1
<?xml version="1.0" encoding="UTF-8"?>
2
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4
<!ENTITY % globalent SYSTEM "../../../libs/global.ent">
6
<!ENTITY % genericent SYSTEM "../../libs/generic.ent">
8
<!ENTITY % cdo-C SYSTEM "../../../libs/cdo-C.ent">
10
<!ENTITY % gnome-menus-C SYSTEM "../../../ubuntu/libs/gnome-menus-C.ent">
12
<!ENTITY % xinclude SYSTEM "../../../libs/xinclude.mod">
14
<!ENTITY language "&EnglishAmerican;">
15
<!ENTITY ubuntu '<phrase>Ubuntu</phrase>'>
18
<chapter id="faq" status="needshelp">
19
<title>Frequently Asked Questions</title>
20
<para>Security-related questions are asked on support forums on a daily basis. Answers
21
to these questions are varied. There is more than one right answer to most of them, and
22
most of them require and deserve more thorough coverage than they generally get on these
23
forums. We will address some of the most frequently asked general security questions here.
29
<para><emphasis role="bold">Do I need a firewall?</emphasis></para>
30
<para>It can't hurt. A properly configured firewall can protect your machine and your
31
network from the hostile world of the Internet, where worms, viruses, and nefarious
32
individuals are on constant missions to take control of your systems. Don't let this
33
lull you into a false sense of security, though; running a firewall does not excuse
34
you from security best-practices, such as keeping your software up to date, shutting
35
down unnecessary services, etc. While your firewall can in fact provide significant
36
protection on its own, its job is to be the first line of defense in a multi-layered
37
security strategy.</para>
41
<para><emphasis role="bold">Do I need anti-virus software?</emphasis></para>
42
<para>Security is about trade-offs. Nearly everything you do to secure your system
43
will involve some kind of sacrifice. You may be sacrificing performance, usability,
44
maintainability, your precious time, stability, or in a few pleasant cases, nothing
45
at all. Whether a security measure is a good idea is determined by asking yourself
46
whether the cost is worth the mitigated risk. A firewall is almost always a good
47
idea, because it provides a significant amount of protection from a wide range of
48
threats without, if properly configured, interfering too much in your activities or
49
requiring a great deal of maintenance. Once it's up and running, you can almost
50
forget it's there.</para>
51
<para>There are rumors that Linux is impervious to viruses. While it is true that
52
Linux systems are much more resistant to viruses than Windows systems, and much
53
more difficult to infect, this is not the case. No virus (if we distinguish viruses
54
from worms) has ever been found infecting Linux machines in the wild, but it's not
55
inconceivable that one could appear in the future. If it does, it is not likely to
56
be very successful. Most Linux users - responsible Linux users - do not perform
57
their daily activities, such as surfing the Internet, checking email, etc., with
58
administrative (root) privileges. For this and other reasons, a virus would have
59
a difficult time infecting system files or spreading itself further.</para>
60
<para>To summarize the virus risk, it is unlikely but possible that you will ever
61
encounter a virus threat to your Linux system. Anti-virus products are popular on
62
Windows systems because the threat to them is much greater. If security is of
63
paramount importance to you, you should consider installing an anti-virus system,
64
but you should be aware of the cost. For anti-virus software to protect effectively,
65
it must scan executable files whenever they are downloaded or executed. This can
66
have an enormous impact on the performance of your system. There is an administrative
67
cost, too. Virus definitions must be updated regularly -- preferably daily. While
68
this can usually be set up once and forgotten, the antivirus engines must also be
69
updated. As with most Linux distributions, &ubuntu; usually backports security
70
updates and bugfixes to software in its repositories for stable releases. This means
71
that your anti-virus engine will need to be updated from outside the official
72
repositories to maintain its ability to cope with new virus threats. Finally,
73
since anti-virus software is just as prone to bugs as any other software, and since
74
it must scan all your executable files, libraries, documents, etc., it poses a risk
75
to the stability of your system as well. In short, an anti-virus system may be worth
76
the cost to some users, but most choose to omit it from their security arsenals. The
77
decision is yours to make.</para>
81
<para><emphasis role="bold">I don't have any sensitive information on my machine.
82
Why should I care about security?</emphasis></para>
83
<para>An unfortunately common attitude on the Internet is that security is only
84
important to those with sensitive information stored on their computers. It is
85
critical to debunk this myth. First, you probably have sensitive information on your
86
machine whether you're aware of it or not. You might instruct your browser to save
87
passwords to secure websites, like your banking site. Your email client may store
88
authentication information for your mail server, where sensitive information may
89
also be stored, and where it is available to anyone who gains access to your username
91
<para>Even if you truly have no personal motivation to protect the information on
92
your system, though, it is irresponsible and destructive for you to ignore security
93
concerns. Most of the security threats on the Internet do not have the goal of
94
uncovering secrets stored on your computer. They seek to gain access to your system
95
in order to use it as a platform for launching attacks on other machines. If one of
96
the unscrupulous citizens of the Internet takes advantage of an unsecured machine, he
97
may or may not look for sensitive information. He is much more likely to turn your
98
machine into a <quote>zombie</quote>, without your knowledge, and have it wait to do
99
his bidding. At the attacker's command, your machine will be used to participate in
100
distributed attacks on other networks, to send spam as fast as your computer can send
101
it, or to launch a targeted attack on another network, masking the attacker's identity
102
by making the attack appear to originate from your system.</para>
103
<para>Security is important, then, not only to protect yourself, but to help make the
104
Internet a safer place by ensuring that your computer and its resources are not
105
subverted for the purpose of attacking others.</para>
109
<para><emphasis role="bold">How secure is Linux?</emphasis></para>
110
<para>Security is a guiding principle behind the development of Linux and most Linux
111
software. It also benefits, like all open source software, from the fact that its
112
code can be audited for security problems by anyone with the expertise to do so.
