New Linux tools and updates kept IT security hacks at bay in 2007. That said, new problems -- such as security risks in virtual machines -- cropped up last year. Here's my round-up of the big Linux security events, software releases and controversies that cropped up in 2007.

Continued discussion about the security of PHP
PHP security issues stayed on the radar in 2007, triggered by the resignation of Stefan Esser from the PHP Security Response Team. Esser developed the

Requires Free Membership to View

PHP hardening tool Suhosin and often engaged in fiery debate with the broader PHP community. In March, Esser's "Month of PHP" security bugs revealed 46 bugs in PHP, Zend and other elements of the framework.

Snort parent company Sourcefire acquires open source anti-virus tool ClamAV
The move caused some initial consternation and a flurry of questions in the ClamAV community. Sourcefire moved quickly to reassure users that the tool would remain open source and continue to be released under the GPL.

Snort version 3.0 is launched
Staying with Sourcefire, the long-awaited Snort version 3.0 was released in alpha. The new features in 3.0 included a new architecture and a command-line interface supported by an embedded programming language called Lua. The new version will also include the much anticipated protocol decoders for IPv6, MPLS, GRE and 802.1q. At this stage, Snort 3.0 is not ready to be used in production environments but is available for testing.

Virtual machine security
Despite developments in a number of Linux and open source virtual machine technologies such as Xen, QEMU, KVM and lguest, potential security issues for virtual machines went ignored. Many managers and administrators of virtualized environments seem to presume that security tools are not needed. Therefore, rootkits and malicious code running in virtual machines are often a threat, as they can be undetectable to security tools running on the underlying operating system.

A notable exception to this apparent lack of concern was made when Symantec released a report into security on both proprietary and open source virtual machines.

OpenID takes the next step
OpenID, the open source digital identity framework may have started to come into its own this year. Version 2.0 of the framework was released in December and the number of platforms, websites and development libraries supporting OpenID authentication continues to grow.

Samba 4 released
The next release of Samba, the open source file and print services provider for SMB/CIFS clients, was released in alpha. The biggest advance in Samba 4 is the implementation of the server-side components of Windows Active Directory. Whereas Samba 3 is happy as a member of Windows Active Directory domain, a Samba 4 server can actually function as a domain controller with domain join and logon services for clients. This release is a significant step forward for open source security and authentication interoperability.

The Honeynet project goes virtual
The Honeynet project is a collaborative open source project that aims to raise awareness of the threats and vulnerabilities that exist in the Internet. This year has seen significant advances in the project's capabilities including the release of HoneyMole a client-server honeynet application that allows the deployment of remote honeynet clients that report to a central server.

The SANS Top 20
This year's SANS Top 20 didn't contain any major security threats or revelations about the risks that currently exist. But one of the risks highlighted was the threat posed by unnecessary, unsecured and unauthenticated Unix services. SANS suggest that the risk can be mitigated by turning off unnecessary services, protecting hosts with firewalls, regular patching and the use of encryption and appropriate authentication.

The "storm bot"
Whilst not directly impacting Linux users, the "storm bot" and its sophisticated attack vectors, management infrastructure and somewhat polymorphic nature point to a disturbing new trend in bots and malware. It reminds those of us in the Linux community who have not been adversely affected by virus attack that threats are constantly evolving.

About the author: James Turnbull is the author of Pro Nagios 2.0. and Hardening Linux. A security architect for the National Australia Bank, James is the resident security expert for Recently, James discussed how to use iptables against SSH attacks

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.