Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Linux fights off hackers
vnunet.com ^ | 17 Jan 2005 | Iain Thomson

Posted on 01/17/2005 10:56:25 PM PST by N3WBI3

A study by not-for-profit IT security testing organisation Honeynet Project has shown that, on average, Linux systems today take three months to fall prey to hackers, up from 72 hours in equivalent tests conducted between 2001 and 2002.

The 2004 results came after a team of researchers set up 19 Linux and four Solaris 'honeypots' in eight countries including the UK. Honeypots are unpatched internet-connected computers designed to be targets for hackers.

"Default installations of Linux distributions are getting harder to compromise," said the report.

"New versions are more secure by default, with fewer services automatically enabled, privileged separation in services such as OpenSSH, host-based firewalls filtering inbound connections, stack protection for common threats and other security mechanisms."

During the tests only four Linux honeypots were compromised (three running Red Hat 7.3 and one with Red Hat 9). Two of those systems were broken by brute force password attacks rather than by operating system vulnerabilities.

By contrast unpatched Windows systems exposed in a similar way in tests last year by Symantec lasted a few hours, or in some cases minutes.

But there was bad news for Solaris users, with three out of the four honeypots running Solaris 8 or 9 hacked within three weeks. However, a fourth has been online for six months without being compromised.


TOPICS: Miscellaneous; Technical
KEYWORDS: computersecurity; linux; security; spyware
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 101-111 next last

1 posted on 01/17/2005 10:56:26 PM PST by N3WBI3
[ Post Reply | Private Reply | View Replies]

To: Swordmaker

More good news for Linux users..


2 posted on 01/17/2005 10:58:19 PM PST by N3WBI3
[ Post Reply | Private Reply | To 1 | View Replies]

To: N3WBI3
Did the machines have firewalls? Most linux distros come with a pretty impenetrable firewall. Immeasurably better than windows' default and at least as good in filtering as zone alarm (although quite a bit more difficult to manage specific applications if you don't already know how).

During the tests only four Linux honeypots were compromised (three running Red Hat 7.3 and one with Red Hat 9). Two of those systems were broken by brute force password attacks rather than by operating system vulnerabilities.
That is strictly a problem with the users. So only one Linux system was compromised because of intrinsic invulnerabilities.

If you want impenetrable, go with OpenBSD. A properly configured OpenBSD server doesn't need a firewall. (fyi, Microsoft's HotMail server runs on OpenBSD; they've tried migrating it to windows but it hasn't worked)

Also, modern distros come with SELinux (security management implemented by the NSA). You can lock things down pretty tight using that.

3 posted on 01/17/2005 11:11:38 PM PST by explodingspleen (http://mish-mash.info/)
[ Post Reply | Private Reply | To 1 | View Replies]

To: N3WBI3

Its all about reducing the attack surface area. Turn all additional and enhanced features off by default.


4 posted on 01/17/2005 11:11:49 PM PST by microgood (Washington State: Ukraine without the poison)
[ Post Reply | Private Reply | To 1 | View Replies]

To: explodingspleen

They used to be hard to configure and set up because they were command-line ip-table based. And the few graphical firewalls left something to be desired. In Xandros V3, the first built in GUI firewall is finally being provided with protection configured and running the first time one one boots up the system. You can download free anti-virus software for Linux but its unnecessary since few hackers write one that targets a Unix-based system.


5 posted on 01/17/2005 11:15:23 PM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 3 | View Replies]

To: goldstategop; ShadowAce; rdb3

Running Xandros V3, have the Firewall on I think!


6 posted on 01/17/2005 11:21:07 PM PST by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: onef

ping


7 posted on 01/17/2005 11:31:01 PM PST by beaversmom (The greatness of a man is measured by the fatness of his wife)
[ Post Reply | Private Reply | To 1 | View Replies]

To: N3WBI3
By contrast unpatched Windows systems exposed in a similar way in tests last year by Symantec lasted a few hours, or in some cases minutes.

(gulp)
8 posted on 01/17/2005 11:37:23 PM PST by John Lenin
[ Post Reply | Private Reply | To 1 | View Replies]

To: N3WBI3

As much trouble as I'm having figuring out how my Linux system routes packets even *without* the firewall, much less figuring out how it does it with "iptables" set up, I'm amazed that anyone can hack into Linux at all...


9 posted on 01/18/2005 12:05:48 AM PST by fire_eye (Socialism is the opiate of academia.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: N3WBI3
Linux is deffinatly harder to crack than Windows.

That being said, I don't have the slightest idea why anyone bothers with a software/in-box firewall.

Just spend the 50 bucks on a router/firewall and be done with it.

