Results 1 to 6 of 6

Thread: Linux--The Most Secure OS of All?

  1. #1
    Senior Member
    Join Date
    May 2003

    Linux--The Most Secure OS of All?

    Some may claim otherwise, but many insist that Linux is the most secure operating system (OS) of them all.

    Linux security advocates point to a plethora of hardened distributions and hardened kernels, for one thing. Linux administrators can also take also take many steps to make any distro even more secure, starting with installation procedures.

    Linux practitioners have seen security as a priority from day one, according to Jim Dennis, one of the principals at Starshine.org. "Essentially, people who use Linux tend to value security over features," Dennis maintains.

    Many Linux distros, for example, come with support for transmission control protocol (TCP) wrappers compiled right in, he illustrates. "With Sun Solaris, for instance, you still have to add that."

    Dennis acknowledges that Linux is now feeling the impact of worms and viruses. By and large, though, these infections originate in the Microsoft Windows environment, he charges.

    One way to help fend off incursions is to use componentry from different code bases--such as Apache 2.0 and Apache 1.3--in putting together Web server implementations, according to Dennis. "Diversity saves us," he quips.

    Meanwhile, organizations such as banks and federal security agencies have been working for years to build hardened Linux distros and kernels. Hardened kernels include LIDS; GRSecurity; RSBAC; and LOMAC.

    In the distro category, Dennis points to Openwall Linux (OWL); SELinux; and Adamantix, a Debian derivative. Adamantix was previously known as Trusted Debian.

    SELinux, on the other hand, was developed by the National Security Agency (NSA). This hardened distro, which features a hardened kernel, is also "extremely granular," so that implementation is complex, Dennis says.

    In a two-hour session at the recent PC Expo show, and a follow-up interview later, Dennis gave wide-ranging tips on how to protect all Linux implementations from technical and network exploits.

    Security is a highly complicated matter, however, Dennis admitted. "I'm not going to make you a CISSP pro in two hours. I'm not one myself," he told attendees at PC Expo's Linux Bootcamp.

    On the installation side, Dennis recommended starting from either a CD or an isolated local area network (LAN). You should eliminate services you don't need, and place strict limits on any services you do need.

    "You can't crack a service you can't reach," Dennis said. "Bind services to specific interfaces via their config files. Use 'host allow' and 'host deny' to say who can access services, and who can't."

    When installing patches and upgrades, check vendor package signatures and/or checksums. Debian binary packages are unsigned, however. With RPMs, signature checking is optional.

    If possible, you should also run Bastille, an interactive lockdown/hardening script. Right now, Bastille supports Red Hat, SUSE, TurboLinux, Debian, and Mandrake distros, in addition to Mac OS X and HP-UX.

    Bastille may be "generic and opaque," but it's also "quick, easy, and a consolidation of best practices," according to Dennis.

    Dennis also advised installation of both AIDE and Samhain, a software project from lunapark.

    "AIDE is the new tripwire. Tripwire is old and somewhat non-free," Dennis added. For its part, Samhain features LDAP authentication, a network console, a stealth option, and daemon mode, for instance.

    "Use two," Dennis suggested. "Copy archives and checksum databases. Use bootable read only (RO) media. Add to DNS, DHCP, routers, SNORT, BB/Naslos, etc."

    Denis also gave advice across a wide range of other security areas, including the use of "jail services" such as chroot; replacement of "deprecated protocols" such as telnet, and the role of cryptography, to name a few.

    The most important thing, though, is to never let down your guard, Dennis recommended. "Stay vigilant. Complacency is dangerous," he concluded.
    Source : http://www.linuxplanet.com/linuxplanet/reviews/5038/1/
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  2. #2
    Senior Member
    Join Date
    Dec 2002
    I think that last sentence
    "The most important thing, though, is to never let down your guard, Dennis recommended. "Stay vigilant. Complacency is dangerous," he concluded."
    is defently the most important piece of advice anyone can give.

  3. #3
    Junior Member
    Join Date
    Oct 2003
    In my opinion, any operating system can be 'most secure', it all depends on the person setting up the system, and how much care they take into what they are doing. A year ago I probably would have totally agreed with you, but I think Microsoft has made strides on their operating systems' security. No operating system I have ever used has been perfect, but to say one is the 'most secure' would be wrong.
    Malefactoris vester ante accedo...

  4. #4
    Senior Member
    Join Date
    Jan 2003
    I agree with Arcanus. I think that linux is more secure than windows. But in someways it isnt. Being open source anyone kind find bugs and expoit it more easily. Yet people can also find them and patch them more easily. Microsoft has done a bit better on security...but not much better.
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

  5. #5
    Join Date
    May 2003

    Linux is not the most secure OS of all and is infact one of the least secure of all, down there with the rest of the standard commercial level systems (Windows, UN*X, OSX) though according to any quantitative measure (EAL2 anyone?) even less secure than most of those.

    As for more secure versions of Linux? LIDS and Pitbull LX (which is the best but wasn't even mentioned) are both incomplete and SE-Linux won't even meet B1 and is just a research project.

    Linux doesn't even support MAC well and hell, isn't even a microkernel.

    This is just another example of the open source community having no clue about security and if he was a CISSP he'd know about the access control CBK and would realize how weak Linux really is.

    He should check out KSOS or LOCK to see what a real contender in the most secure OS catagory is.

    I'll follow this up in a day or so with what secure operating systems involve, however in the meantime here I've attached class notes from a TOS design class.


  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    I have been in IT for around 30 years now...........I have never heard of this guy or his organisation?........who the hell is he? what is his background? what are his credentials?, how old is he? what is the annual turnover of his ".org"?

    I have heard of Bill Gates and Microsoft, Linus Torvalds (cannot spell his name...his fault, he should have spelt it right first time ) and the rest, why not of this "guru"? and Sun Solaris is weaker than Linux..........the fellow should be on Broadway (sweeping it)

    I did read of a guy who is in big trouble for probing systems (hacking) to "promote his fledgling company"

    I guess I have no further questions your honour..............................

    Cheers folks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts