Linux security in a Windows World (article)

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

**Linux: Avenue for Windows Sneak Attack?
By Roberta Bragg

San Francisco -- So what the heck is this Windows security evangelist
doing at Linux World? That's the question I asked myself as I walked
the Moscone Center halls this week. I came because a friend of mine,
John Terpstra of the Samba Team, was launching a new book, "Hardening
Linux". The other reason was because any computer on the network can
influence the security status of any other. It would be a shame to know
and apply every nuance of Windows security and ignore the implications
of Linux. Truth be told, a single unsecured Linux box can be a
network's downfall. It may become infected with a virus or worm, or
compromised with a Trojan or other attack then used either directly or
indirectly to attack your Windows computers.

The answer is not to ban Linux, but to learn its strengths and
weaknesses. Then you can take steps to prevent such attacks from
occurring, or detect and reflect them if they do. You can't do that in
a vacuum, or by poking around with the OS; you certainly can't do that
by asking questions in those newsgroups in which "Linux is secure by
default" is the daily mantra. Books are good sources of information,
but can only take you so far. I've used these resources and more; but
for the big picture, I like conferences.

There's another reason for my attendance. At most Windows conferences –
- even at Windows security conferences and at most information security
conferences -- I'm just not finding much information on how to securely
integrate mixed operating systems. Very few networks are pure Windows.
We've solved many of the issues of integrating mainframes and minis,
Unix and Linux and Windows. But we haven't solved them all.

Among the biggest unanswered questions about integration is how to do
it without compromising security.
- When you add another OS, what security impact will it have on your
data, other OSs and applications?
- Will you have to loosen security to get these things to play well
together?
- You know how to create a secure authentication policy in a Windows
network, but how can you maintain the same level of security when
granting Windows clients access to databases running on Linux?
- You've got the IPSec policy thing down, but can you make Linux and
Windows talk IPSec to each other? How can you ensure secure
communications between disparate boxes on the network?

Linux World didn't provide the answers to all these questions, but
unlike many conferences I've attended, it did acknowledge them. While
there were many sessions on only Linux-related themes, there were also
sessions on integrating Linux into an AD environment, the pitfalls of
using Kerberos for authentication in mixed environments, and keynotes
painting pretty pictures of centralized policy management for both
Windows and Linux. In addition, many exhibited vendor products stressed
compatibility and integration capabilities. Everywhere I found people
eagerly talking about managing the heterogeneous enterprise.

For Windows-focused folks, here are some questions and answers for the
Linux boxes on your network:
- Should you provide antivirus products for you Linux systems? Yes.
- There aren't any viruses for Linux, are there? Wrong.
- Are virus writers using unprotected Linux boxes to spread Windows
viruses to your Windows boxes? Yes. According to Central Command,
http://www.centralcommand.com/linux_products.html, there are some 60
known viruses for Linux, though some aren't in the wild. This isn't
many -- but isn't one virus packing a malicious payload one too many?
What if that one, gaining a foothold on that Linux box, proceeds to
infect Windows machines? What if saving Windows files to the Samba
server spreads infection? Windows boxes can be used to infect Linux,
and Linux boxes can be used to infect Windows -- why would you ignore
these possibilities? Run antivirus on your Linux systems, especially on
the Samba box.
- If you install Samba, www.samba.org, on a Linux box and use it for
file and print services for Windows clients, can you lock down access
to individual files? Linux file permissions are different than NTFS
file permissions. Samba, like many programs that make file and print
services available for both Linux and Windows clients, map permissions
when they're the same -- such as Read -- and fudges it when they're
not. You can secure files, but it's not going to be the same. Take a
close look in order to work out the best solution for your environment.
- How do you lock down multiple databases running on diverse
platforms? How do you monitor them for evidence of attack or
compromise? IPLocks, www.iplocks.com, has an answer. Its product, an
assessment tool for Oracle, DB2, Sybase, Microsoft SQL server and other
databases, provides a list of clearly documented, potential
vulnerabilities. It alsohas a centralized log collection and evaluation
component. The system provides analysis and can send e-mail or pager
alerts when suspicious activity occurs. They don't advertise it as
such, but to me it sounds like an intrusion detection system for
databases.

So, does a Windows security evangelist belong at Linux World? You
betcha. I went there expecting to ask questions of strangers, and
found, to my delight, that I could have conversations with new friends.

-- Roberta Bragg, MCSE: Security, CISSP, Security+, and contributing
editor for MCP Magazine, owns Have Computer Will Travel, Inc., an
independent firm specializing in information security and operating
systems. She's series editor for McGraw-Hill/Osborne's Hardening
series--books that instruct you on how to secure your networks before
you are hacked, and author of the first book in the series, "Hardening
Windows Systems". Contact her at [email protected].