| | The tightest system security will be useless if your server is not physically secure. Anyone with physical access to your computer, that is the actual CPU, can render the server useless in seconds by unplugging network cables, hitting on/off switches, or taking a hammer to it. The anonymous author of Maximum Linux Security recommends constructing a Network Operations Center, or NOC: a separate, locked office to which only a couple of people have access. If possible, the server should be bolted down, or secured on a rack, and the NOC should be within another locked office behind windowless doors. Be sure, however, that the room is well-ventilated so that your server can breathe. Some sort of electronic surveillance, e.g., cameras or a security system, will also help increase your security. My NOC is within the classroom, behind a security system. We are considering installing a simple web camera on the server with which we can monitor the server and the classroom itself. Even if the server cannot be physically secured, disable the reset switch on the CPU, and consider putting locks on the floppy and CD-ROM drives to discourage would-be crackers. As I mentioned above, once you have installed your system you should set the server’s BIOS with a password, and only allow booting from the hard drive. This policy should also be implemented on all workstations, as well. If a person can reboot your computer using their own media, the integrity of your system can be easily compromised. In case anyone does gain physical access to your server machine, your BIOS set-tings will help. Also, you should password protect you LILO boot when entering single-user mode. Add the following lines to the end of your /etc/lilo.conf file: password = your_password
restricted Replace the “your_password” with a strong password so that and attempt to boot into single-user mode will require entering this password. Finally, issue the following com-mands: chmod 600 /etc/lilo.conf
/sbin/lilo The first command secures the /etc/lilo.conf file from prying eyes, and the latter puts your changes into effect. | |