Network security: securing Linux. (Database and Network Intelligence).According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Linux advocates, Linux is among the most versatile, stable, and securable operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. ever developed. But according to its detractors, Linux is neither as reliable nor as trustworthy as other Unix variants. BSD (Berkeley Software Distribution) The software distribution facility of the Computer Systems Research Group (CSRG) of the University of California at Berkeley. proponents, for example, sometimes charge that Linux's code base is too convoluted to ever be as "tight" as OpenBSD or even FreeBSD. 1 don't presume to know in any definitive way whether Linux is more or less securable than other Unix variants. What I do know is that Linux is useful, stable, and securable enough to warrant the time and effort required to "harden" it against Internet threats. This article explains some of the reasons I believe it's both possible and worthwhile to secure Linux for use as an Internet server platform. Why Run Linux? Let's begin with the question of why you would want to choose Linux as an Internet server platform in the first place. The following four points come up in many different contexts besides security. 1. Software Availability Linux is a popular platform with developers. Virtually any type of Internet service you wish to run, be it HTTP HTTP in full HyperText Transfer Protocol Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. , FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to , IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. , or the latest thing you've read about on can be run on Linux. For example, the most popular Web server application on the Interact is Apache, a free product commonly run on Linux systems (see www.netcraft.com/survey and apacheorg). Increasingly, popular commercial software packages are being ported to and supported on Linux as well. 2. The Linux Community Linux is developed, supported, and used by a large, global community. Free technical support is available on free, online message boards and mailing lists. Commercial technical support is also available from Linux distributors such as Red Hat and SuSE, as well as from various consulting firms. 3. Stability The Linux kernel The nucleus of the Linux operating system. The Linux kernel, which was developed by Linus Torvalds, was integrated with software from the GNU Project and other sources to create the actual Linux operating system. See Linux, GNU/Linux and kernel. has been developed with stability as a key design goal, which means that problems with other software applications rarely, if ever, crash the entire system. There is no Linux equivalent of the "Blue Screen of Death A crash in Windows that causes the computer to lock up, and the screen turns entirely blue. The solution is to reboot. See Black Screen of Death. (humour) Blue Screen of Death - (BSOD) The infamous white-on-blue text screen which appears when Microsoft Windows crashes. ." Application stability itself varies from package to package, but the packages included in mainstream Linux distributions  The external links in this article or section may require cleanup to comply with Wikipedia's content policies. are nearly always stable.
4. Supported Hardware Linux runs on a wide range of hardware platforms Each hardware platform, or CPU family, has a unique machine language. All software presented to the computer for execution must be in the binary coded machine language of that CPU. Following is a list of the major hardware platforms in existence today. See platform. , from commodity PCs to RISC RISC in full Reduced Instruction Set Computing Computer architecture that uses a limited number of instructions. RISC became popular in microprocessors in the 1980s. systems, as well as on desktops, laptops, and server configurations and components. You can even build Linux clusters, using free software such as Beowulf or ClusterIT (for more information, see the Linux Clustering Information Center). A wide range of popular peripheral devices and cards are also supported. How Is Linux Securable? Linux is worth running. You probably knew or suspected that already, or you wouldn't be reading this. But you may also be aware that because a big part of Linux's success comes from its versatility, it tends to be optimized for functionality rather than for security. Just how big of a problem is this? What qualities of Linux make it securable against Interact threats? Linux Is Infinitely Customizable Yes, the average distribution's default installation is tuned for functionality, not security. A large number of services may be installed and started automatically, possibly with insecure configurations to boot. This is obviously due to Linux packagers' desire to minimize difficulty for end users by maximizing the number of things that work right out of the box. However, you can uninstall To remove hardware or software from a computer system. In order to remove a software application from a PC, an uninstall program, also called an "uninstaller," deletes all the files that were initially copied to the hard disk and restores the AUTOEXEC.BAT, CONFIG.SYS, WIN.INI and SYSTEM. anything that is installed; you can tighten any configuration that is too loose and if worst comes to worst, you can fix any vulnerable code (if the application in question is open source, and if you possess the motivation and skill). In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke" put