Linux Security Fundamentals. David Higby Clinton
Чтение книги онлайн.

Читать онлайн книгу Linux Security Fundamentals - David Higby Clinton страница 6

СКАЧАТЬ Despite all your best efforts, you’re going to lose important data at some point. If you’re properly backed up, then you’re singing. And the sooner you find out there’s bad stuff happening, the happier your song will be.

      Chapter 9: Resource Isolation Design Patterns The final chapter will discuss some important security design tools, such as firewalls, sandboxes, and OS access control software.

      We’ve put together some really great online tools to help you absorb what you’ll learn even better.

      The online section includes the following:

      Questions Many review questions are provided throughout this book and included online as part of the test bank. We’ve also also a practice exam online. Use these tools to test your knowledge of Linux security. The online test bank runs on multiple devices.

      Flashcards The online text bank includes 100 flashcards specifically written to test your knowledge. Questions are provided in digital flashcard format (a question followed by a single correct answer). You can use the flashcards to reinforce your learning.

Go to www.wiley.com/go/sybextestprep to register and gain one year of FREE access after activation to this interactive online learning environment and test bank with study tools.

“With great power comes great responsibility.”

      Words of wisdom. That’s the message displayed for administrators when they log in for the first time to many Linux distributions. Who said those words first? Aristotle? Kant? Nope. Spider-Man’s uncle. But hey, accept the truth from any source.

      While we’ll discuss protecting yourself from attack at length later in the book, this chapter is all about responsibilities. It’s about your responsibilities both as a consumer of computer technologies and as an administrator of computer technologies. It’s your job to make sure nothing you do online or with your devices causes harm to anyone’s assets.

      How is all this relevant to the world of information technology (IT) and, specifically, to IT security? Computers amplify your strengths. No matter how much you can remember, how fast you can calculate, or how many people’s lives you can touch, it’ll never come close to the scope of what you can do with a computing device and a network. So, given the power inherent in digital technologies and the depth of chaos such power can unleash, you need to understand how it can all go wrong before you set off to use it for good.

      The rest of this chapter will explore the importance of considering how your actions can impact people’s personal and property rights and privacy and how you can both ensure and assess the authenticity of online information.

      I’m not a lawyer and this book doesn’t pretend to offer legal advice, so we’re not going to discuss some of the more esoteric places where individual rights can come into conflict with events driven by technology. Instead we’ll keep it simple. People should be able to go about their business and enjoy their interactions with each other without having to worry about having physical, financial, or emotional injury imposed on them. And you should be ready to do whatever is necessary to avoid or prevent such injuries.

      Protecting Personal Rights

      These days, the greatest technology-based threats to an individual’s personal well-being will probably exist on one or another social media platform. Facebook, Twitter, LinkedIn, and other online sites present opportunities for anyone to reach out to and communicate with millions or even billions of other users. This can make it possible to build entire businesses or social advocacy movements in ways that would have been unthinkable just a few years back. But, as we all now know, it also makes it possible to spread dangerous scams, political mischief, and social conflict.

      A helpful tool for maintaining perspective in these areas is to apply the grandmother test. What’s that? Before posting a message or comment on any online forum, take a minute to read it over one or two more times and then ask yourself, “Would both my grandmothers approve of what I’ve written? Is there anything that would make them uncomfortable?” In other words, ask yourself whether anyone could reasonably feel threatened or bullied by what you’re about to publish. The bottom line is to make generous use of common sense and goodwill.

      With typical attention to such details, the social media community has come up with new names to describe each of the nastiest online threats. You should, unfortunately, be familiar with each of them.

      Cyberstalking Stalking isn’t specific to online activities, but that doesn’t make it any less frightening. In general terms, a stalker persistently follows and observes a target, often with the goal of forcing an unwanted reaction. In the online world, cyberstalking can include electronic monitoring of a target’s online accounts and activities. Harassing cyberstalking can escalate beyond mere monitoring to include threats, slander, and identity theft.

      Cybermobbing Mobbing involves large groups of people banding together to engage in bullying behavior. The nature of many social networking platforms—in particular the prevalence of anonymous accounts and the ease by which users can connect to each other—lends itself to mob formation. Often, all it can take is a single public post expressing an unpopular position and the power of tens of thousands of users can be brought to bear with the goal of making life miserable for the post’s author.

      Doxxing Whether you present yourself to the online world using your real name or through an anonymous identity, you certainly don’t want your complete personal profile to become public. Considering all the data that’s already available on the internet, it’s often not hard for people with time on their hands to track down your physical address and private phone numbers. But making such information easily available on popular social media sites with the intention of causing the target harm is wrong—and, in some jurisdictions, also a crime. Victims of public doxxing have experienced relatively mild annoyances like middle-of-the-night pizza deliveries. But the practice has also proven deadly: it’s been used as part of “swatting” attacks, where people call a victim’s local police department claiming there’s a violent crime in progress at the victim’s address. More than one doxxer has been imprisoned for what must have seemed like a clever prank.

      Protecting Digital Privacy