Summary: Every great hero has had an equally great partner for a safety net. Managing your system's security as a lone wolf may earn you all the glory, but it also leaves you a much smaller margin of error.
ITworld.com's Linux Security newsletter has been without a regular author for a while but that's about to change. As of this issue, I'll be writing this column every week. I currently plan on covering a variety of topics from specific Linux security commands, programs, products, and configurations to non-technical ramblings about the problems that Linux security folks face in the real world. If you have anything specific you'd like to see covered, would like me to clarify things, or think I'm completely off my rocker, please drop me a line at email@example.com.
Anyone who has watched TV has eventually watched a show about two faithful cops, spies, or private-eye partners. Crockett had Tubs, Starsky had Hutch, and Cagney had Lacy. When things got tough, they always knew they had someone who could help them out of whatever mess they'd fallen into. The world of Linux security is no different. For me, that person is my partner-in-crime, James Lee. True, "Hatch and Lee" doesn't have the same ring as "Steed and Peel", but it's too late to bring in a screenwriter to make us sound glamorous.
Most folks in the computer industry consider themselves good, if not experts, in their fields. As such, sharing responsibility doesn't come easy. Most folks in charge of security would prefer to manage everything themselves, rather than work with others and share the power. While this is good for their job security, it is bad for computer security.
Having someone else who you can call on in a pinch is a must. Times will arise when you are unable to fix a security problem because you are away on vacation, your home network access has gone south, or you're waiting in line for tickets to the next Lord of the Rings movie. Security concerns are even more time sensitive than normal administrative hassles. Not patching the latest BIND bug because you are on a beach can be a disaster when the next worm is developed.
Another benefit of a good backup person can be found in the tenet of Open Source: With enough eyes, all bugs are shallow. When your trusted, equally-paranoid partner takes a look at your iptables entries next time something needs fixing, he may find mistakes that you didn't intend or notice that "temporary" hole you opened up and forgot to close.
If you fit into the paranoid-administrator category (of which I proudly consider myself a member), then take an introspective moment and decide whom you would trust with your root password(s). Ideally, you should find someone who knows as much as you do about Linux and security. Have them check out your system's configuration. They likely have different ways of doing things; by comparing notes, you can both learn from each other.
Make sure that the coverage is bi-directional. Though helping them out in their time of need may be inconvenient, realize building up good Karma is crucial so that they are there for you when you need them. Never underestimate the usefulness of "you owe me one".
Finally, set up your security alerts to go to both you and your backup so they can see what your machine looks like under normal circumstances. Once you're sure they know your system, take an extended trip to Hawaii and see if your trust was well founded.
Bri Hatch is Chief Hacker at Onsight, Inc and author of Hacking Linux Exposed and Building Linux VPNs. He has been securing and breaking into computers since before he traded in his Apple ][+ for his first Unix system. Bri can be reached at firstname.lastname@example.org.
Copyright Bri Hatch, 2002.