linux security

Robin Battey zanfur at zanfur.com
Wed Jan 22 14:56:05 PST 2003 

Avery:

Linux boxes are the most commonly hacked systems, yes.  It's the same as 
usual -- a Windows system does a decent job if you don't know what you're 
doing, and a Unix system does a better job if you *do* know what you're 
doing and a horrible job if you don't.  Unix is user-friendly, it's just a 
lot more picky about who it considers a friend ;-)

His warning about keeping the system properly patched is a VERY good one. 
Most definitely, follow that advice.  Of course, it doens't matter what OS 
is on the system, just keep it patched.  Unfortunately, because Linux 
doesn't suffer from security through obscurity (it is, after all, open 
source), it's a lot easier for hackers to find exploits than it is for a 
closed-source system.  Before you place a linux box on the internet, make 
sure you have closed down every service you don't explicitly need, put a 
firewall in place (iptables is quite nice), and block everything *except* 
what traffic you explicitly want to allow.  It's probably a good idea to 
sit down with a Unix security guru and let him walk you through securing 
the machine before plugging in the ehternet cord.

To illustrate just how important this is, you need to realize that most 
out-of-box linux default installs are vulnerable to being hacked, and that 
the *entirety* of the internet is scanned every two days by script kiddes. 
Of course, high-bandwidth and low-security-awareness systems are scanned 
for vulnerabilities even more frequently, and 99.98% or so is done by the 
Bad Guys(tm).  School networks, DSL networks, and cable networks fall into 
those categories, typically.  So, you'll likely get hit with attacks at 
least fifty times in the first hour of being online.

Summary:  yes, linux systems are hacked a lot, probably the most.  No, it's 
not a flaw in the operating system, it's a flaw in the user (usually).  The 
trick:  don't be a flawed user.

Cheers!
-robin

On Wed, Jan 22, 2003 at 02:39:06PM -0800, Avery Ke wrote:
> I was asking one of the tech support in Econ Dept about connnecting to
> our network. Part of his reply is pasted below.
> 
> And I got to wondering, is it true that unix-based OS are most frequently
> hacked on campus? There seems to be a  general assumption that linux is
> inherently less secure than  Windows/Mac. Since the people who give me
> that impression are invariably Windows specialists, it's hard for me to
> tell myth from fact.
> 
> 
> > > That's fine, but it's extremely important that you make sure to keep it
> > > properly patched and secured while it's on our network. Unfortunately
> > > UNIX-based operating systems are the most commonly hacked systems on
> > > campus, so I'd like to make sure that any linux/unix system on our
> > > network is not going to be posing a threat. I believe that most linux
> > > distributions have some sort of auto-update feature to keep on top of
> > > patches as they are released.
> >
> 
> Avery
> 

-- 
                        Robin Battey

     90CF 2E8F 8A96 D0C0 09A2  9CFE C130 6CD4 6DC3 6DCF
              http://www.zanfur.com/zanfur.pub
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
Url : http://mailman1.u.washington.edu/pipermail/linux/attachments/20030122/f30c8a9f/attachment.bin

More information about the Linux mailing list