Linux in Government: How Security Exploits Threaten Government Infrastructures
First, your infrastructures may be exploited. As shown in Figure 3, the ISP says, "Individual responses to these complaints are not possible due to volume received." Consider that another way of saying, "we cannot stop the abuse because too much exists". Also notice that the e-mail says, "Note that SBC will not release any confidential customer information without court ordered consent." Consider that another way of saying, "we will not tell on our customer".
Ultimately, SBC/PacBell has delivered a simple message that we are on our own when it comes to protecting ourselves against the enemy. So, while you may think that you have done everything necessary to protect your infrastructure, you haven't.
The next example demonstrates how an individual can grab enough information to gain access to your network. Figure 4 demonstrates a simple and effective means of getting the information needed.
In this figure, you can see what appears to look like an alert from a well-known provider of e-commerce transactions, PayPal. Anyone with a PayPal account simply could click the Web site address provide to find out what the problem might be with his or her account.
However, if you right-click on the link, copy the link location and paste it into a text editor, you discover that the link actually goes to another location, as indicated in Figure 5. We call this the actual URL link. This Web site hosts a script that downloads a tiny program to a Windows Internet Explorer browser and begins broadcasting information about your network to a server.
We performed a whois on the URL and discovered a domain registered to someone with a set of jumbled letters as a name and address. After reporting the scheme to PayPal, the company contacted the issuer and took control of the URL. Figure 6 shows the domain registration after the report.
PayPal handled the matter in less than one day, but we do not know how many spyware programs the short-lived Web site delivered. Nor do we know the location of the server receiving information transmitted to it from inside unsuspecting networks.
Most government infrastructures have used Microsoft networking protocols in the past several years and do not have the kinds of protections afforded them by Linux. Several means of transitioning to a safer environment without a massive effort include using software written for Linux and ported to Microsoft on the desktop and using Linux in place of your Microsoft servers. In fact, many institutions have started using Mozilla Firefox as their default browser, Mozilla Thunderbird as their email client and OpenOffice.org as their productivity suite. These products add a measure of protection not found in Microsoft Internet Explorer, Outlook or Microsoft Office. OpenOffice.org also offers file compatibility with Microsoft Word, Excel and PowerPoint.
Linux also can replace Microsoft NT and Windows 2000 servers. By using Samba and various Linux BackOffice solutions, you can provide a higher level of security than what existing infrastructures offer. Your Windows users will find these servers transparent.
Linux desktops also run nicely on Intel platforms and fit into Microsoft networks without changing the overall infrastructure. Many Linux desktops already can take advantage of Active Directory, network browsing, sharing directories and Microsoft Exchange servers. Within the coming year, most Linux distributions will fit into your existing infrastructures like a hand in a glove.
This article barely skims the surface of the kinds of exploits that threaten our critical infrastructures. In future articles, we will explain such exploits in more depth and show you how Linux can provide a low-cost and secure solution to governments wishing for more security.
Tom Adelstein lives in Dallas, Texas, with his wife, Yvonne, and works as a Linux and open-source software consultant with Hiser+Adelstein, headquartered in New York City. He's the co-author of the book Exploring the JDS Linux Desktop and the upcoming book Essential Linux System Administration, to be published by O'Reilly and Associates. Tom has written articles and books on Linux since early 1999.
- Tails above the Rest, Part III
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Numerical Python
- Are you an extremist?
- RSS Feeds
- Tails above the Rest: the Installation
- Dolphins in the NSA Dragnet
- Tails above the Rest, Part II
- Tech Tip: Really Simple HTTP Server with Python
- Linux Systems Administrator