Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Security: Reflections on 2002, Eye on 2003

Posted by timothy on from the bolting-the-doors-helps dept.

Mirko Zorz writes "Here are the reflections on Linux security in 2002 and predictions for 2003 by Bob Toxen, one of the 162 recognized developers of Berkeley UNIX and author of the acclaimed book "Real World Linux Security" already in its 2nd edition. Read more at Help Net Security."

6 of 129 comments (clear)

  1. Damn by stinky+wizzleteats · · Score: 5, Funny

    Unfortunately, a fair number of "Mom and Pop" sites use IIS, though a surprisingly high percentage do use Linux. For this reason, before giving my credit card to a new web merchant I always do:
    nmap -O -sS -F -P0 -T Aggressive newguy.com

    Stealth port scan with agressive timing? Now that's consumer activism.

    1. Re:Damn by JoeBuck · · Score: 5, Insightful

      Yeah, and I'll bet he gives his credit card to waiters in restaurants all the time. The only time I've ever had someone try to use a credit card number stolen from me, it was a busboy at a local Cambodian restaurant (they caught the guy too).

  2. Security predictions by ACK!! · · Score: 5, Insightful

    Yeah, people act like only MS can get infected with a virus but there will be a major linux virus soon. It is going to happen. As linux gets more exposure more schmucks will write malicious code designed for busting up linux boxes. It is not like the Unix world is some foolproof world of rock hard servers.

    After all, why did linux inherit the Unix concern for security?

    Enough old-school unix guys have been bitten by the bad security in telnet and NIS and a half dozen old world Unix services with big nasty security issues.

    Sure Bastille linux or RedHat secure server makes decent choice and OpenBSD is locked pretty tight right out of the box. That does not mean that it is impossible to break into those boxes. Just that it is more difficult. All you need is a one-day lag between a security issue posting on Cert and the patch to whatever software you are using coming up for your distro or OS. It can happen to any of us. It will happen to many of us.

    The over-confident are always the funniest to watch when their shit hits the fan.

    The honeypot thing is interesting. I have always wondered if you really get enough useful information from the attacks to warrant the time put into the systems. Somehow it just smacks of a geeky wanking waste of time. On the other hand, maybe the information from such implementations really make this worth it.

    Any comments on this?

    --
    ACK /ak/ interj. 2. [from the comic strip "Bloom County"] An exclamation of surprised disgust, esp. i
  3. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  4. Honeypots are awesome. by tkoney · · Score: 5, Informative
    I had a very hard time convincing my manager to allow us to set up a honeypot on our DMZ. He said since no one could get there, what was the point. Three weeks later, when a hacker managed to break in via some badly written ASP programs (not my fault) it was the honeypot that send us the alerts that let us get him off our network.

    Of course honeypots can also be used to learn what hackers do. The Honeynet Project is a great place to go to learn how to set one up securely so it can't be used to attack other people.

    In fact, today a new version of honeyd was released:

    As many of you already know, Honeyd is an OpenSource honeypot designed for the Unix platform. It has many featues, including the ability to monitor millions of IP addresses, detect activity on any UDP or TCP port, OS emulation at the user and kernel level, create virtual networks, and so on.

    Marcus Ranum and I are big fans of Honeyd. To make it easier for people to work with and understand this technology, we took all the necessary ingrediants together and 'cooked' them up for you, creating the Linux Honeyd Toolkit. This toolkit is a ready to go distribution of Honeyd, with statically precompiled binaries, configuration files, and startup scripts. The idea being you just update the honeyd.conf file to what you want your honeypot to look like and let her rip.

    Toxen's fear of Honeynets and Honeypots shows the "if I don't understand it, it's not good" theory I find in too many managers. He should take some time to run a honeypot or two and see how useful they can be.
  5. Re:Talking about Linux security... by Florian+Weimer · · Score: 5, Informative

    You guys should know that a trivial remote root hole for SSH was released today on bugtraq.

    The posting appears to be a fake. (I wonder why your snake oil alerts didn't go off...)