1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Linux security in a Windows World (article)

Discussion in 'Linux / Unix Discussion' started by tripwire45, Aug 9, 2004.

  1. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    **Linux: Avenue for Windows Sneak Attack?
    By Roberta Bragg

    San Francisco -- So what the heck is this Windows security evangelist
    doing at Linux World? That's the question I asked myself as I walked
    the Moscone Center halls this week. I came because a friend of mine,
    John Terpstra of the Samba Team, was launching a new book, "Hardening
    Linux". The other reason was because any computer on the network can
    influence the security status of any other. It would be a shame to know
    and apply every nuance of Windows security and ignore the implications
    of Linux. Truth be told, a single unsecured Linux box can be a
    network's downfall. It may become infected with a virus or worm, or
    compromised with a Trojan or other attack then used either directly or
    indirectly to attack your Windows computers.

    The answer is not to ban Linux, but to learn its strengths and
    weaknesses. Then you can take steps to prevent such attacks from
    occurring, or detect and reflect them if they do. You can't do that in
    a vacuum, or by poking around with the OS; you certainly can't do that
    by asking questions in those newsgroups in which "Linux is secure by
    default" is the daily mantra. Books are good sources of information,
    but can only take you so far. I've used these resources and more; but
    for the big picture, I like conferences.

    There's another reason for my attendance. At most Windows conferences –
    - even at Windows security conferences and at most information security
    conferences -- I'm just not finding much information on how to securely
    integrate mixed operating systems. Very few networks are pure Windows.
    We've solved many of the issues of integrating mainframes and minis,
    Unix and Linux and Windows. But we haven't solved them all.

    Among the biggest unanswered questions about integration is how to do
    it without compromising security.
    - When you add another OS, what security impact will it have on your
    data, other OSs and applications?
    - Will you have to loosen security to get these things to play well
    - You know how to create a secure authentication policy in a Windows
    network, but how can you maintain the same level of security when
    granting Windows clients access to databases running on Linux?
    - You've got the IPSec policy thing down, but can you make Linux and
    Windows talk IPSec to each other? How can you ensure secure
    communications between disparate boxes on the network?

    Linux World didn't provide the answers to all these questions, but
    unlike many conferences I've attended, it did acknowledge them. While
    there were many sessions on only Linux-related themes, there were also
    sessions on integrating Linux into an AD environment, the pitfalls of
    using Kerberos for authentication in mixed environments, and keynotes
    painting pretty pictures of centralized policy management for both
    Windows and Linux. In addition, many exhibited vendor products stressed
    compatibility and integration capabilities. Everywhere I found people
    eagerly talking about managing the heterogeneous enterprise.

    For Windows-focused folks, here are some questions and answers for the
    Linux boxes on your network:
    - Should you provide antivirus products for you Linux systems? Yes.
    - There aren't any viruses for Linux, are there? Wrong.
    - Are virus writers using unprotected Linux boxes to spread Windows
    viruses to your Windows boxes? Yes. According to Central Command,
    http://www.centralcommand.com/linux_products.html, there are some 60
    known viruses for Linux, though some aren't in the wild. This isn't
    many -- but isn't one virus packing a malicious payload one too many?
    What if that one, gaining a foothold on that Linux box, proceeds to
    infect Windows machines? What if saving Windows files to the Samba
    server spreads infection? Windows boxes can be used to infect Linux,
    and Linux boxes can be used to infect Windows -- why would you ignore
    these possibilities? Run antivirus on your Linux systems, especially on
    the Samba box.
    - If you install Samba, www.samba.org, on a Linux box and use it for
    file and print services for Windows clients, can you lock down access
    to individual files? Linux file permissions are different than NTFS
    file permissions. Samba, like many programs that make file and print
    services available for both Linux and Windows clients, map permissions
    when they're the same -- such as Read -- and fudges it when they're
    not. You can secure files, but it's not going to be the same. Take a
    close look in order to work out the best solution for your environment.
    - How do you lock down multiple databases running on diverse
    platforms? How do you monitor them for evidence of attack or
    compromise? IPLocks, www.iplocks.com, has an answer. Its product, an
    assessment tool for Oracle, DB2, Sybase, Microsoft SQL server and other
    databases, provides a list of clearly documented, potential
    vulnerabilities. It alsohas a centralized log collection and evaluation
    component. The system provides analysis and can send e-mail or pager
    alerts when suspicious activity occurs. They don't advertise it as
    such, but to me it sounds like an intrusion detection system for

    So, does a Windows security evangelist belong at Linux World? You
    betcha. I went there expecting to ask questions of strangers, and
    found, to my delight, that I could have conversations with new friends.

    -- Roberta Bragg, MCSE: Security, CISSP, Security+, and contributing
    editor for MCP Magazine, owns Have Computer Will Travel, Inc., an
    independent firm specializing in information security and operating
    systems. She's series editor for McGraw-Hill/Osborne's Hardening
    series--books that instruct you on how to secure your networks before
    you are hacked, and author of the first book in the series, "Hardening
    Windows Systems". Contact her at roberta.bragg@mcpmag.com.
    Certifications: A+ and Network+

Share This Page