Threats To Workstation And Home Pc Security - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Chapter 42. Security Overview
One category of insecure network services are those that require unencrypted usernames and
passwords for authentication. Telnet and FTP are two such services. If packet sniffing software is
monitoring traffic between the remote user and such a service usernames and passwords can be
easily intercepted.
Inherently, such services can also more easily fall prey to what the security industry terms the man-in-
the-middle attack. In this type of attack, a cracker redirects network traffic by tricking a cracked name
server on the network to point to his machine instead of the intended server. Once someone opens
a remote session to the server, the attacker's machine acts as an invisible conduit, sitting quietly
between the remote service and the unsuspecting user capturing information. In this way a cracker
can gather administrative passwords and raw data without the server or the user realizing it.
Another category of insecure services include network file systems and information services such as
NFS or NIS, which are developed explicitly for LAN usage but are, unfortunately, extended to include
WANs (for remote users). NFS does not, by default, have any authentication or security mechanisms
configured to prevent a cracker from mounting the NFS share and accessing anything contained
therein. NIS, as well, has vital information that must be known by every computer on a network,
including passwords and file permissions, within a plain text ASCII or DBM (ASCII-derived) database.
A cracker who gains access to this database can then access every user account on a network,
including the administrator's account.
By default, Red Hat Enterprise Linux is released with all such services turned off. However, since
administrators often find themselves forced to use these services, careful configuration is critical.
Section 43.2, "Server Security"
Refer to for more information about setting up services in a safe
manner.

42.3.4. Threats to Workstation and Home PC Security

Workstations and home PCs may not be as prone to attack as networks or servers, but since they
often contain sensitive data, such as credit card information, they are targeted by system crackers.
Workstations can also be co-opted without the user's knowledge and used by attackers as "slave"
machines in coordinated attacks. For these reasons, knowing the vulnerabilities of a workstation can
save users the headache of reinstalling the operating system, or worse, recovering from data theft.
42.3.4.1. Bad Passwords
Bad passwords are one of the easiest ways for an attacker to gain access to a system. For more on
Section 43.1.3, "Password Security".
how to avoid common pitfalls when creating a password, refer to
42.3.4.2. Vulnerable Client Applications
Although an administrator may have a fully secure and patched server, that does not mean remote
users are secure when accessing it. For instance, if the server offers Telnet or FTP services over a
public network, an attacker can capture the plain text usernames and passwords as they pass over the
network, and then use the account information to access the remote user's workstation.
Even when using secure protocols, such as SSH, a remote user may be vulnerable to certain attacks
if they do not keep their client applications updated. For instance, v.1 SSH clients are vulnerable to
an X-forwarding attack from malicious SSH servers. Once connected to the server, the attacker can
quietly capture any keystrokes and mouse clicks made by the client over the network. This problem
was fixed in the v.2 SSH protocol, but it is up to the user to keep track of what applications have such
vulnerabilities and update them as necessary.
594