10 posted on 01/18/2005 12:11:35 AM PST by Psycho_Bunny (“I know a great deal about the Middle East because I’ve been raising Arabian horses" Patrick Swazey)
[ Post Reply | Private Reply | To 1 | View Replies]

To: N3WBI3

Apple's MacOSX should be relatively secure too. I wonder why no test data on their XSERVE or OSX Server products in this test...?

running slackware and yellow dog here...


11 posted on 01/18/2005 12:32:20 AM PST by no_mm ("Give War a Chance." - Michael Savage)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Psycho_Bunny; All
That being said, I don't have the slightest idea why anyone bothers with a software/in-box firewall. Just spend the 50 bucks on a router/firewall and be done with it.

Precisely.

With all the malware and port scanning going on across the 'net, anyone not hiding behind hardware ( and maybe software ) firewalls is a fool, or maybe uninformed.

One attack, and all the conniptions you have to go through to correct it, will make a believer out of you.

And ditch Internet Exploder. Seriously.

Even that old copy of Netscape you have lurking on "coasters" around the house will attract less garbage.

Here's my Universal Help File of links:


 
Things you need--(all FREE)
Anti-Virus
AVG Anti-Virus version 7 (free) release available...
 Avast
Firewall
Kerio(Direct Download) Zone Alarm
 If are using zone alarm it may slow your PC. Try Outpost Firewall http://www.agnitum.com/products/outpost or Sygate Firewall http://www.sygate.com/ both have FREE and Pro versions and are heads above ZA.
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update- you must keep updated, it is the start of a secure system-
get all CRITICAL Updates

Things you want(Still Free)
 
 Get Firefox I use Firefox PR1 and IMHO, beats the sox off MS Explorer. Life is good with tabs. Click the link and give it a try.

Ad-Aware
Spybot S&D
SpywareBlaster
MS MVP Hosts file
Mike Lin's Homepage and get the Startup Control Panel and Startup Monitor tools.
 
The best forum for malware removal:
-SWI Forums-
 
 
http://www.freerepublic.com/focus/f-news/1315720/posts
 Microsoft Releases Anti-Spyware Beta 1 To Public Today.
Microsoft.com ^

12 posted on 01/18/2005 12:58:57 AM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Psycho_Bunny
Just spend the 50 bucks on a router/firewall and be done with it.

Nah. I've got an old (Pentium 120) with Linux installed that acts as my firewall. Zero intrusions. Zero problems going out. I still have my $50.

But for those without old equipment lying around, it would be the best $50 one can spend.

13 posted on 01/18/2005 5:22:42 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 10 | View Replies]

To: N3WBI3
three running Red Hat 7.3 and one with Red Hat 9

All of these are obsolete. Get a newer (or even current) distro, and you'll be even safer.

14 posted on 01/18/2005 5:25:15 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 2 | View Replies]

To: microgood
Its all about reducing the attack surface area. Turn all additional and enhanced features off by default.

That's the basic problem with Windows -- it ships with take-me-I'm-yours default settings that make Paris Hilton look like Mrs. Grundy.

15 posted on 01/18/2005 5:47:06 AM PST by steve-b (A desire not to butt into other people's business is eighty percent of all human wisdom)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Psycho_Bunny

Psyco, what do you think those 50 dollar firewalls are running ;) They are running Linux and iptables. But its a good idea to layer your protection..


16 posted on 01/18/2005 6:28:14 AM PST by N3WBI3
[ Post Reply | Private Reply | To 10 | View Replies]

To: ShadowAce

RH9 is not all that bad, its the base for RHEL 2.1 which is not out of date and there are patches out there under Fedora Legacy..


17 posted on 01/18/2005 6:29:39 AM PST by N3WBI3
[ Post Reply | Private Reply | To 14 | View Replies]

To: N3WBI3

I run/ran 7.3 and 9. Switched to core 2, running suse now. next box will be gentoo


18 posted on 01/18/2005 6:32:45 AM PST by stainlessbanner
[ Post Reply | Private Reply | To 17 | View Replies]

To: ShadowAce
All of these are obsolete. Get a newer (or even current) distro, and you'll be even safer.

Actually, if security is your chief priority it's better not to use a current distro. The advantage of running an older distro is that at this point they have been thoroughly audited and are unlikely to have hacker-known vulnerabilities. If go with the bleeding edge, you get nifty new toys, but the trade off is that they haven't been as thoroughly debugged/security hardened as older software.

19 posted on 01/18/2005 7:18:49 AM PST by explodingspleen (http://mish-mash.info/)
[ Post Reply | Private Reply | To 14 | View Replies]

To: explodingspleen
The advantage of running an older distro is that at this point they have been thoroughly audited and are unlikely to have hacker-known vulnerabilities.

Unfortunately, one does not necessarily follow the other. Once the code is audited and the fixes found, they are usually put into later versions, with recommendations that the user upgrade to the latest version. This usually happens in the kernel.

20 posted on 01/18/2005 7:35:43 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 19 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 101-111 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson