Interview

Management central to securing Linux

Jan Stafford
What's the worst virus protection blooper that you've seen in the field? What were the results? How was the damage repaired?
Linux viruses are far and few between these days. Much

    Requires Free Membership to View

has to do with the fact that the popularity of Microsoft systems makes Windows a more attractive platform for virus writers, and Linux systems make it harder for malicious code to propagate since root access should be limited.

That said, we can still learn lessons from past viruses that affected Microsoft platforms. For example, an organization was so hard hit with Nimda that they had to revert back to backed-up copies of their systems. What they didn't realize is that the backed-up copies were not patched, and they were infected again with the virus.

The lesson here is that we should have strong recovery and backup procedures that take into account vulnerabilities and exploits in the world. Also, we may see more well-crafted viruses that can damage Linux systems in the future, especially with the link to the Windows world with things like Samba and NFS. What are some common mistakes that administrators make in implementing and managing antivirus measures?
Not making sure that signatures are updated, discovering new assets in the organization or knowing all the vulnerabilities on those assets.

As Linux starts playing on the enterprise stage, management becomes important. Central administration of Linux security needs to be addressed to ensure consistent and timely protection of systems.
Gijo Mathew
Security strategistComputer Associates
Considering hackers' creativity, can antivirus software ever be counted on to stop viruses? Aren't systems administrators chained forever to patching?
Antivirus packages are definitely not enough. The mantra of security professionals these days is the concept of defense in-depth. This can be directly applied to Linux systems. Antivirus is not enough, and patching can be an onerous task. Understanding the vulnerabilities on a system and quickly fixing them is one method to stay ahead of hackers and malicious code.

A second option is to be more proactive. Prevention methods have gained much airtime in the industry lately, but it really comes down to better access controls and enforcement of system functions. Ensuring the right person or process has access to the right resources and denying all other operations are proactive ways to protect your Linux systems. What enterprise-level security applications have been missing from Linux? Is this gap being closed?
As Linux starts playing on the enterprise stage, management becomes important. Central administration of Linux security (different versions and different platforms) needs to be addressed to ensure consistent and timely protection of systems. Asset-based vulnerability management has been lacking on most Linux platforms and needs to be addressed to accurately assess the exploit status of Linux systems.

The gap is narrowing. When we see articles and tips for securing Linux systems today, we run into a plethora of open source tools. These tools each provide a function like root control, log enhancements, policy monitoring, etc. These functions tactically fill a security checkmark, but in practice are difficult to manage. The fragmentation of tools makes it almost impossible to ensure consistency as Linux deployments become more pervasive.

Gijo Mathew
What are the most common security mistakes being made by IT managers today?
It still has to be the lack of asset management that IT administrators have. If queried, most people still do not have an accurate inventory of the systems they have and what applications and other software they are using on those platforms. Without this information, you can never know what needs to be secured and what may be vulnerable.

Another common mistake is using bad and easy-to-crack passwords. All too often, I have walked into companies and noticed their systems have the user ID of 'root' and a password of 'password.' Making sure that the keys to the kingdom are not easy to find is an obvious, but often overlooked task.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: