Paranoid Penguin - How to Worry about Linux Security
Although most of us manage to muddle through without major breaches occurring terribly frequently, running a networked Linux system is nevertheless a worrisome undertaking. Well, in my opinion, worrying is good! Worrying, if it's the constructive kind that holds complacency at bay, keeps us on our toes. The trick is to worry about the right things and to act on our worries.
Uh-oh, you may be thinking, Mick's setting aside his pocket-protector this month in favor of the soapbox. Guilty as charged. I'm convinced that my technical articles will be much more useful to you if you periodically think about the larger context into which security technologies fit. So this month in the Paranoid Penguin, it's time to discuss what to worry about in Linux security and what to do about it.
When you're thinking about defense, it's good to work your way outward, but because the bad guys are usually looking at you from the opposite direction, it's instructive to consider their viewpoint now and then. Therefore, I begin by talking about who we need to worry about attacking our systems. Next, I discuss their tools (attack-vectors) and finish by examining common system vulnerabilities and ways we can mitigate them.
So who are these attackers? They follow a spectrum from the unskilled, often reckless punks, to careful, highly skilled professionals. I don't even pretend to know the full spectrum myself—these aren't the circles I move in—but I can describe some common types:
Identity thieves harvest user name/password combinations, credit-card and bank account numbers, e-commerce credentials and other information they can either sell to other crooks or use themselves to perpetrate various kinds of fraud.
Resource thieves are less interested in your data than your computing resources (your computer or the network to which it's attached), which they want to use to send spam, commit distributed denial-of-service (DDoS) attacks, mask the origin of their attacks on other systems, trade pirated software (warez) or trade pornography. You'd be surprised just how many different ways it might be useful for people to make their network activities appear to originate from your system!
Malicious code is both a tool and an attacker. Although many worms, trojans and viruses are used to conduct specific types of attacks, others exist for their own sake (to make mischief) and operate autonomously. We need to worry, therefore, both about resource thieves and identity thieves who use malicious code in semitargeted ways and also about self-propagating malicious code.
Vandals want to deface your Web site, disrupt your network traffic and generally inconvenience you. In most cases, it's more precise to say that they want to impress their friends at your expense, though some cyber-vandals do in fact choose their targets carefully (for example, so-called hacktivists, who deface the Web sites of groups or governments they feel are evil).
Corporate spies want to steal your organization's proprietary data: the lab notes of your pharmaceutical researchers, the merger and acquisition plans of your board of directors and so forth. This is a much more focused type of attacker than the identity thief or resource thief, and not all of us really need to worry about corporate spies, but believe me, they do exist, and they do cause financial loss.
Stalkers want you to see only how very, very much they love you, even though the true depth and beauty of their passion can't be understood by any humorless judge or meddling psychiatrist. (Sorry, I'm being sarcastic, but I do detest stalkers!)
Everyone needs to worry about identity thieves, resource thieves and vandals, because these attackers tend to be highly indiscriminate in choosing their targets. The old security clichï¿½ “I don't have anything anyone would want to steal”, may hold up when discussing corporate spies, but falls completely flat here. In fact, resource thieves in particular prefer low-profile, innocuous-looking targets, because avoiding attention is such an important part of their operations. With all three of these groups (identity thieves, resource thieves and vandals), the attacker simply couldn't care less what you use your computer for.
Note that identity thieves generally don't care about your computer at all. They care about your identity, and to get at it, they're more likely to try to hack you—for example, by tricking you into entering your Internet banking credentials at an impostor Web site—than to hack your actual computer. (Although, it's only a matter of time before someone writes a worm that looks for identity information stored on its victims' hard drives. More on malicious code later.)
Also, not all attackers are remote. Corporate spies and identity thieves, in particular, who are frequently “insiders” at the organizations they attack, often have or seek local/console access to the systems they attack. (It's a lot easier to get at the data on a hard drive you've just stolen than to hack your way through firewalls, intrusion detection systems, application access controls and so on.) Resource thieves and vandals, however, are usually remote attackers.
|Speed Up Your Web Site with Varnish||Jun 19, 2013|
|Non-Linux FOSS: libnotify, OS X Style||Jun 18, 2013|
|Containers—Not Virtual Machines—Are the Future Cloud||Jun 17, 2013|
|Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer||Jun 12, 2013|
|Weechat, Irssi's Little Brother||Jun 11, 2013|
|One Tail Just Isn't Enough||Jun 07, 2013|
- Speed Up Your Web Site with Varnish
- Containers—Not Virtual Machines—Are the Future Cloud
- Linux Systems Administrator
- Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer
- Non-Linux FOSS: libnotify, OS X Style
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- RSS Feeds
- Reply to comment | Linux Journal
59 min 25 sec ago
- Reply to comment | Linux Journal
4 hours 59 min ago
- Yeah, user namespaces are
6 hours 15 min ago
- Cari Uang
9 hours 46 min ago
- user namespaces
12 hours 40 min ago
13 hours 6 min ago
- One advantage with VMs
15 hours 34 min ago
- about info
16 hours 7 min ago
16 hours 8 min ago
16 hours 9 min ago
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?