113
&ubuntu; as a distribution is also very security-conscious and adheres to a list of
114
rules that help to keep it as secure as possible out of the box while maintaining
115
usability. Additionally, &ubuntu; benefits from the efforts of Debian's famed
116
security team. But in the end, a Linux machine -- like any other machine -- is only
117
as secure as its administrator makes it. A freshly installed &ubuntu; machine has
118
no ports open to the outside world, which helps to make it very secure against
119
external threats, but users inevitably install software that (out of necessity)
120
exposes itself to the Internet, making it less secure. If these applications are
121
properly configured and kept up to date, they should not represent a significant
122
threat to security, but it is your responsibility as the administrator to do these
127
<para id="secure-passwords" xreflabel="secure password">
128
<emphasis role="bold">How long is a secure password?</emphasis></para>
129
<para>Obviously there is no cutoff point where one could call a password of a certain
130
length <quote>secure</quote> and all shorter passwords <quote>insecure</quote>. Also,
131
there are other factors than length that contribute to the effectiveness of a password.
132
The more <emphasis role="italics">character classes</emphasis> in your password, the
133
more secure it is. Character classes include uppercase letters, lowercase letters,
134
numbers, and special characters or punctuation. Any password that can be found in a
135
dictionary is vulnerable to a <emphasis role="italics">dictionary attack</emphasis>
136
and is therefore insecure. Appending digits to the end of a dictionary password does
137
not significantly enhance its security. A password like <quote>forest179</quote>
138
would succumb to a dictionary attack in a few seconds. A password like
139
<quote>9gIn$nf2Y_!</quote> is reasonably secure against all forms of brute force
140
attacks, because it is not in any dictionary, it is 11 characters long, and it uses
141
all character classes (except non-printable characters, which are unsupported in some
147
<para><emphasis role="bold">Should I write down my password?</emphasis></para>
148
<para>The consensus on this question has shifted in recent years from an emphatic
149
<quote>No</quote> to a cautious <quote>Yes</quote>. The problem is that as computers
150
get faster, it becomes harder to choose a password that a user can remember, but
151
which is still secure. The concept of password authentication is meant to solve the
152
problem of proving who you are to the authenticating system. A password is,
153
theoretically, something that only you know, so providing it to the system is supposed
154
to prove who you are. If someone else can obtain your password, the system breaks.
155
If you write down your password, it may be easier for an attacker to obtain that piece
156
of paper than to get into your head, so that practice has historically been considered
157
insecure. But as computers become more powerful, it becomes easier to obtain unwritten
158
passwords without getting into your head, because you are likely to choose a password
159
that can be broken, because the things that make it easy to remember (it's short, it's
160
a word or phrase that can be pronounced, etc.) are the same things that make it easy to
161
break. Choosing a more secure password that's difficult to remember, and writing that
162
password down, may help to solve that problem (if you keep your password in a safe
163
place - don't tape it to your monitor!). The authentication system is now based on
164
<quote>something you have</quote> rather than <quote>something you know</quote>.
165
Many, but certainly not all, security experts now agree that choosing a difficult
166
password and writing it down is more likely to provide securite than trying to choose a
167
good password that you can remember.</para>
171
<para><emphasis role="bold">How can I make my system more secure?</emphasis></para>
173
There are many steps you can take to secure your system. Some of these steps are
174
more effective than others, but the most important consideration is that your system
175
is secure <emphasis role="italics">in depth</emphasis>. If your first line of
176
defense fails or is defeated, another countermeasure should be right behind it to
177
back it up. For example, if you're too confident in your firewall and trust it as
178
your only security measure, matters will be much worse if and when it fails than if
179
you had secured your system in depth.</para>
180
<para>Specific steps you can take to secure your system will be covered in detail in
181
this document. If you're looking for the most useful information with the least
182
possible text, the following list should get you started:</para>
184
<listitem><para>Don't run--or even install--unnecessary software; the more software
185
you have running, the more possible points of failure you have.</para></listitem>
186
<listitem><para>For software that you do run, especially servers, ensure that it is not
187
available (does not <quote>listen</quote>) on network interfaces or addresses
188
that are not necessary.</para></listitem>
189
<listitem><para>All software, especially server software, especially server software
190
that listens on an Internet-facing device, should be configured as securely as
191
possible while still providing necessary functionality. Remember the <xref
192
linkend="least-privilege" />.</para></listitem>
193
<listitem><para>A good firewall can protect you against many attacks to which you might
194
otherwise be vulnerable.</para></listitem>
195
<listitem><para>A <xref linkend="secure-passwords" /> is an absolute requirement for a
196
secure system. (Note that secure non-password authentication counts as a secure
197
password.)</para></listitem>
202
<para id="least-privilege" xreflabel="principle of least privilege"><emphasis
203
role="bold">What is the Principle of Least Privilege?</emphasis></para>
204
<para>The principle of least privilege states that a system operates with the most
205
restrictive set of permissions possible that still allows it to perform its required
206
functions. A system can be a user, a piece of software, a computer, a network, or
207
even a person. The more privileges a system has, the more damage it can do to
208
other systems if its security is compromised. So, if each system operates under the
209
principle of least privilege, all systems are safer because damage is limited in the
210
event one of the systems is compromised.</para>