Linux Security

Recommended Posts

I know security is all in how you set it up...obviously, if you don't set a password on anything it would be less secure.

the majority of people would claim that linux is more secure than windows, while a few respected knowledgable opinions around the message boards indicate that a default install of pretty much any distro would be less secure than windows.

so, my question is, "How do I secure my linux box?"

for example, I did a default install of MDK10.1, I left it set to "standard" security, I set my root and user password...not running a firewall (not too worried, I'm behind a router....but should I be?).... thats about it.

With MDK and an easily downloadable tool, I recently discovered how easy it is to crack a WEP key, which was a little disheartening and that was in a corporate environment but we'll leave the vulnerabilities of wireless encryption out of this for now.

So, how does someone new to linux set up a box and claim that it's more secure than windows and be correct in that statement?

since I've seen alot of threads go from noob level to advanced in just a few posts, it would be great to see it explained like I'm 5 years

Link to post
Share on other sites

"......., while a few respected knowledgable opinions around the message boards indicate that a default install of pretty much any distro would be less secure than windows."

First this statment is incorrect.. When you install windows your first user is an administrator. (this is not including the administrator it creates for safe mode).

What does this mean..

well a basic linux install in more secure than most windows installs in couperations because the split in task between users and administrators. when you log in to windows as that user (it even logs you in by default with no password) you are now at risk , your whole system is at risk. why IE, firefox, Outlook MS word are all running at admin level with access to yoru computer as an admin.

With a basic linux install (NOT LINSPIRE they are EVIL and WRONG) your first accout is root and then it has your create a user that has no admin rights.. if you are using slackware or Gentoo your user can not even switch to root as they are not in the wheel group. so if they come on some spoofing in the internet or open a email with a virus it can not infect the system..

do you see the big diffrence.. for windows to be as secure as a default linux install you would have to remove the first user and create limited users only. but hten you can't play Games or do a lot of Internet stuff.

next is attacks.. MS is not attacked more because they are more popular.. if that was true Apache would get hacked 3 times more that ISS (MS web server) because they control upto 3/4 of the market. But ISS is attacked succeffuly 2 to one to apache. another diffrence is when apache is is broken into the attacker can only effect files and folders owned by usr apache.. but ISS is ran as administrator on a windows box. this means that an attacker can after cracking ISS, have access to your entire system as a administrator.

next is virus.. agian on linux you run as a user with no admin rights. you ONLY have rights to your home folder. which means if you get a virus (one of 20 that are out their and only 5 run on the 2.6 kernel) only you are infected.. while on a windows box if you are not a limited user (99.9% are not) you can infect you entire network.

next is how easy it is to write programs to hack windows.. Linux/Unix is based on C.. all source is posted so people can see if there is a hole or test better for holes...

Windows 2000 adn up is based on Visual C++ with a Visual basic core.. that means with these tools any kid with no programing skills can attack the heart of a windows box. Most viruses are run as Visual Basic programs adn htis is the real reason their are so many. its too easy for people with no real computer skills to write a bad program for windows..

updates.. Microsoft says they put out patches to 90% of their problems faster than Linux.. thats true.. but the wrong question.

the correct question is who fixes threatning bugs faster and more offten.... they claim that Red Hat took a year to fix two bugs.. we'll yes and no. they had to do with CVS.. what you ask.. 99.9% of Linux users and Red Hat useres do not have CVS running or what it is.. the bug was not secuerity it was that it could crash if more that 10 people loged in at one time.. so its is not as important a fix as a kernel bug that allowed people to exacute scripts on the host machine.. this was fixed in a day.

Windows has 6 serious secuerity vaulabuilitys fixed in sevice pack 2. but that is not good for 2003 server or for windows 2000. they say they will never fix the problem with these so what would you rather have.. a bug tha effects .1% and is easy worked around and poses no real threat.. or a but that makes your system open to a attack but will never get fixed..

all software has problems..

but you can do some things to make it more secure.. first if you run Linux 99% of all aka "hackers" will not have a clue what to do .. they are script kiddies with visual basic tools they did not create. next. innetd is turned off be default on a linux box..not so on a windows box... do a port scan of a newly installed windows box and a newly installed linxu bax.. (before any patches) you will find 20 open ports on windows and 2 open ports on linux ( if you install the default firewall you will see one out going http port)

but don't just trust me..

but this is what I do..

I am a Network engineer at SAIC (the same people whos lab test for Government secuerity standards) but you need to know what a PL level is and a CC level is to make that matter.

I work mostly for NSA, DISA, DoD, FBI, CIA

these are the coupters I have to secure and test for being secure.

look at the nsa site and look at the windows secuerity configueration guide its 100 pages long of things you must turn off to run windows on a US Government network (and this is UNCLASS)

the linux guide is 20 pages and is mostly make this file read only and turn off inetd .. most of the linux stuf is already by default.none of the windows is.

good site to see.

Thanks for the question.

Link to post
Share on other sites

also SuSE announced today a major problem with 2.6 kernel.. it could allow an attacker to shutdown a Linux system running kernel 2.6 and IPTAbles with logging.. this sounds really bad.. untill your read the new (a old kernel as they are at 2.6.9) has the fix already..

Windows never performs on that scale .. or that fast.

Link to post
Share on other sites

Thanks for the long reply iccaros... I had already assumed alot of what you said, comparing a standard user on linux to a limited account on windows, and also the fact that most SKs wouldn't know what to do if they even got in but wanted to hear it from someone with far more knowledge than I have...I have a better than average knowledge of how to secure windows but being new to linux and really starting to love what it has to offer (already became my default OS on the 2 machines I've installed it on), wanna make sure I'm not leaving myself open to trouble.

thanks again, T.

Link to post
Share on other sites

I've been writing to iccaros for a long time, he's a very knowledgeable Unix/Linux master who is very generous with his time.

I totally agree with iccaros. If you run Linux behind a router and run as a user you are more secure than a windows box. In my opinion Linux is more secure than windows.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.