Linux and open source attacks soar
Results 1 to 8 of 8

Thread: Linux and open source attacks soar

  1. #1
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103

    Linux and open source attacks soar

    Vunet.com reports that attacks on *nix based systems increase, while attacks on Windows/IIS decrease.

    Taken from vunet.com article:
    Attacks on Linux and open source systems are set to more than double this year and may even eclipse the number of hostile attempts made on Windows systems in the future. [...]

    In the first six months of this year 7,630 overt attacks have taken place on Linux boxes. The total number of attacks last year amounted to 5,736.

    But attacks on Windows/IIS systems have already dropped by 20 per cent on last year's figures, from 11,828 to 9,404.

    According to mi2g, the big picture shows that hack attacks in general are on the rise, up 27 per cent on last year, from 16,007 to 20,371.
    My thoughts on this: Open Source software has grown to a state where-in it is possible for other than expert users to setup, use and maintain a system. One could state that with a growing pool of Open Source users, the average computer know-how of a single user decreases. Because of this, more configuration errors and security flaws (in the users system configuration) tend to be overlooked, thus explaining the numbers in the article quoted.

    Related links:
    http://www.vnunet.com/News/1133518
    http://slashdot.org/articles/02/07/1....shtml?tid=172
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  2. #2
    Junior Member
    Join Date
    Jul 2002
    Posts
    14
    Guus,

    I can only truly relate to this thread from my personal experience. In the course of my work as a Network consultant (basically I perform network admin duties for several small businesses), I have noticed that many people and smaller businesses don't know or seem to care about security. The overwhelming majority of people I work for expect the network server and gateway to work like a personal Win98 machine - i.e. single user with nothing locked down. This kind of mentality has been carried forward to 3 Window -> Linux migrations which produced 3 new clients of mine :-)

    What I have seen from these 3 clients is that the company has 1 person in-house who has the supplemental duties as an administrator, but deals mostly with workstations. This in-house admin hears alot of talk on the web concerning the security benefits of running Linux over windows and persuades management to make the switch (or management makes the switch because of MS's new licensing scheme). Neither management, nor the in-house admin knows even the basic theory of how security should work for a multi-user, internet-connected network. As a result of this, and because of the ease in installing the newer Linux distributions such as RedHat and SuSE, a properly secured system in NOT setup to begin with, nor is it properly maintained for security patches.

    The end result of this or similar sequence of events is a hacked network and upset management people due to loss of data and work time.

    IMHO, the major distributors of Linux need to concentrate not on a slick-working GUI environment, but on having a secure OS on first installation - itmes such as www, ftp, and telnet services running chroot'ed, with ftp being limited to real users by default, and having better firewalling capabilities out of the box (iptables with a more intuitive setup utility instead of ipchains). Also, having a better default password policy would be good as well (say a minimum of 8 characters, must be mixed, witha 30 day max lifespan for ALL accounts). Once better secured default installations are accomplished, then the distro's can work on making the interface prettier and more friendly. Thats just my opinion.

    Cheers,
    Bob
    Just finished a 2 part Linux firewalling tutorial using Firestarter (basic and advanced customization) .....

  3. #3
    They need to work on a slick GUI and an easy-to-use environment if they expect to succeed. It is possible to implement both (security and usability), chroot is NOT any security at all and is just a waste of harddisk space (I prefer real security over emulated security, chroot does not really protect over too many vulnerabilities. I believe OpenBSD's method of system call policies should be brought to Linux soon, as when it comes you will have rock-hard security. Not only will it provide awesome current-state security but is a very powerful way of preventing future threatning exploitations of vulnerabilities. It is very easy to implement this for specific reasons (custom tailored) but there is yet to be a widely deployed package for this).

    When it comes to good security on default install. You might have a point here, maybe an install-time rc.d editor (SuSE already offers all this and more in YaST2, but it is not at install time) would do (many if not most Linux distributions needlessly enable network servers. This is improving in the mass-commercialized Linux distributions though).

  4. #4
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    They've already been succeeding, which is exactly why these things are happening now. Before, not many knew you had to have a telnet session with an active shell account to be able to do a lot of the exploits. Add in the fact that a lot of the security is a fire-and-forget issue with a lot of new *nix users and you have the potential for bad things.

    It doesn't help that cable/dsl is so prevalent now and anyone can download an exploit, switch over to their RH partition, compile it, and then run it against some poor .edu that has an exploit on their DNS or wu-ftpd or whatever. They need to standardize linux to one set design and then secure it from there.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  5. #5
    Junior Member
    Join Date
    Jul 2002
    Posts
    19

    The rise of Attacks

    The reason you had in the past many more attacks on MS computers than on GNU/Linux boxes was b/c M$ had the majority of the market share. Now that GNU/Linux is increasing in popularity, more and more exploits will target it. Just like virii. More virii targeted M$ than Mac, Linux, UNIX, Solaris, GEMRS, and many others put together. It was because M$ eclipsed the number of computers that those OS's ran on.
    BEGIN VIRUS.EXE
    There is no spoon, but you yourself that bends...
    END VIRUS.exe

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    109

    Re: The rise of Attacks

    Originally posted here by DukArchon
    The reason you had in the past many more attacks on MS computers than on GNU/Linux boxes was b/c M$ had the majority of the market share. Now that GNU/Linux is increasing in popularity, more and more exploits will target it. Just like virii. More virii targeted M$ than Mac, Linux, UNIX, Solaris, GEMRS, and many others put together. It was because M$ eclipsed the number of computers that those OS's ran on.
    Thats exactly my thoughts, it would be interesting to see the number of GNU/Linux & Windows systems out there (though I'm sure that would be a hard statistic to come by) compared to these statistics. For example if the number of overall servers running Windows/IIS has droped by 25% and the number of attacks on Windows/IIS systems has only dropped by 20% it could mean a whole different story.

    Like my 11th grade English teach once told me: "Statistics are like bikinis- what the show is interesting, but what they hide is even more intriguing."

  7. #7
    Junior Member
    Join Date
    Jul 2002
    Posts
    8
    I've read this article earlier and there is one main problem I have with it:

    It just states that attacks have gone up on linux.

    Are these successful attacks? Are these attacks in General? Are these attacks that have been confirmed with logs/ firewalls? What is the distribution of attacks with Major or Minor severity (i.e. How many attacks just crash the system compared with wiping out the hard drive, trashing the motherboard, getting credit card info, etc etc.)? There realy isn't enough information here to determine the importance of these statistics. What if the statistics are only because fewer Windoze users and Corporations built on Windoze are reporting intrusions? What if the intrusions are passed over as "the computer's crashed again... why can't M$ make these things more stable?" (this is to say that a windows computer hasn't been running a firewall).

    With all this said, I'd like to see a more in depth study that will explain the details I have questions about before I begin to think of even more ways on how to get my Linux box even more secure and before I take the author of the article too seriously.
    \"It is a smart man who can quote others, but it is a wise man who can come up with his own, and it is a wise@** that came up with this one. \" -yours truly

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    109
    RavenLrD20k, those are some very good points.

    You really have to take a very critical view of statistics and such reports because they really show just a very small part of the big picture.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides