Posted on 10/03/2023 9:05:02 AM PDT by ShadowAce
Do you love Linux because of its user-friendly, exceptionally secure, heavy-duty, and open-source, making it easy to customize and maintain? If so, you’re not alone.
It is no wonder that Linux has captured the lion's share of the IT market. Business leaders and IT decision makers have poured their trust into Linux and prefer it for almost every business use case, and today, ZDNet reports that 96.3% of the top web servers run on Linux. The downside is that attacks on Linux are steadily rising, as cybercriminals have come to recognize the OS as an increasingly viable attack target.
This might seem far-fetched if you've always believed Linux is secure. But plenty of malware has been used to target Linux machines, and some campaigns have gone under the radar for years. For example, despite being dismantled in 2021, Emotet's botnet infrastructure is still being used to wreak havoc on Linux systems today.
Let’s examine how secure you are as a Linux user, and tips and tricks you can implement today to beat the threats targeting your systems.
Ever since it's inception, Linux has been considered one of the most secure operating systems. Here are a few reasons why:
These protocols were developed even before cybersecurity itself was clearly defined. However, cybersecurity and cybercriminals have come a long way. AI is here to help cybercriminals take down organizations in cunning ways, and IT teams must gear up with advanced tools that can evolve alongside AI technology. This shift can be seen with organizations moving from basic antivirus solutions to endpoint detection and response (EDR), next-gen antivirus, and lot more.
Let's explore why Linux is not secure on it's own along with how you can fortify it and win the game against cybercriminals.
Privilege elevation vulnerabilities in Linux are on the rise, with vulnerabilities like StackRot and Dirty Pipe creating a lot of noise in the IT world.
A Dirty Pipe attack looks something like this: A cybercriminal enters the network through brute force, or any credential abuse method, and elevates privileges. They disable your SELinux and then install malware. As the malware begins setting up processes to hide from the machine's security agent, it simultaneously expands its presence (e.g., lateral movement) through multiple payloads. Dirty Pipe has added to the growing list of attacks targeting privilege-based vulnerabilities in Linux.
The Dirty COW vulnerability, patched back in 2017, showcased how important updating Linux systems is. Dirty COW was used to escalate privileges, giving the attacker root access, with which they could not only export data, but misuse CPU and processing power, effectively executing a DoS attack to cause lag or outages.
Cyberthreats penetrate your network in creative ways that can be hard to anticipate. Cybercriminals are now taking full advantage of AI to abuse networks, because AI can make phishing attacks more sophisticated than ever.
The conventional attack pattern of installing binary on a machine and exploiting data is no longer common practice. Cybercriminals are more careful today, and can now use AI to more effectively evade notice. Even if it's becoming harder to discover how a threat originates, you can implement the following proactive strategies to keep your network secure.
Linux, like any OS, involves the use of applications, configurations, credentials, services, and much more. You can build a secure IT environment only when you have a clear picture of its boundaries.
Defining boundaries through privilege allocation and restrictions prevents mishaps occurring through unauthenticated sessions. In addition, visibility will help you classify assets based on the risk level, and real-time insights will help you track your data better.
When it comes to keeping your machines secure, it's a best practice to patch them regularly. Despite the importance of patching, IT administrators often do not patch their machines efficiently. This is not due to a lack of zeal towards patch management, but the real-time challenges admins face, like patch compatibility, end-user disruptions, etc.
As the number of Linux exploits continue to grow, IT admins can fall behind in deploying patches, resulting in the network being vulnerable. On the other hand, IT admins deploying patches at breakneck speed, without analyzing their compatibility, can lead to a breakdown of their Linux services. So, to patch your machines effectively:
All these efforts contribute to patch compliance, which indicates a secure network. These techniques can help you develop a proactive patch management strategy to stay on top of Linux security.
Your security measures for Linux won't end here. There are a lot of use cases that cannot be covered with standard tools but can be facilitated by custom scripts. For instance, securing code repositories and CI/CD tools varies from business to business. When such ad-hoc cases are compiled, IT teams will have to do a lot of scripting to address their system's particular concerns. Unfortunately, not all IT admins excel at writing custom scripts. And relying on scripts from the internet is not the ideal solution. IT admins must use scripts from trusted parties for smooth and reliable performance.
Linux is an integral part of many organzations' ecosystems, and it's up to business leaders and IT decision makers to get the most out of it. In today's landscape, IT admins should keep Linux operations light and easy on the machines while keeping them secure and productive. Security protocols should blend seamlessly with user experience. To yield the best results, prioritize security and empower end users with productivity boosters
I think the fact that it is free also has something to do with that.
Except it is NOT free at the corporate level. Not even Ubuntu. In fact, our RHEL site license rivals MS in cost.
But did Google pay for it? Related: Red Alert for Android Users: Google Gives Police Your Identification If Police Say You Were Near a Crime
What does Google have to do with RHEL site licenses?
I mentioned Google as not paying for Linux, and in relation to Goggle itself, how it is using its modified version of the Linux kernel as relates to privacy. Which does not impugn Linux at all, but I thought that you would find this story that just was posted to be of interest.
“Quite a stat.”
Actually it is. So far almost all Linux vulnerabilities required physical access to the machine, user passkey, and SU root access. Intentional or accidental. :)
My favorite flavor was Puppy Linux, run as root! A defense of it: https://unix.stackexchange.com/questions/46287/when-does-the-puppy-linux-security-model-make-sense
My concern was that of using patented multimedia codecs, which I worked to avoid.
I fully understand your moral position.
OK--I had misunderstand your statement.
In any case, though, Google *did* pay for Linux in the sense that they paid their developers to write their own version.
s/misunderstand/misunderstood/
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.