Serial terminals connected to serial ports are still used in many places. Unlike network
interfaces, they do not rely on a network protocol to communicate with the host. A
simple cable or an infrared port is used to send plain characters back and forth between
the devices. The cable itself is the weakest point of such a system: with an older printer
connected to it, it is easy to record anything that runs over the wires. What can be
achieved with a printer can also be accomplished in other ways, depending on the effort
that goes into the attack.
Reading a file locally on a host requires other access rules than opening a network
connection with a server on a different host. There is a distinction between local secu-
rity and network security. The line is drawn where data must be put into packets to be
sent somewhere else.
1.1.1 Local Security
Local security starts with the physical environment in the location where the computer
is running. Set up your machine in a place where security is in line with your expectations
and needs. The main goal of local security is to keep users separate from each other,
so no user can assume the permissions or the identity of another. This is a general rule
to be observed, but it is especially true for the user
root
, who holds the supreme
power on the system.
root
can take on the identity of any other local user without
being prompted for the password and read any locally stored file.
1.1.2 Passwords
On a Linux system, passwords are not stored as plain text and the text string entered is
not simply matched with the saved pattern. If this were the case, all accounts on your
system would be compromised as soon as someone got access to the corresponding
file. Instead, the stored password is encrypted and, each time it is entered, is encrypted
again and the two encrypted strings are compared. This only provides more security if
the encrypted password cannot be reverse-computed into the original text string.
This is actually achieved by a special kind of algorithm, also called trapdoor algorithm,
because it only works in one direction. An attacker who has obtained the encrypted
string is not able to get your password by simply applying the same algorithm again.
Instead, it would be necessary to test all the possible character combinations until a
combination is found that looks like your password when encrypted. With passwords
eight characters long, there are quite a number of possible combinations to calculate.
Security and Confidentiality
3
Summary of Contents for LINUX ENTERPRISE DESKTOP 11
Page 1: ...SUSE Linux Enterprise Server www novell com 11 March 17 2009 Security Guide...
Page 9: ...32 7 Managing Audit Event Records Using Keys 433 33 Useful Resources 435...
Page 10: ......
Page 29: ...Part I Authentication...
Page 30: ......
Page 55: ...Figure 4 2 YaST LDAP Server Configuration LDAP A Directory Service 41...
Page 126: ......
Page 127: ...Part II Local Security...
Page 128: ......
Page 158: ......
Page 173: ...Part III Network Security...
Page 174: ......
Page 194: ......
Page 197: ...Figure 16 2 Scenario 2 Figure 16 3 Scenario 3 Configuring VPN Server 183...
Page 210: ......
Page 228: ......
Page 229: ...Part IV Confining Privileges with Novell AppArmor...
Page 230: ......
Page 274: ......
Page 300: ......
Page 328: ......
Page 340: ......
Page 342: ......
Page 386: ......
Page 387: ...Part V The Linux Audit Framework...
Page 388: ......