Police Summit

It describes the most common actions one can take to keep the Linux Operating System secure.
Check List for Linux Security

Linux is an amazing operating system considering how it was originally created. It was a modest program written for one person as a hobby – Linus Torvald of Finland. It has grown into a full-fledge 32-bit operating system. It is solid, stable and provides support for an incredible number of applications. It has very powerful capabilities and runs very fast and rarely crashes.

Unfortunately Linux machines are broken almost every day. This happens not because it is an insecure operating system. It contains all the necessary tools to make it very secure. But the truth is. It hasn’t become significantly more secure with the increase in popularity. On the other hand, our understanding of the hackers methods and the wide variety of tools and techniques available contributed to help system administrators to secure their Linux computers.

Our goal in this article is to list the most critical situations, and how to prevent an invasion with simple measures.

• Weak passwords – By far the first and most used method used by hackers to try penetrating a Linux system is cracking a password, preferently of the user root. Usually they will target a common user first, and then, using his/her access to the operating system, try to get a privileged access cracking the root password. Good password policy, and good passwords are absolutely critical to the security on any computer. Some common mistakes when selecting a password:

A- use “password” as password.
B- use the name of the computer.
C- a well-know name from science, sports or politics.
D- reference to movies.
E- anything that is part of the user web site.
F– references associated with the account.

The latest version of Linux offer shadowed passwords. If a cracker can see an encrypted password, crack it would a simple task. So, instead of storing the password in the passwd file, they are now stored in the shadow file which is readable only for root. Before a hacker can crack a password he needs to figure out an account name. So, simple accounts names must be avoided as well. Another security measure is to apply a “no login” to the account in the passwd file. This must be done to all the accounts that don’t need to log in to the system. Examples are: apache, mysql, ftp and other.

Limit which terminals root may log in from. If the root account is allowed to log in only in certain terminals that are considered secure, it will be almost impossible for a hacker to penetrate the system. This can be done listing the allowed terminals on /etc/security. The login program will consider insecure any terminal that is not listed on this file, which is readable, only by root.

• Open Network Ports

Any Linux default installation will provide the Operating System with tons of software and services. Several of them are not necessary or even wanted by the administrator. Removing these software and services will close the path to several attacks and improve security. The /sbin/chkconfig program can be used to stop services from automatically starting at run levels 3, 4 and 5. Log in as root and type /sbin/chkconfig –list to view all the services set to start automatically. Select the ones you don’t need and type /sbin/chkconfig 345 name_of_service off. You must do that to all services you don’t want to keep running. Also, the xinetd server can be used to disable other services as well.

• Old Software Versions

Everyday vulnerabilities are found in programs, and most of them are fixed constantly. It is important, and sometimes critical, to keep up with the changes. There are mailing lists for every Linux distribution where one can have security related information’s, and the latest vulnerabilities found.
Some place to watch for security holes are:
· http://www.redhat.com/mailman/listinfo/redhat-announce-list
· http://www.debian.org/MailingLists/
· http://www.mandrakesecure.net/en/mlist.php
· http://www.suse.com/us/private/support/security/index.html
· http://www.freebsd.org/security/index.html
· http://www.linuxtoday.com/
· http://www.lwn.net/
It is crucial to insure that the security released patches are applied to the programs as soon as they area available. The hacker community will be aware of the discovered holes and will try to explore them before the fixes are applied.

• Insecure and Badly Configured Programs

There are some programs that have a history of security problems. To name a few IMAP, POP, FTP, port map and NFS, are the most known. The good thing is that most of these programs can be replaced by a secure version like spop, sftp or scp.

It is important that, before deploying any service, the administrator investigate its security history. Sometimes simple configuration measures can prevent serious headaches in the future.

Some advices regarding a web server configuration are well worth to mention:

- Never run the web server as a privileged user;
- Do not keep clients’ confidential data on the web server – Credit card numbers, phone numbers, mailing addresses, must be recorded on a different machine.
- Make sure the privileged data that a user supplies on a form does not show up as a default for the next person to use the form;
- Establish acceptable values for data that is supplied by web clients.
- Check vulnerabilities on CGI programs.

• Stale and Unnecessary Accounts

When a user no longer uses his /her account, make sure it is removed from the system. This stale account won’t have this password changed periodically leaving a hole. Publicly readable or writable files owned by that account must be removed. When you remove an unnecessary service make sure you remove or disable the correspondent account.

Security Resources in the web

Bugtraq – Includes detailed discussions of Unix security holes – http://www.securityfocus.com/

Firewalls – Discuss the design, construction, operation, and maintenance of firewall systems. http://www.isc.org/services/public/lists/firewalls.html

RISKS Discuss risks to society from computers – http://www.risks.org/

Insecure.org – http://www.insecure.org/

Bookmark It

Hide Sites

In today’s environment, businesses are increasingly relying on video surveillance systems. But how do you choose the best CCTV system, camera, or DVR?

In today’s environment, businesses increasingly rely on video surveillance systems. But how do you choose the best CCTV system, camera, or DVR? Read on to learn the steps to take in choosing the right video surveillance system for your needs.

CCTV Objectives

The first step in designing a CCTV system is to determine the following:

* How many cameras are required?
* What are the key fields of view?
* What are your recording requirements?
* What are the lighting conditions at each camera location?
* Where do you need live video monitoring?
* How long do you need to keep the video files?

Security Camera

The types of security camera you choose depend upon whether they’ll be used indoors or outdoors, during the day and/or night, and where they will be mounted.

Indoor Dome Camera: In nine out of ten instances, and indoor dome camera is used for general indoor applications. It’s typically mounted on the ceiling, and can be configured for standard color, day/night, or infrared.

Box Camera: Box cameras are usually sold independent of lenses, which are mounted to provide flexibility for different fields of vision. Box cameras can be mounted alone or in an enclosure.

Outdoor Dome Camera: Common for locations that have entry and exit points with limited night lighting, outdoor dome cameras typically have hard shell vandal-proof casings and a variety of lens options.

Day/Night Camera: For low light conditions, the day/night camera is the best choice. During the day, the camera records in standard color, then switches to a low-lux black and white mode at night.

Infrared Camera: When there is no available light, an infrared camera is the way to go. Infrared LEDs are automatically illuminated and the camera records in black and white mode, offering camera views in complete darkness.

PTZ Camera: A pan-tilt-zoom camera gives the operator the ability to view and zoom in all directions. The CCTV operator can set the camera to automatically rotate to different fields of vision. Plus, a PTZ camera can include optional applications that dynamically track objects in defined areas.

Digital Video Recorder

DVRs are integral to the success of any CCTV project. With higher video resolution, data compression, and faster recording speeds, DVRs are better than every. Professional DVRs allow for network or remote monitoring of CCTV video. With video distribution across LANs, WANs, and the Internet, the DVR is also used for business systems monitoring.

Choosing the correct DVR means answering the following questions:

* How many cameras do you have?
* What recording speed do you require?
* How long do you need to keep the recordings?
* Where will the DVR system be located?
* Do you have remote monitoring requirements?

The most important aspect of a CCTV system layout is the location of the DVR. It is the lifeline of the CCTV system, so must be kept in a secure location, preferably in a lockbox.

Leading Brands

Nuvico and GeoVision are leading brands for cameras and DVRs. With a Nuvico camera, you have many choices, and both Nuvico and GeoVision offer superior DVRs. Complete CCTV systems are also available with four cameras, eight cameras, or 16 cameras, depending on your needs. These systems often feature a Pentium-based Dell computer, a GeoVision DVR, and Samsung CCTV cameras.

Whichever CCTV system you choose, remember to ask yourself important questions about location, lighting conditions, and the length of time you need to keep the video files. Once you have those answers, it will be much easier to find the right CCTV system to fit your needs.

Bookmark It

Hide Sites

A home could be the most valuable property for a lot of people. However, a common home does not typically feature drawbridges, ramparts, moats, and thick walls of stones which will serve as primary defenses from unwanted visitors. So, it is much better if you could make your home safe and secure with devices with fewer features yet is as effective.

This is not a problem today since home security systems or house alarms have been developed to provide utmost home security. It enables homeowners to protect their homes from burglars and criminals. House alarms installation even leads to increasing the safety of a family as well as the property and belongings.

Nowadays, the burglar alarm system has become a very efficient device with great demand. This safety alarm is being featured as an electronic device that contains sensors; it is connected to the main control panel either through a hardwire or narrowband RF signal with low voltage. When connections between the signal and the unit were made, screaming alarms are created to elicit response from those who will hear it.

The sensors that are very common for burglar alarms are those which indicate the opening of doors and windows. The latest designed systems are chiefly hardwired to be more cost-effective. However, retrofit wireless systems are also more economical and quicker to install.

Burglar alarm systems are created to serve different purposes. It includes alarm systems which can handle fire, intrusion, and simultaneous safety alarms. The features and designs range from built-in to small noisemakers. But there are available complicated designs that are equipped with hi-technology having a multi-zoned system that are computer based. Many of the designs being conceptualized are very portable and appropriate in protecting your house and even your vehicle.

The burglar alarm efficiency will depend on the type of zone being triggered; zone’s number, time within a day, and other installed aspects in the monitoring scheme. These systems are capable of initiating various actions or calling the fire department, ambulance, and police department immediately upon instructions. Well, you can try calling the product supervisor to ensure the quality and effectiveness of the burglar alarm.

Other functions also include calls on the owner’s provided telephone number lists to contact them in case of emergency and check if the premises are secured. Some zones are capable of making phone calls locally at the oil heating company for system inspection or directly contact the owner giving specific details about the area that are getting flooded. There are also burglar alarm systems being attached to video surveillance systems for instant remote monitoring.

The desired outcome of your burglar alarm system causes a specified alarm output and quickly responds whenever the sensors identify valid conditions which have activated the alarm. The unit’s ability in communicating back to its monitoring system is truly a crucial aspect for determining the efficiency of the alarm.

Just remember that there are insurance companies as well as local government agencies requiring alarm system codes upon its installation. They can also acquire the third party’s certification which inspects the quality and efficiency of your alarm systems. If ever you have an independent certification, make sure that it meets the qualification levels beyond promotions and offers of its dealers. This will ensure that your alarm system is efficient, reliable and have high quality. It is very important to obtain these qualities in a burglar alarm system to avail its advantages, but most of all, to protect you from unwanted losses in the future.

Bookmark It

Hide Sites