differently , unlike closed or proprietary operating systems, you have complete control over your Linux system and most of the applications that run on it. Furthermore, the installation routines for most Linux distributions now allow you to specify the role your system will serve (graphics workstation, Web server) and the rough level of security you want it to have. The idea that Linux is "insecure by default" is less of a problem than it used to be. Once you have installed the packages you need and removed the ones you don't, you can tighten the configurations of the packages that are left. This is less work than it sounds, like a well-designed Internet server should offer only a few different services, so other than the base operating system, you won't have more than a few services (daemons) to secure on a given system. Most Linux server applications support a wide range of security features. What's more, because different applications often support similar security features (for example, running in a "chroot jail," or running as an unprivileged user) the time you spend learning to secure one application will decrease the time you spend learning to secure the next. Linux Supports Many Security Applications You're not alone in the task of hardening your Linux system. There are many Linux applications available that are dedicated to various aspects of system security. These include security scanners, intrusion-detection systems, file system-integrity checkers, access-control mechanisms, virus scanners, application proxies, encryption utilities, secure remote administration tools, system-hardening scripts, and firewall tools. For example, Bastille Bastille (băstēl`) [O.Fr.,=fortress], fortress and state prison in Paris, located, until its demolition (started in 1789), near the site of the present Place de la Bastille. It was begun c. Linux is a free Linux system hardening script that disables and reconfigures software packages based on a comprehensive barrage of questions about the precise role and needs of your system. Through its excellent explanations of these questions, Bastille also provides a short course in system-hardening principles and techniques. Linux security applications can be instrumental in ensuring the integrity of not only individual systems but also an entire network. Furthermore, many free Linux security applications are as good or better than equivalent commercial products. The versatile and modular security scanner Nessus is one such application. Linux is at the Forefront of Secure Operating System The term "secure operating system" is a misnomer. Relevant articles include:
Besides its support for such a wide variety of security applications, Linux is being used as the basis for several new "isecure operating system" products and projects. In fact, the Linux kernel itself has been enhanced, via the Linux. Security Modules project, with security "hooks" that kernel modules and other applications can use to integrate security into the Linux kernel. LSM-enabled projects include Immunix, LIDS, and Security-Enhanced Linux. Immunix, which started out as a DARPA DARPA: see Defense Advanced Research Projects Agency. (Defense Advanced Research Projects Agency) The name given to the U.S. Advanced Research Projects Agency during the 1980s. It was later renamed back to ARPA. research project, is a commercial product based on Red Hat Linux Red Hat Linux, assembled by Red Hat, was a popular, "middle-aged" Linux distribution (not as old as Slackware but older than Ubuntu) upon its discontinuation in 2004.[1] Red Hat Linux 1.0 was released on November 3, 1994. . Immunix has advanced tools for isolating processes from each other and for protecting against "format bugs" and "stack-smashing attacks." The Linux Intrusion Detection--System, or LIDS for short, is a project that provides Linux systems with more stringent access controls around files and processes. Security Enhanced Linux See SELinux. is a secure Linux distribution developed by the National Security Agency. LSM LSM Linux Software Map LSM Louisiana State Museum LSM Linux Security Module LSM Living Stream Ministry LSM Laser Scanning Microscopy LSM Legato Storage Manager LSM Land-Surface Model LSM Lutheran Student Movement LSM Logical Storage Manager and its related projects are new and have not yet attracted a large following. Advanced kernel-level security, particularly kernel-level access controls, represent a major step forward in the security of Unix and Unix-like operating systems. Summary Because it is powerful, popular, stable, and versatile, Linux is worth considering as a server platform. Because it is highly customizable, it supports a wide range of security applications, and is available in the form of "secure distributions" such as Security-Enhanced Linux and Immunix. Using Linux as a secure Internet server platform is therefore a worthwhile and achievable undertaking. No operating system or software application can provide your Internet site with absolute protection from all possible threats. But Linux and the tools that run on it, combined with some time and effort on your part, can be used to secure a site as effectively as any other OS can, and more effectively than many. From: `Building Secure Servers with Linux.' ISBN ISBN abbr. International Standard Book Number ISBN International Standard Book Number ISBN n abbr (= International Standard Book Number) → ISBN m 596-00217-3 www.oreilly.co.uk |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion