Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 682 — #708
i
i
i
i
i
i
i
i
Serial terminals connected to serial ports are still used in many places. Un-
like network interfaces, they do not rely on a network protocol to com-
municate with the host. A simple cable or an infrared port is used to send
plain characters back and forth between the devices. The cable itself is the
weakest point of such a system: with an older printer connected to it, it is
easy to record anything that runs over the wires. What can be achieved
with a printer can also be accomplished in other ways, depending on the
effort that goes into the attack.
Reading a file locally on a host requires other access rules than opening a
network connection with a server on a different host. There is a distinction
between local security and network security. The line is drawn where data
must be put into packets to be sent somewhere else.
Local Security
Local security starts with the physical environment in the location where
the computer is running. Set up your machine in a place where security is
in line with your expectations and needs. The main goal of local security is
to keep users separate from each other, so no user can assume the permis-
sions or the identity of another. This is a general rule to be observed, but it
is especially true for the user root, who holds the supreme power on the
system. root can take on the identity of any other local user without being
prompted for the password and read any locally stored file.
Passwords
On a Linux system, passwords are, of course, not stored as plain text and
the text string entered is not simply matched with the saved pattern. If this
were the case, all accounts on your system would be compromised as soon
as someone got access to the corresponding file. Instead, the stored pass-
word is encrypted and, each time it is entered, is encrypted again and the
two encrypted strings are compared. This only provides more security if
the encrypted password cannot be reverse-computed into the original text
string.
This is actually achieved by a special kind of algorithm, also called trapdoor
algorithm, because it only works in one direction. An attacker who has ob-
tained the encrypted string is not able to get your password by simply ap-
plying the same algorithm again. Instead, it would be necessary to test all
the possible character combinations until a combination is found that looks
like your password when encrypted. With passwords eight characters long,
there are quite a number of possible combinations to calculate.
682 26.7. Security and Confidentiality