Re: Security followup

Subject: Re: Security followup
From: Bruce Byfield <bbyfield -at- axionet -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Wed, 15 Jan 2003 12:34:02 -0800


Decker F. Wong-Godfrey wrote:

This may be true of some odler versions of Linux. Anymore, the installation of Linux systems is geared toward functionality; simply clicking on the choice for "desktop system" install will configure the system without services.


Not true, I'm afraid. True, most Linux distributions disable the more obvious problems, such as telnet and ftp. However, not all do so, and some have options that don't. Almost all enable some services without asking, too - which is why, the first thing you should do after installing is check to see what services are enabled.

Don't forget, too, that desktop installations tend to favor convenience over security. One particularly large problem is that many desktop installations are set to run a number of programs as the root user, creating a huge array of vulnerabilities.

Doing a recent review, I did a CIS test on an unmodified Red Hat 7.2 installation. It tested 6.07 on a 10 point scale, in which 10 is a completely secure system. That's not a wide open system by any means. However, considering that you can harden a system to over 9.0 and still have a system that you can use without too much inconvenience, it's obviously not terrifically secure, either.

The reason that there aren't many virus scanners for Linux is that there aren't viruses for Linux. The way UNIX and Linux are designed makes viruses hard to write, and have little effect on the overall system.

Yes, there are virus scanners for Linux, and, also a handful of viruses that can affect Linux machines. However, there are far, far fewer viruses that can affect Linux than Windows. Also, so far as I know, the damage that Linux viruses can do is severely limited compared to the potential for damage byWindows viruses. The only way that Linux viruses can be really destructive is if you're running as root .

Patching for newer versions of Linux is extremely easy too. Mandrake includes a point-and-click update utility, Red Hat includes up2date... the list goes on. They are as easy to use as their Windows counterpart, i.e. they can be run automatically--you never need to worry about keeping your system patched.

Let me put in a word for Debian. Not only can you update your system with apt-get, but you can do it while continuing to work.

--
Bruce Byfield bbyfield -at- axionet -dot- com 604.421.7177
http://members.axion.net/~bbyfield

"Fairy tales are more than true: not because they tell us that dragons exist, but because they tell us that dragons can be beaten."
-G. K. Chesterton.





^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Help Authoring Seminar 2003, coming soon to a city near you! Attend this
educational and affordable one-day seminar covering existing and emerging
trends in Help authoring technology. See http://www.ehelp.com/techwr-l2.

A new book on Single Sourcing has been released by William Andrew
Publishing: _Single Sourcing: Building Modular Documentation_
is now available at: http://www.williamandrew.com/titles/1491.html.

---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.



Follow-Ups:

References:
Re: Security followup: From: Andrew Plato
Re: Security followup: From: Decker F. Wong-Godfrey

Previous by Author: Re: Security followup
Next by Author: Re: Security followup
Previous by Thread: Re: Security followup
Next by Thread: Re: Security followup


What this post helpful? Share it with friends and colleagues:


Sponsored Ads