Jboss Hosting, Web Hosting Php - Php4, Php5 Programming Blog

130 CHAPTER 9 HOW TO SECURE YOUR COMPUTER Online Updates The Ubuntu notification area (the equivalent of the Windows system tray) contains a program that automatically monitors the package repositories and tells you when updates are available. This is an extension of the Synaptic Package Manager program called Update Manager. If you ve already configured the Synaptic Package Manager, as described in Chapter 8, and haven t yet updated your system, this icon will have probably turned into a red circle with two arrows in it. This is informing you that updates are available. In addition, each time you boot, you will see a speech bubble telling you that updates are available. When your system is completely up-todate, the icon will disappear. Clicking the Update Manager icon opens the Software Updates window, as shown in Figure 9-3. To go online and grab the updated files, click the Install button at the bottom-right side of the window. You will probably be asked to enter your root password, because system files will need to be altered. Figure 9-3. You ll be informed if your system is in need of updates, and the Update Manager can take care of everything for you. Be aware that some updates can be large and might take some time to download, particularly if you re doing it for the first time after installing Ubuntu. (On my system, I had to download almost 200MB of files on my first update.)

CHAPTER 9 HOW TO SECURE YOUR COMPUTER Installing new software: Be careful in choosing programs to download and install. Because Linux works on the basis of open-source code, anyone can theoretically tamper with a program, and then offer it for download by the unwary. This very rarely happens in real life. Even so, it s wise to avoid downloading programs from unofficial sources, such as web sites you find online via a search engine and whose authenticity you cannot totally trust. Instead, get software from the web site of the people who made it in the first place or, ideally, from the official Ubuntu software repositories (discussed in Chapter . Updating your system: Always ensure your system software is completely up-to-date. As with Windows, many Ubuntu programs have bugs that lead to security holes. Crackers target such vulnerabilities. Downloading the latest versions of Ubuntu software ensures that you not only get the latest features, but also that any critical security holes are patched. As with most versions of Linux, updating Ubuntu is easy and, of course, it s also free of charge. You ll learn how to get online updates in the next section. Locking up your PC: Limit who has physical access to your computer. Any Ubuntu system can be compromised by a simple floppy boot disk, or even the Ubuntu installation CD. Booting a PC using such disks gives anyone complete root access to your system s files, with no limitations. This is for obvious reasons; the idea of a boot disk is to let you fix your PC should something go wrong, and you cannot do this if you re blocked from accessing certain files. When Linux is used on servers that hold confidential data, it s not uncommon for the floppy and CD-ROM drives to be removed, thus avoiding booting via a boot disk. Such computers are also usually locked away in a room or even in a cupboard, denying physical access to the machine. WHERE S THE ANTIVIRUS? At first glance, it may appear that there are very few Linux antivirus programs. Actually, many of these exist, but they re designed to work on server computers and primarily guard against Windows viruses, in addition to the handful of Linux viruses. The idea is that they protect Windows users who access the server. Very few antivirus products are aimed at the Linux desktop. However, one example includes F-Secure s Anti-Virus for Linux Workstations. This costs around 80 euros (just under $100) and is available from www.f-secure.com/estore/fsavlinuxwks.shtml. AVG (www.grisoft.com) and Kaspersky (www.kaspersky.com) also produce Linux workstation versions of their antivirus products. The main issue with all of these programs is that they re not open source, as with most of the Linux software included in Ubuntu. If you absolutely must have your entire system running free software, consider ClamAV (www.clamav.net). This is a product designed to work on Linux servers but is flexible enough to run on desktop computers, too. ClamAV is included in the Ubuntu software repository, and so is available via the Synaptic Package Manager program. Be aware that ClamAV is a command-line program, however. You ll need to read its man page to learn how it works. In addition, you might choose to read the online documentation at www.clamav.net/doc.

128 CHAPTER 9 HOW TO SECURE YOUR COMPUTER Figure 9-1. Ordinary users are simply unable to modify or delete essential system files under Linux. Common-Sense Security As you start to understand how Ubuntu works, you ll become more and more aware of commonsense methods that will protect your system. However, I ll outline a few of these now to get you started: Entering your password: Be very wary if you re asked to enter your password (outside of initial login, of course). You ll be asked to provide your password when following many of the configuration steps within this book, for example, and this is acceptable and safe. But if you re asked to do so out of the blue, then you should be suspicious. If the root password prompt dialog box (shown in Figure 9-2) appears when you run a file that shouldn t really need root permissions, such as an MP3 or OpenOffice.org file, you should treat the situation with caution. Figure 9-2. Beware if you re asked to type your password out of the blue and for no apparent reason.

CHAPTER 9 HOW TO SECURE YOUR COMPUTER Linux systems also have ordinary user accounts, which are limited in what they can do. Such users are limited to saving files in their own directory within the /home directory (although the system is usually configured so that an ordinary user can read files outside the /home directory, too). But an ordinary Ubuntu user cannot delete or modify files other than those that he created or for which he has explicitly been given permission to modify by someone else. On most Linux systems, it s possible to type root at the login prompt and, after providing the correct password, actually log in as root and perform system maintenance tasks. Ubuntu is slightly different in that the root account is disabled by default, and users are instead able to borrow superuser powers whenever they re required. For this to happen, they need to provide their login password. With desktop programs, this is automatic, but at the command prompt, users need to preface commands with sudo. Although the root account is disabled, most key operating system files belong to root, which is to say that only someone with superuser powers can alter them. Ordinary users are simply unable to modify or delete these system files, as shown in Figure 9-1. This is a powerful method of protecting the operating system configuration from accidental or even deliberate damage. Note Along with the root and ordinary user accounts, there is a third type of Linux account, which is similar to a limited user account, except that it s used by the system for various tasks. These user accounts are usually invisible to ordinary users and work in the background. For example, the audio subsystem has its own user account that Ubuntu uses to access the audio hardware. The concepts of users and files are discussed in more depth in Chapter 14. ARE YOU A CRACKER OR A HACKER? Linux users are often described as hackers. This doesn t mean they maliciously break into computers or write viruses. It s simply using the word hacker in its original sense from the 1970s, when it described a computer enthusiast who was interested in exploring the capabilities of computers. Many of the people behind multinational computing corporations started out as hackers. Examples are Steve Wozniak, a cofounder of Apple Computer, and Bill Joy, cofounder of Sun Microsystems. The word hacker is believed to derive from model train enthusiasts who hacked train tracks together as part of their hobby. When computing became popular in the early 1970s, several of these enthusiasts also became interested in computing, and the term was carried across with them. However, in recent years, the media has subverted the term hacker to apply to an individual who breaks into computer systems. This was based on ignorance, and many true hackers find the comparison extremely offensive. Because of this, the term cracker was invented to clearly define an individual who maliciously attacks computers. So, don t worry if an acquaintance describes herself as a Linux hacker, or tells you that she has spent the night hacking. Many Linux types use the term as a badge of honor.

126 CHAPTER 9 HOW TO SECURE YOUR COMPUTER The situation is certainly getting better but, even so, Microsoft s latest operating system, Windows XP, provides many good examples of why it s an easy target. Upon installation, the default user is given root powers. True, a handful of tasks can be performed only by the genuine administrator, but the default user can configure hardware, remove system software, and even wipe every file from the hard disk, if he pleases. Of course, you would never intentionally damage your own system, but computer attackers use various techniques to get you to run malicious software (by pretending it s a different file, for example) or by simply infecting your computer across the Internet without your knowledge, which is how most worms work. Viruses and worms also usually take advantage of security holes within Windows software. As just one example, a famous security hole within Outlook Express allowed a program attached to an e-mail message to run when the user simply clicked a particular message to view it. In other words, infecting a Windows machine was as easy as sending someone an e-mail message! It s a different story with Linux. Viruses and worms are far rarer than they are on Windows. In fact, the total number of viruses and worms that have been found in the wild infecting Linux systems number far less than 100 (one report published in 2003 put the number at 40, and the number is unlikely to have grown much since then). Compare that to Windows, where according to the Sophos antivirus labs (www.sophos.com), approximately 1,000 new viruses are discovered every month! The Sophos antivirus product now guards against just under 100,000 viruses. Note The high number of Windows viruses may be due to the quantity of Windows PCs out there. After all, for a virus to spread, it needs computers to infect, and it won t have trouble finding other Windows computers. But while I would love to say that security holes are not found on Linux, the sad truth is that they re a fact of life for users of every operating system. Many so-called rootkits are available, generated by members of underground cracking groups. These are specialized software toolkits that aim to exploit holes within the Linux operating system and its software. The bottom line is that while writing a virus or worm for Linux is much harder than doing the same thing on Windows, all Linux users should spend time defending their system and never assume that they re safe. Root and Ordinary Users As I ve mentioned in earlier chapters, Linux makes use of something called the root user account. This is sometimes referred to as the superuser account, and that gives you an idea of its purpose in life: the root user has unrestricted access to all aspects of the system. The root user can delete, modify, or view any file, as well as alter hardware settings.

