From the Editor - Security One Step at a Time

The attack path between intruders and your data might be shorter than you think.

As I write this, yet another e-mail worm is spreading among non-Linux computers and incidentally filling my mailbox with “YOU HAVE A VIRUS” bounces from dumb software that somehow doesn't yet get the concept that worms forge mail. There's nothing like a worm attack that spares Linux to bring out the smug superiority in Linux users.

Cut it out. The attack path here is one step long. All that's keeping us safe is that most programs for Linux don't make it easy to run attachments from incoming mail. But combine the right vulnerability in a common desktop app with a little social engineering, and you've got a Linux worm.

Last year, the not-so-dramatically-named CAN-2003-0434 vulnerability allowed humble PDF files to run arbitrary commands as you. Linux users and distributions dealt with it quickly enough that it didn't turn into a vector for spreading a worm. With today's larger Linux user base and more desktop standardization, the next vulnerability will be a bigger risk.

Now that we've scared you, we'll cover the tools you could use to prevent not just a mail worm, but other attacks we don't know about yet. Run a local firewall and don't let programs on your company's desktops reach outside SMTP servers. Deploy exactly the firewall policy you want, on every host, with the advanced iptables advice in Chris Lowth's Kernel Korner on page 24. As you move your business apps to PHP, design them for security with Xavier Spriet's battle-tested designs on page 54.

And, make the next move in the spam wars. Deal with forgery where it starts. Although the US has essentially legalized spam, all the ISP advertising we've seen recently has used spam filtering as a selling point. Sender Permitted From, which Meng Weng Wong covers on page 62, lets you pop up out of the weeds and get mail through to customers who use strict spam filtering. SPF is a “look at me, I'm legit” measure you can deploy in a few minutes for a simple mail configuration.

Finally, in our cover story, Ibrahim Haddad and Miroslaw Zakrzewski explain a promising example of how to apply the kernel's Linux Security Module (LSM) interface to add process-level access control for telecom apps running on clusters (page 68). Developers can carry out this level of work, free of restrictions, because of the freedom that the GPL licensing consensus gives all of us. Keep your systems secure and enjoy this month's issue.

Don Marti is editor in chief of Linux Journal.



Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: From the Editor, April 2004: Security One Step at a Time

Anonymous's picture

Hi Don,

I need to see if you could e-mail me about setting up a firewall on my PC. I think it is setup but I'm just not sure? When I installed Fedora Redhat I asked for high security to be installed. How do I check to see from the command line if it is installed?

Thank you,

Rob McLachlan @

Re: From the Editor, April 2004: Security One Step at a Time

Anonymous's picture

from a root prompt:

select Firewall Configuration and just use one of the settings High preferably... I mostly use custom myself or write my own iptables rules...

Re: From the Editor, April 2004: Security One Step at a Time

Anonymous's picture

No problem! Just post your IP and I am sure that plenty of people would be happy to test to see if your network is vulnerable.

Re: From the Editor, April 2004: Security One Step at a Time

Anonymous's picture

iptables -L

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState