Primer to the Art of Information Security Darknomad (The Watch Tower Security Group) the_dark_nomad@yahoo.com unix security, unix administration, security This text is written to start you down the road to learn the art of information security. It is the first in a series of papers that I am writing to help educate people about system administration and information security. Many of the topics in this paper are not new, but I felt that the information that was available was either outdated or needing to be revisited. I hope that this is useful information for the absolute beginners through the intermediate system administrators. First things first- build your own computer security lab. First thing you need to get started is your own lab. I must advise you not try to practice the things taught here either on a school or work network, your administrator will not be pleased. Build a small network with two or more machines, some old 386/486 boxes will do fine for this project. You can get then cheap at garage sales or swap meets, or even get them from friends and relatives that are no longer using them. Then all you need is a couple of cheap network cards and cables to get yourself wired. I recommend that your lab consist mainly of Unix systems. Unix still is the operating system of choice of large business and comprises almost the entire backbone of the Internet. Once you master Unix then add a Windows box or even a Mac to learn more about networking in a mixed environment. You can get a copy of one of the many free flavors of the UNIX operating systems, Redhat Linux and FreeBSD are among the most popular, they are available for free and downloadable from many FTP and HTTP sites worldwide. Load your computers up with these operating systems, to make it more interesting put a different flavor of UNIX on each of your new machines. Learning system administration. Now spend a few weeks learning the basic operations and file structures of the different operating systems in your lab. Start by reading every HOW-TO that you can find, most are included with the full installations of most Unix systems, others can be found on the Internet. Setup several user accounts on each machine. Learn how to control the access of users within your system. Understand the importance of proper password procedures. Learn how to monitor accounts and read log files, to see what is being done within a user’s account. You must understand how to administer and secure a single machine, before you can begin to tackle how to administer and secure a network. Understanding networking. To understand computer security on a network, you must understand the processes that make up networking. These processes (often called daemons) include FTP, HTTP, NNTP, TELNET, and SMTP, there are many others these are just some of the most common. Next read all the information you can find on networking subjects such as TCP/IP, and DNS. Tools of the trade. Once you understand the fundamentals of system administration and networking. You can start to implement many of the tools that are available to assist administrators in securing networks. Firewalls have become almost a must within any network connected to the Internet. A firewall is defined as any device that is designed to prevent outsiders from accessing your network. It serves as a single entry point to your network and evaluates each connection it receives. Then allows entry only under set conditions that the administrator configures. Another popular tool for system administrators is a scanner. A scanner is a special program that scans TCP/IP ports and records the target’s response, they include such popular programs as SATAN and Ogre. Another tool is a password cracker, such as John the Ripper or Hades. They are used to crack the password files, to assure administrators that good passwords are being used within their system. This can be an important part of good security on any network. One of the newest in tools is intrusion detection software. These programs monitor ports and look for activities that show that an intrusion is occurring, they then send administrators a notice and take defensive measures. Some programs are now being written to launch a counter attack once an intrusion is detected. Advanced Security. Once you have taken the time to learn how to administer your systems and understand the fundamentals of networking and security your ready to move on to advanced security. Your next step is to learn at least the basics of several programming languages, some useful languages include C/C++, Perl, and Assembly. As you read through security mailing list you will encounter exploit codes. Take the time to compile and execute these exploits on your system and record the results. Understanding how the exploits work and what they do to your computer system will help you identify when your system is being attacked. Mailing Lists- A system administrator’s best friend. Since new exploits and patches for systems come out daily, it’s very important that a system administrators keep up with what is going on in the world of security. There are many groups such as BugTraq, CERT and CIAC, etc. that are dedicated to getting the newest information out to the administrators that need it. Pay attention to these, many crackers monitor mailing lists to find the newest holes to compromise your system. Keeping up on the knowledge curve. Computers, and especially network security, move at the speed of light. To keep up on what is going on you must constantly be updating your skills and learning new facets of the ever-growing world of computers and security. You should always be reading a new book or technical paper on computers, operating systems, languages or security. There are hundreds of books and thousands of white papers available to help you learn the art of Information security. I hope this paper starts you down the road to knowledge. Whether you’re an aspiring administrator or just a hobbyist, this paper should have something helpful to you. The rest of this series will build where this primer left off, with more specifics and lists of resources, to help continue your education.