Management central to securing Linux

After performing more security assessments than he can count, Gijo Mathew has seen every worst practice imaginable. He's even seen an IT shop replace virus-violated data with an unpatched backup that succumbed to the same virus. A security strategist for Computer Associates International Inc., Mathew has 10 years of experience in software development, computer technology, networks and security.

In part one of this two-part interview, he lists the worst security practices he has encountered, and provides some advice to security administrators who might be straying from the right patch, or path. In Part Two, he digs into mistakes made in assessing control management, handling super user privileges and seeing suspicious activity, among other areas.

What's the worst virus protection blooper that you've seen in the field? What were the results? How was the damage

repaired? Linux viruses are far and few between these days. Much has to do with the fact that the popularity of Microsoft systems makes Windows a more attractive platform for virus writers, and Linux systems make it harder for malicious code to propagate since root access should be limited.

That said, we can still learn lessons from past viruses that affected Microsoft platforms. For example, an organization was so hard hit with Nimda that they had to revert back to backed-up copies of their systems. What they didn't realize is that the backed-up copies were not patched, and they were infected again with the virus.

The lesson here is that we should have strong recovery and backup procedures that take into account vulnerabilities and exploits in the world. Also, we may see more well-crafted viruses that can damage Linux systems in the future, especially with the link to the Windows world with things like Samba and NFS. What are some common mistakes that administrators make in implementing and managing antivirus measures?
Not making sure that signatures are updated, discovering new assets in the organization or knowing all the vulnerabilities on those assets.

As Linux starts playing on the enterprise stage, management becomes important. Central administration of Linux security needs to be addressed to ensure consistent and timely protection of systems.
Gijo Mathew
Security strategistComputer Associates
Considering hackers' creativity, can antivirus software ever be counted on to stop viruses? Aren't systems administrators chained forever to patching?
Antivirus packages are definitely not enough. The mantra of security professionals these days is the concept of defense in-depth. This can be directly applied to Linux systems. Antivirus is not enough, and patching can be an onerous task. Understanding the vulnerabilities on a system and quickly fixing them is one method to stay ahead of hackers and malicious code.

A second option is to be more proactive. Prevention methods have gained much airtime in the industry lately, but it really comes down to better access controls and enforcement of system functions. Ensuring the right person or process has access to the right resources and denying all other operations are proactive ways to protect your Linux systems. What enterprise-level security applications have been missing from Linux? Is this gap being closed?
As Linux starts playing on the enterprise stage, management becomes important. Central administration of Linux security (different versions and different platforms) needs to be addressed to ensure consistent and timely protection of systems. Asset-based vulnerability management has been lacking on most Linux platforms and needs to be addressed to accurately assess the exploit status of Linux systems.

The gap is narrowing. When we see articles and tips for securing Linux systems today, we run into a plethora of open source tools. These tools each provide a function like root control, log enhancements, policy monitoring, etc. These functions tactically fill a security checkmark, but in practice are difficult to manage. The fragmentation of tools makes it almost impossible to ensure consistency as Linux deployments become more pervasive.

Gijo Mathew
What are the most common security mistakes being made by IT managers today?
It still has to be the lack of asset management that IT administrators have. If queried, most people still do not have an accurate inventory of the systems they have and what applications and other software they are using on those platforms. Without this information, you can never know what needs to be secured and what may be vulnerable.

Another common mistake is using bad and easy-to-crack passwords. All too often, I have walked into companies and noticed their systems have the user ID of 'root' and a password of 'password.' Making sure that the keys to the kingdom are not easy to find is an obvious, but often overlooked task.

Dig deeper on Linux system security best practices

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close