CHAPTER 9 How to Secure Your Computer Linux is widely considered to be one of the most secure operating systems around. On a basic level, Linux is built from the ground up to be fundamentally sound, and it forces users to work with security in mind. For instance, it enforces the system of ordinary users who are limited in what they can do, thus making it harder for virus infections to occur. In addition, Linux contains a firewall that is hard-wired into the kernel. It s called iptables (www.netfilter.org) and is considered among the best by practically all computer security experts. Not only that, but it can protect your home PC just as well as it can protect the most powerful supercomputer. But, as with many Linux kernel components, iptables is difficult to use. It requires in-depth knowledge of how networks operate and an ability to hack configuration files, both of which are beyond the skills of many ordinary computer users. Fortunately, several programs act as interfaces to iptables and make it simple to operate (or at least as simple as any equivalent Windows-based software firewall, such as Zone Labs ZoneAlarm). Perhaps surprisingly, Ubuntu doesn t install any firewall configuration program by default. According to the official FAQ (www.ubuntulinux.org/support/documentation/faq), the developers consider Ubuntu to have no need for such a thing. However, configuring the firewall with a program like Firestarter, which we examine later in this chapter, can be done so quickly and with such little effort that there s no reason not to make use of the Linux firewall. In this chapter, you ll learn how to configure the Linux firewall, but first, you ll spend some time examining more basic security concepts. Following that, we ll look at some elementary steps that you can take to protect your system. Windows Security vs. Linux Security If you ve switched to Ubuntu from Windows, there s a very good chance that the security failings of Windows featured in your decision. By any measure, Microsoft s record on security within its products is appalling. A new and serious security warning appears seemingly on an ongoing basis, and a new and devastating virus makes news headlines with similar frequency (usually described as a PC virus rather than what it actually is: a Windows virus). One argument is that Windows is the target of so many viruses merely because it s so popular. Although it s true that some of the underground crackers who write viruses dislike Microsoft, there s also little doubt that Windows has more than its fair share of security issues.

124 CHAPTER 8 GETTING EVERYTHING UP AND RUNNING Figure 8-19. You can add sliders to control all aspects of your sound card s output. Summary In this chapter, you learned how to set up just about every piece of hardware you might have attached to your computer. Additionally, we looked at configuring various software components within your Ubuntu setup that are vital for its correct functioning. We stepped through getting online with Ubuntu (including joining a wireless network), configuring e-mail, adding a printer, setting up online software repositories, setting up a digital camera, configuring a 3D graphics card, and much more. In Chapter 9, we move on to look at how you can ensure that your system is secure and protected from hackers.

