Linux fights off hackers

vnunet.com ^ | 17 Jan 2005 | Iain Thomson

[N3WBI3]

A study by not-for-profit IT security testing organisation Honeynet Project has shown that, on average, Linux systems today take three months to fall prey to hackers, up from 72 hours in equivalent tests conducted between 2001 and 2002.

The 2004 results came after a team of researchers set up 19 Linux and four Solaris 'honeypots' in eight countries including the UK. Honeypots are unpatched internet-connected computers designed to be targets for hackers.

"Default installations of Linux distributions are getting harder to compromise," said the report.

"New versions are more secure by default, with fewer services automatically enabled, privileged separation in services such as OpenSSH, host-based firewalls filtering inbound connections, stack protection for common threats and other security mechanisms."

During the tests only four Linux honeypots were compromised (three running Red Hat 7.3 and one with Red Hat 9). Two of those systems were broken by brute force password attacks rather than by operating system vulnerabilities.

By contrast unpatched Windows systems exposed in a similar way in tests last year by Symantec lasted a few hours, or in some cases minutes.

But there was bad news for Solaris users, with three out of the four honeypots running Solaris 8 or 9 hacked within three weeks. However, a fourth has been online for six months without being compromised.

[N3WBI3]

More good news for Linux users..

[explodingspleen]

Did the machines have firewalls? Most linux distros come with a pretty impenetrable firewall. Immeasurably better than windows' default and at least as good in filtering as zone alarm (although quite a bit more difficult to manage specific applications if you don't already know how).

During the tests only four Linux honeypots were compromised (three running Red Hat 7.3 and one with Red Hat 9). Two of those systems were broken by brute force password attacks rather than by operating system vulnerabilities.
That is strictly a problem with the users. So only one Linux system was compromised because of intrinsic invulnerabilities.

If you want impenetrable, go with OpenBSD. A properly configured OpenBSD server doesn't need a firewall. (fyi, Microsoft's HotMail server runs on OpenBSD; they've tried migrating it to windows but it hasn't worked)

Also, modern distros come with SELinux (security management implemented by the NSA). You can lock things down pretty tight using that.

[microgood]

Its all about reducing the attack surface area. Turn all additional and enhanced features off by default.

[goldstategop]

They used to be hard to configure and set up because they were command-line ip-table based. And the few graphical firewalls left something to be desired. In Xandros V3, the first built in GUI firewall is finally being provided with protection configured and running the first time one one boots up the system. You can download free anti-virus software for Linux but its unnecessary since few hackers write one that targets a Unix-based system.

[Ernest_at_the_Beach]

Running Xandros V3, have the Firewall on I think!

[beaversmom]

ping

[John Lenin]

By contrast unpatched Windows systems exposed in a similar way in tests last year by Symantec lasted a few hours, or in some cases minutes.

(gulp)

[fire_eye]

As much trouble as I'm having figuring out how my Linux system routes packets even *without* the firewall, much less figuring out how it does it with "iptables" set up, I'm amazed that anyone can hack into Linux at all...

[Psycho_Bunny]

Linux is deffinatly harder to crack than Windows.

That being said, I don't have the slightest idea why anyone bothers with a software/in-box firewall.

Just spend the 50 bucks on a router/firewall and be done with it.

[no_mm]

Apple's MacOSX should be relatively secure too. I wonder why no test data on their XSERVE or OSX Server products in this test...?

running slackware and yellow dog here...

[backhoe]

That being said, I don't have the slightest idea why anyone bothers with a software/in-box firewall. Just spend the 50 bucks on a router/firewall and be done with it.

Precisely.

With all the malware and port scanning going on across the 'net, anyone not hiding behind hardware ( and maybe software ) firewalls is a fool, or maybe uninformed.

One attack, and all the conniptions you have to go through to correct it, will make a believer out of you.

And ditch Internet Exploder. Seriously.

Even that old copy of Netscape you have lurking on "coasters" around the house will attract less garbage.

Here's my Universal Help File of links:

---

 

Things you need--(all FREE)
Anti-Virus
AVG Anti-Virus version 7 (free) release available...

 Avast
Firewall
Kerio(Direct Download) Zone Alarm

 If are using zone alarm it may slow your PC. Try Outpost Firewall http://www.agnitum.com/products/outpost or Sygate Firewall http://www.sygate.com/ both have FREE and Pro versions and are heads above ZA.
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update- you must keep updated, it is the start of a secure system-
get all CRITICAL Updates

Things you want(Still Free)
 

  I use Firefox PR1 and IMHO, beats the sox off MS Explorer. Life is good with tabs. Click the link and give it a try.

Ad-Aware
Spybot S&D

SpywareBlaster
MS MVP Hosts file

Mike Lin's Homepage and get the Startup Control Panel and Startup Monitor tools.

 

The best forum for malware removal:

-SWI Forums-

 

 
http://www.freerepublic.com/focus/f-news/1315720/posts

 Microsoft Releases Anti-Spyware Beta 1 To Public Today.
Microsoft.com ^

[ShadowAce]

Just spend the 50 bucks on a router/firewall and be done with it.

Nah. I've got an old (Pentium 120) with Linux installed that acts as my firewall. Zero intrusions. Zero problems going out. I still have my $50.

But for those without old equipment lying around, it would be the best $50 one can spend.

[ShadowAce]

three running Red Hat 7.3 and one with Red Hat 9

All of these are obsolete. Get a newer (or even current) distro, and you'll be even safer.

[steve-b]

Its all about reducing the attack surface area. Turn all additional and enhanced features off by default.

That's the basic problem with Windows -- it ships with take-me-I'm-yours default settings that make Paris Hilton look like Mrs. Grundy.

[N3WBI3]

Psyco, what do you think those 50 dollar firewalls are running ;) They are running Linux and iptables. But its a good idea to layer your protection..

[N3WBI3]

RH9 is not all that bad, its the base for RHEL 2.1 which is not out of date and there are patches out there under Fedora Legacy..

[stainlessbanner]

I run/ran 7.3 and 9. Switched to core 2, running suse now. next box will be gentoo

[explodingspleen]

All of these are obsolete. Get a newer (or even current) distro, and you'll be even safer.

Actually, if security is your chief priority it's better not to use a current distro. The advantage of running an older distro is that at this point they have been thoroughly audited and are unlikely to have hacker-known vulnerabilities. If go with the bleeding edge, you get nifty new toys, but the trade off is that they haven't been as thoroughly debugged/security hardened as older software.

[ShadowAce]

The advantage of running an older distro is that at this point they have been thoroughly audited and are unlikely to have hacker-known vulnerabilities.

Unfortunately, one does not necessarily follow the other. Once the code is audited and the fixes found, they are usually put into later versions, with recommendations that the user upgrade to the latest version. This usually happens in the kernel.