Loading
From the Editor - Security One Step at a Time
The attack path between intruders and your data might be shorter than you think.
As I write this, yet another e-mail worm is spreading among non-Linux computers and incidentally filling my mailbox with “YOU HAVE A VIRUS” bounces from dumb software that somehow doesn't yet get the concept that worms forge mail. There's nothing like a worm attack that spares Linux to bring out the smug superiority in Linux users.
Cut it out. The attack path here is one step long. All that's keeping us safe is that most programs for Linux don't make it easy to run attachments from incoming mail. But combine the right vulnerability in a common desktop app with a little social engineering, and you've got a Linux worm.
Last year, the not-so-dramatically-named CAN-2003-0434 vulnerability allowed humble PDF files to run arbitrary commands as you. Linux users and distributions dealt with it quickly enough that it didn't turn into a vector for spreading a worm. With today's larger Linux user base and more desktop standardization, the next vulnerability will be a bigger risk.
Now that we've scared you, we'll cover the tools you could use to prevent not just a mail worm, but other attacks we don't know about yet. Run a local firewall and don't let programs on your company's desktops reach outside SMTP servers. Deploy exactly the firewall policy you want, on every host, with the advanced iptables advice in Chris Lowth's Kernel Korner on page 24. As you move your business apps to PHP, design them for security with Xavier Spriet's battle-tested designs on page 54.
And, make the next move in the spam wars. Deal with forgery where it starts. Although the US has essentially legalized spam, all the ISP advertising we've seen recently has used spam filtering as a selling point. Sender Permitted From, which Meng Weng Wong covers on page 62, lets you pop up out of the weeds and get mail through to customers who use strict spam filtering. SPF is a “look at me, I'm legit” measure you can deploy in a few minutes for a simple mail configuration.
Finally, in our cover story, Ibrahim Haddad and Miroslaw Zakrzewski explain a promising example of how to apply the kernel's Linux Security Module (LSM) interface to add process-level access control for telecom apps running on clusters (page 68). Developers can carry out this level of work, free of restrictions, because of the freedom that the GPL licensing consensus gives all of us. Keep your systems secure and enjoy this month's issue.
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Designing Electronics with Linux
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Dynamic DNS—an Object Lesson in Problem Solving
- Linux Systems Administrator
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- Web & UI Developer (JavaScript & j Query)
- Using Salt Stack and Vagrant for Drupal Development
- Reply to comment | Linux Journal
4 hours 16 min ago - Dynamic DNS
4 hours 50 min ago - Reply to comment | Linux Journal
5 hours 49 min ago - Reply to comment | Linux Journal
6 hours 39 min ago - Not free anymore
10 hours 41 min ago - Great
14 hours 28 min ago - Reply to comment | Linux Journal
14 hours 36 min ago - Understanding the Linux Kernel
16 hours 51 min ago - General
19 hours 21 min ago - Kernel Problem
1 day 5 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Featured Jobs
| Linux Systems Administrator | Houston and Austin, Texas | Host Gator |
| Senior Perl Developer | Austin, Texas | Host Gator |
| Technical Support Rep | Houston and Austin, Texas | Host Gator |
| UX Designer | Austin, Texas | Host Gator |
| Web & UI Developer (JavaScript & j Query) | Austin, Texas | Host Gator |
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
Re: From the Editor, April 2004: Security One Step at a Time
Hi Don,
I need to see if you could e-mail me about setting up a firewall on my PC. I think it is setup but I'm just not sure? When I installed Fedora Redhat I asked for high security to be installed. How do I check to see from the command line if it is installed?
Thank you,
Rob McLachlan @ rlmcommunications@joimail.com
Re: From the Editor, April 2004: Security One Step at a Time
from a root prompt:
setup
select Firewall Configuration and just use one of the settings High preferably... I mostly use custom myself or write my own iptables rules...
Re: From the Editor, April 2004: Security One Step at a Time
No problem! Just post your IP and I am sure that plenty of people would be happy to test to see if your network is vulnerable.
Re: From the Editor, April 2004: Security One Step at a Time
iptables -L