CHAPTER 8 GETTING EVERYTHING UP AND RUNNING 123 6. Search for the line that reads HIDD_ENABLED=0 and change it to HIDD_ENABLED=1. 7. Beneath this will be a line that begins HIDD_OPTIONS=. Change this so it reads like this: HIDD_OPTIONS=”–connect xx:xx:xx:xx:xx:xx –server” Once again, xx:xx:xx:xx:xx:xx is the MAC number you discovered earlier. 8. If you find that the keyboard or mouse doesn t connect upon reboot, try step 7 again, but this time, change the HIDD_OPTIONS line so it reads like this: HIDD_OPTIONS=”-i xx:xx:xx:xx:xx:xx –server” Again replacing xx:xx:xx:xx:xx:xx with the MAC address you discovered earlier. 9. Save the file and reboot to see if the mouse or keyboard is working. Tip If you want to quickly connect a Bluetooth keyboard or mouse to your computer, but don t need to make it permanent, just open a GNOME Terminal window (Applications . Accessories . Terminal) and type sudo hidd –search. Configuring Sound Cards Generally speaking, your sound card shouldn t require any additional configuration and should work immediately after you install Ubuntu. The icon for the volume control applet is located at the top right of the Ubuntu desktop, and it offers a quick way to control the master volume. However, if your sound card offers more than stereo output, such as multiple-speaker surround sound, then it s necessary to take some simple steps to allow full control of the hardware: 1. Right-click the volume control icon (the one that looks like a speaker) and select Open Volume Control. 2. In the dialog box that appears, click Edit, and then click Preferences. 3. The Volume Control Preferences dialog box appears, as shown in Figure 8-19. Select the sliders that you wish to be visible. For example, on my desktop computer that has 5.1 surround sound, I was able to add a slider for the center and back speakers. On my notebook that has a sound card featuring pseudo-surround sound, I was able to add a control to alter the intensity of the effect. 4. When you ve finished, click the Close button.

122 CHAPTER 8 GETTING EVERYTHING UP AND RUNNING Figure 8-18. Sending files from your Ubuntu PC is easy if you create a desktop shortcut. Using a Bluetooth Keyboard or Mouse You may find that your Bluetooth-equipped keyboard or mouse works automatically under Ubuntu. However, if not, you may find the following instructions useful: 1. Open a GNOME Terminal window (Applications . Accessories . Terminal) and type hcitool scan. 2. Your Bluetooth keyboard or mouse should be identified in the results (ignore any other devices that might appear in the list). If not, make sure it isn t in sleep mode. You might also have to press a button on the device for it to be made visible. 3. Alongside the entry for the keyboard or mouse will be a MAC address a series of numbers like 00:12:62:A5:60:F7. 4. In the GNOME Terminal window, type the following: sudo hidd –connect xx:xx:xx:xx:xx:xx Replace xx:xx:xx:xx:xx:xx with the series of numbers you discovered in the previous step. 5. You should now find that your keyboard or mouse works under Ubuntu. You now need to make sure your mouse or keyboard works every time you boot your computer, so you ll need to edit the Ubuntu Bluetooth configuration file. Type the following in the GNOME Terminal window to open the configuration file in Gedit: sudo gedit /etc/default/bluez-utils

CHAPTER 8 GETTING EVERYTHING UP AND RUNNING 121 Figure 8-17. If you send files from a Bluetooth device to your PC, you may be asked to authorize receipt. Sending Files from a Ubuntu PC to Another Device The easiest way to send files from your PC to a Bluetooth device is to create a desktop shortcut onto which you can drag-and-drop files. Follow these steps to create the shortcut: 1. Right-click the desktop and click Create Launcher. 2. In the Name field, type something like Send file via Bluetooth. 3. In the Command field, type gnome-obex-send. 4. You can also choose to give the new shortcut an appropriate icon. Click the icon button, and then type the following into the Path field: /usr/share/icons/hicolor/48×48/stock/io/stock_bluetooth.png 5. Click OK. After you ve created the icon, you can send files as follows: 1. Drag-and-drop a file onto the launcher (icon) you just created. 2. The Choose Bluetooth Device dialog box appears, as shown in Figure 8-18. Click Refresh to make the computer detect any nearby Bluetooth devices. Remember that your device will need to be set to be visible so that other Bluetooth devices can automatically detect it. 3. Select the device to which you want to transfer the file, and then click OK. 4. Check the device to see if the file transfer needs to be authorized. If the devices are paired, the transfer might take place automatically.