The security threats to Linux
One of the main arguments has been the fact that Linux is open source. The fact is, open source makes security better, because everyone can see what the code looks like, so they can sensibly judge if they want to use any given package, and so that interested parties are well motivated and reasonably able to repair defects.
That’s not to say that Linux in invulnerable or incapable of becoming infected or breached, all software has vulnerablities. The fact is Linux is by its design more secure than some other operating systems.
What are the security threats to Linux?
“Linux and applications that run on it are probably no less vulnerable to security threats than other operating systems. To that extent security issues – protecting against intrusions from the Internet, maintaining data integrity, etc. — are universal. Some computer engineers view Linux as more secure than Microsoft’s OS products, simply because Microsoft’s products don’t get the rigorous pre-release scrutiny that open-source products like Linux get. Furthermore, engineers like to say that Linux is “immune” to computer viruses – meaning that it simply isn’t effected by viruses the way that other operating systems are.”
Is Linux more secure than other operating systems?
We believe it’s certainly more secure than Microsoft’s, which are routinely panned for their weak security features and their slow response time with security updates. But, be aware: A poorly configured Linux system would be worse than a well configured Microsoft system.
Doesn’t Open Source mean that the crackers will have an easier time breaking into the system since they know how it works?
This is a common fear, but history has shown that the strength of a good security system lies in the inherently secure design of the system, not in the obscurity of its implementation. The earliest example of this phenomenon is perhaps the Enigma machine, which was used to encode Axis communications in WW II. The design of the machine was secret – but when the system was discovered, it was defeated by Allied codebreakers. Since that time, the strongest cryptosystems and information systems have been open systems. RSA and 3DES are good examples of fully-disclosed systems that have been in use for a long time. One can see from the number of exploits available for closed operating systems such as AIX, HPUX, and Solaris, versus the exploits in an Open Source OS such as OpenBSD or Linux, that obscuring the source code does not help at all. Revealing the source code to a well-designed security system is similar to describing the inner workings of a bank vault — which is welded shut.
Here are a list of links for anyone interested in Linux security:
“designed to serve as the primary Internet-based source of information, insight and news relating to Linux and Open Source security issues, and is driven by the security needs of the users of the site.”
“Linux.com/security/ is here to provide a one stop security site for the Linux community. By focusing the talents of our staff, contributors, and the community at large, we aim to help you keep your machines secure, so that the integrity of your mission critical applications isn’t compromised by insecure software design or poor network implementation. “
“The SANS (System Administration, Networking, and Security) Institute is a cooperative research and education organization through which more than 96,000 system administrators, security professionals, and network administrators share the lessons they are learning and find solutions for challenges they face”
not a purely linux site put has lots of good info about security on all systems. News, links, documenation and a good list of tools, many for linux
Just opened a new Focus on Linux section!
not exactly linux but still usefull information!
“OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than Sun, SGI, IBM, HP, or other vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems.”
Tripwire (the free open source Linux version)
Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintanence, and functionality
Psionic PortSentry 1.0
PortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time.
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba’s smbclient.
“Lokkit is a tool that writes generic firewall configurations based on simple easy to answer end-user questions. It won’t write the ultimate secure firewall for special cases, and it certainly won’t let you set policy for a corporate network but it will give you good basic protection.”
“SSH Secure Shell is the de-facto standard for encrypted terminal connections and file transfer over the Internet.”
“OpenSSH is a FREE version of the SSH suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. “
“The Bastille Linux hardening script is a community consensus project: it attempts to integrate existing “best practices” documents and the shared knowledge of many administrators. The project needs constant input from its user community (This means you!) in order to remain current, as well as to fill in the gaps in our existing structure. Bastille Linux is far from perfect, and your input is crucial to making it better. “
“founded in 1999 to address the emerging security needs of internet-connected businesses globally. Protectix aims to become the leading provider of Open Source/Free Software-based security solutions through the development, contribution and distribution of this software. As newcomer Red Hat Software did in the Operating System market, Protectix delivers Open Source network security, freely distributing all source code used in Protectix products and solutions. The company has assembled its management and engineering team from experienced veterans of corporations including Dell Computer Corporation, Ernst & Young, Intel, Hewlett-Packard and Airtouch-Vodafone. “
Trinux is a portable Linux distribution that boots from a single floppy disk, loads it packages from a FAT/Ext2 partition, floppy disks, or HTTP/FTP servers, and runs entirely in RAM. Trinux contains precompiled versions versions of popular Open Source network security/monitoring tools such as nmap, tcpdump, iptraf, and ntop. Trinux default configuration provides DHCP for easy network configuration.
CERT Mail List: http://www.cert.org
SDSC Security Page: http://security.sdsc.edu/
COAST Homepage: http://www.cs.purdue.edu/coast/
COAST Autonomous Agents for Intrusion Detection Project: http://www.cs.purdue.edu/coast/projects/autonomous-agents.html
International Computer Security Association http://www.icsa.net/
Auscert security advisory list: http://www.auscert.org.au
Blocking Mailed Spam: http://spam.abuse.net
Securing your CGI scripts against hacker invasion: http://www.net-dev.com/ned-03-1998/ned-03-security.html
Secure Programming How-To (Linux): http://dwheeler.com/secure-programs/Secure-Programs-HOWTO.html
Writing Secure Code (links! C,Perl,CGI,setuid): http://www.shmoo.com
SANS Archive of Web Briefings: http://www.sans.org/webarchives.htm
SANS Network Security Roadmap: http://www.sans.org
Wietse’s collection of tools and papers (TCP_WRAPPERS): ftp://ftp.porcupine.org/pub/security/index.html