Paranoid Penguin - How to Worry about Linux Security
Although most of us manage to muddle through without major breaches occurring terribly frequently, running a networked Linux system is nevertheless a worrisome undertaking. Well, in my opinion, worrying is good! Worrying, if it's the constructive kind that holds complacency at bay, keeps us on our toes. The trick is to worry about the right things and to act on our worries.
Uh-oh, you may be thinking, Mick's setting aside his pocket-protector this month in favor of the soapbox. Guilty as charged. I'm convinced that my technical articles will be much more useful to you if you periodically think about the larger context into which security technologies fit. So this month in the Paranoid Penguin, it's time to discuss what to worry about in Linux security and what to do about it.
When you're thinking about defense, it's good to work your way outward, but because the bad guys are usually looking at you from the opposite direction, it's instructive to consider their viewpoint now and then. Therefore, I begin by talking about who we need to worry about attacking our systems. Next, I discuss their tools (attack-vectors) and finish by examining common system vulnerabilities and ways we can mitigate them.
So who are these attackers? They follow a spectrum from the unskilled, often reckless punks, to careful, highly skilled professionals. I don't even pretend to know the full spectrum myself—these aren't the circles I move in—but I can describe some common types:
Identity thieves harvest user name/password combinations, credit-card and bank account numbers, e-commerce credentials and other information they can either sell to other crooks or use themselves to perpetrate various kinds of fraud.
Resource thieves are less interested in your data than your computing resources (your computer or the network to which it's attached), which they want to use to send spam, commit distributed denial-of-service (DDoS) attacks, mask the origin of their attacks on other systems, trade pirated software (warez) or trade pornography. You'd be surprised just how many different ways it might be useful for people to make their network activities appear to originate from your system!
Malicious code is both a tool and an attacker. Although many worms, trojans and viruses are used to conduct specific types of attacks, others exist for their own sake (to make mischief) and operate autonomously. We need to worry, therefore, both about resource thieves and identity thieves who use malicious code in semitargeted ways and also about self-propagating malicious code.
Vandals want to deface your Web site, disrupt your network traffic and generally inconvenience you. In most cases, it's more precise to say that they want to impress their friends at your expense, though some cyber-vandals do in fact choose their targets carefully (for example, so-called hacktivists, who deface the Web sites of groups or governments they feel are evil).
Corporate spies want to steal your organization's proprietary data: the lab notes of your pharmaceutical researchers, the merger and acquisition plans of your board of directors and so forth. This is a much more focused type of attacker than the identity thief or resource thief, and not all of us really need to worry about corporate spies, but believe me, they do exist, and they do cause financial loss.
Stalkers want you to see only how very, very much they love you, even though the true depth and beauty of their passion can't be understood by any humorless judge or meddling psychiatrist. (Sorry, I'm being sarcastic, but I do detest stalkers!)
Everyone needs to worry about identity thieves, resource thieves and vandals, because these attackers tend to be highly indiscriminate in choosing their targets. The old security clichï¿½ “I don't have anything anyone would want to steal”, may hold up when discussing corporate spies, but falls completely flat here. In fact, resource thieves in particular prefer low-profile, innocuous-looking targets, because avoiding attention is such an important part of their operations. With all three of these groups (identity thieves, resource thieves and vandals), the attacker simply couldn't care less what you use your computer for.
Note that identity thieves generally don't care about your computer at all. They care about your identity, and to get at it, they're more likely to try to hack you—for example, by tricking you into entering your Internet banking credentials at an impostor Web site—than to hack your actual computer. (Although, it's only a matter of time before someone writes a worm that looks for identity information stored on its victims' hard drives. More on malicious code later.)
Also, not all attackers are remote. Corporate spies and identity thieves, in particular, who are frequently “insiders” at the organizations they attack, often have or seek local/console access to the systems they attack. (It's a lot easier to get at the data on a hard drive you've just stolen than to hack your way through firewalls, intrusion detection systems, application access controls and so on.) Resource thieves and vandals, however, are usually remote attackers.
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
- RSS Feeds
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- Using Salt Stack and Vagrant for Drupal Development
- Validate an E-Mail Address with PHP, the Right Way
- Tech Tip: Really Simple HTTP Server with Python
- New Products
- Ahh, the Koolaid.
15 min 15 sec ago
- git-annex assistant
6 hours 14 min ago
- direct cable connection
6 hours 37 min ago
- Agreed on AirDroid. With my
6 hours 47 min ago
- I just learned this
6 hours 51 min ago
7 hours 21 min ago
- not living upto the mobile revolution
10 hours 13 min ago
- Deceptive Advertising and
10 hours 48 min ago
- Let\'s declare that you have
10 hours 49 min ago
- Alterations in Contest Due
10 hours 50 min ago
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.