next option, -L, designates that port 110 on the local host should be forwarded to the POP3 port 110 on the smtp.somedomain.org. This means that to retrieve e-mail with the POP protocol from the remote host, the user only needs to retrieve e-mail from the local 110 port. In a similar manner, the SMTP port 25 is also forwarded. And, finally, the host to which the ssh session connects is given.
The scp command copies files between hosts on a network. This command uses ssh for data transfer, and uses the same authentication and provides the same security as ssh. The user's password is required for scp. The syntax for scp is as follows:
scp -r smpt.somedomain.org:/var/spool/mail/user1 /tmp
In this example, scp copies the mail box of user1 from the host smtp.somedomain. org to the local directory of /tmp.
In this tutorial:
- UNIX and Linux Security
- Network and development tools
- UNIX/Linux as a poor target
- Open source issues
- Detecting hardware changes
- Disk partitioning
- Prepare for the eventual attack
- Controlling the Configuration
- Kernel configurations
- Kernel modules
- proc file system
- Operating UNIX Safely
- Uncommon services
- Processes controlling processes
- The chkconfig command
- Controlling users
- Encryption and certificates
- Hardening UNIX
- Packet filtering with iptables