Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 681 — #707
i
i
i
i
i
i
i
i
26
Security in the Network
26.7.1 Local Security and Network Security
There are several ways of accessing data:
personal communication with people who have the desired informa-
tion or access to the data on a computer
directly from the console of a computer (physical access)
over a serial line
using a network link
In all these cases, a user should be authenticated before accessing the re-
sources or data in question. A web server might be less restrictive in this
respect, but you still would not want it to disclose all your personal data to
any surfer.
In the list above, the first case is the one where the highest amount of hu-
man interaction is involved, such as when you are contacting a bank em-
ployee and are required to prove that you are the person owning that bank
account. Then you are asked to provide a signature, a PIN, or a password
to prove that you are the person you claim to be. In some cases, it might be
possible to elicit some intelligence from an informed person just by men-
tioning known bits and pieces to win the confidence of that person by us-
ing clever rhetoric. The victim could be led to reveal gradually more infor-
mation, maybe without even becoming aware of it. Among hackers, this is
called social engineering. You can only guard against this by educating peo-
ple and by dealing with language and information in a conscious way. Be-
fore breaking into computer systems, attackers often try to target reception-
ists, service people working with the company, or even family members. In
many cases, such an attack based on social engineering is only discovered
at a much later time.
A person wanting to obtain unauthorized access to your data could also
use the traditional way and try to get at your hardware directly. Therefore,
the machine should be protected against any tampering so that no one can
remove, replace, or cripple its components. This also applies to backups
and even any network cable or the power cord. Also secure the boot proce-
dure, because there are some well-known key combinations that might pro-
voke unusual behavior. Protect yourself against this by setting passwords
for the BIOS and the boot loader.
681
SUSE LINUX Enterprise Server