Links for Securing Crystallographic (UNIX) Computers on the internet.

Lachlan Cranswick l.cranswick at dl.ac.uk
Sun Aug 15 00:18:45 EST 1999


As part of the IUCr Glasgow Congress Software Fayre:
  http://www.ccp14.ac.uk/projects/iucr99-softwarefayre/
A demo of how hackers probe and get into crystallographic servers 
and the software that can defend against this was demonstrated.
Following is some good software links as after chatting to a few 
people, "default" setup crystallographic servers seem to be 
having their share of break-ins.

Summary is:  Providing the OS is kept up to date, unnecessary
services are disabled and programs such as secure shell (ssh) are 
installed; it doesn't seem that hard to keep hackers out of 
crystallographic systems.  The great majority of hackers are 
"script kiddies", who use canned software to identify and 
target "weak" computer systems without really knowing how the 
software they are using works.

Lachlan.

=========

Disabling un-necessary services:

Disable deamons you don't need, use or don't know about.
finger, rshd, rlogin, etc (in /etc/inetd.conf).   You will
find out if they are necessary if some things stop working.

TCP Wrappers around remaining services running in /etc/inetd.conf 
and around the portmapper if this is being used.

========


FBI NIPC Cybernotes (weekly updates of exploits and new programs)
   http://www.fbi.gov/nipc/nipc/nipcpublic.htm

=========

Stealth Scanners:
NMAP for UNIX:
  http://www.insecure.org/nmap/index.html
NMS for UNIX:
  http://www.thegrid.net/gravitino/products.html
(needs Libpcap at ftp://ftp.ee.lbl.gov/)

Stealth Scan Detectors (work on Linux)

TCPLOGD for UNIX:
  http://www.kalug.lug.net/tcplogd/
Abacus Sentry for UNIX:
  http://www.psionic.com/abacus/portsentry/

=======

Packet Sniffers:
SNIFFIT for UNIX:
(has a non-interactive mode for picking up plain ASCII
passwords travelling over the network)
  http://reptile.rug.ac.be/~coder/sniffit/sniffit.html

New Remote Sniffer Detector (needs to be on same network segment)
ANTISNIFF for Windows:
  http://www.l0pht.com/antisniff/download.html

=========

Secure Shell 1.2.27 for UNIX (client and deamon) 
(just don't rely on TCP Wrappers - and gives
the option of elliminating the Telnet and FTP deamons)
  http://www.ssh.fi/sshprotocols2/download.html
(To install, just do  ./configure ; make ; make install  - then 
edit the /etc/sshd_config, and create an init script
for the sshd deamon)

TeraTerm for Windows (telnet program)
  http://hp.vector.co.jp/authors/VA002416/teraterm.html
ttsh (Secure Shell Plugin for Teraterm for Windows)
  http://www.zip.com.au/~roca/ttssh.html

=========

Deception Toolkit for UNIX:
(installs fake deamons so you can detect exploits before
they can cause any damage)
  http://www.all.net/dtk/

=========

Backing up hard-disks/information via the network.

Rsync (high efficiency algorithms that can work 
through Secure-Shell)  (by the people who wrote Samba)
   http://rsync.samba.org
   http://www.ccp14.ac.uk/ccp14admin/rsync/

=========

>200kB of anti-hacker links and resources in no particular
order:
   http://www.ccp14.ac.uk/ccp14admin/security/

=========

======================
Lachlan M. D. Cranswick

Collaborative Computational Project No 14 (CCP14)
    for Single Crystal and Powder Diffraction
Daresbury Laboratory, Warrington, WA4 4AD U.K
Tel: +44-1925-603703  Fax: +44-1925-603124
E-mail: l.cranswick at dl.ac.uk  Ext: 3703  Room C14
                           http://www.ccp14.ac.uk





More information about the Xtal-log mailing list