Summary

This implements networking security improvements using the sysctl interface in Linux.

Rationale

It would be best to supply the most secure environment possible within reasonable constraints.

Use cases

No particular use examples.

Scope

The scope of this spec includes kernel sysctl settings for TCP, UDP, and IP based networking.

Design

The following sysctl settings will be set:

The following sysctl settings are default at the time of this writing. We intend that they stay this way.

The following are omitted:

Implementation

All of these settings can be implemented in /etc/sysctl.conf.

A graphical interface to adjust some of these settings should be created, eventually.

Code

Any graphical control program would need to be coded.

Data preservation and migration

None.

Unresolved issues

We need documentation for this; it is imperative that certain features be easy to discover because they may break extraordinary and genuinely uncommon networking configurations. It may be useful to have general security documentation, a la HardenedUbuntu/Doc; the purpose of such documentation would be to have a specific "Security Manual" that is light-weight but that "everybody should read," and could expose such. (minimalism is the key to making people RTFM) --JohnMoser

There may be other security improvements. I'm the only one that's looked so far; this should be fixed. I have not considered IPv6; although there seems to be nothing useful in the sysctl area. --JohnMoser

Regarding the shared_media setting. The kernel docs read:

Based on this and on the clarifications in different HOWTOs, it looks like the redirects are accepted when shared_media is set to 1, and are disregarded when it is set to 0. So to honor secure_redirects and to prevent abuse we should set shared_media to 0, not to 1. Am I missing something? --AlexanderKonovalenko

BoF agenda and discussion

References


CategorySpec

ImprovedNetworking/KernelSecuritySettings (last edited 2008-08-06 16:23:19 by localhost)