...

The State of Linux Security Doc Shankar Linux Technology Center IBM Austin

by user

on
Category: Documents
53

views

Report

Comments

Transcript

The State of Linux Security Doc Shankar Linux Technology Center IBM Austin
The State of Linux Security
Doc Shankar
Linux Technology Center
IBM Austin
04/16/04
Doc Shankar
1
Myths or Realities?
• Linux is not as secure as other operating systems.
• Open Source is more secure.
• Linux can resist attacks better than other OS’ s.
• It takes longer to fix security bugs in Linux.
• Unix security is better than Linux security.
• Linux cannot be certified.
04/16/04
Doc Shankar
2
Agenda
•
•
•
•
•
•
•
•
•
Linux Security Options
Enterprise Security Problem
Is Open Source more Secure?
How does one get attacked?
Linux Security Today
Open Source Linux Security Initiatives
IBM Linux Security Strategy
Customer Role
Securing Linux Servers
04/16/04
Doc Shankar
3
Linux Security Options
LSM
DAC
VPN
Nessus
Open SSL
IPSEC Physical Access
SELinux
Open SSH
Password
Open SSL
LIDS Smart Card
PAM
Token
Open LDAP
Hook Verification
Open CA
Kerberos
H/W Crypto
MAC
Bastille
PKCS#11
Wizard
Certificate
NIAP ­ CC
Secure Distro Hardening
Snort
TCP Wrapper
Tripwire Shorewall
Astaro
freeav
RSBAC
04/16/04
Doc Shankar
4
Total Security Problem
AS/400®
S/390®
UNIX
NT
Security
Management
Mission-Critical Servers
Proxy-Server
Workload
Management
Core Network
Web
Servers
Certificate
Authority
Backup
Restore
Single
Sign-on
Security
Auditing
Internet
Access
Firewall
Perimeter Network
Merchant
Server
Intrusion
Detection
VPN
Active
Content
E-Mail
Filtering
PC Security
Access Network
Customers
PC Anti-Virus
04/16/04
Doc Shankar
Suppliers
Distributors
Business Partners
Mobile Employees
5
Enterprise Security Problem
•
•
•
•
•
•
•
•
Increasing Vulnerabilities
Virus Attacks
Insufficient Physical Security
Asset/Data Protection
Protecting the Privacy of Customer Data
Intrusions
DDoS
Patch Management
04/16/04
Doc Shankar
6
What’s Different About Linux Security?
Source code availability
– Most programmers take extra precautions
– Community inspection/review
– Community audit
Patch speed
•
– One example – Network Time Demon(ntpd)
– Open source distributors released workaround/fixes within hours
– Other vendors took days Community participation
•
– Lot of interest from research community
– Hard for one vendor to do this
– Large/talented community has spanned interesting projects
Maturing lot faster than UNIX security
•
Cryptography comparison
•
– Crypto is hard to do right – the only way is to keep open
– The only way to tell good crypto from bad crypto is to have it examined by experts
– Open source crypto algorithms are strong – e.g, DES, AES
– Open crypto is not only better – it’ s cheaper (AES is free)
Comparison to secure protocols
•
– (Same points as above)
)
– Open design is better (SSL, IPSEC, TLS, S.MIME, SET,…
04/16/04
Doc Shankar
•
7
Is Open Source More Secure?
• Simply publishing code does not mean people will examine it for security flaws.
• Security researchers are fickle and busy people.
• There are many Open Source libraries that no one has ever heard of, and no one has ever evaluated.
• Bad guys have access to code.
• So, while Open Source is a good thing, it is NOT a guarantee for security.
• On the other hand, Linux has been looked at by a lot of very good security engineers. 04/16/04
Doc Shankar
8
Attack Categories
• Unsafe Programs
• Misconfigured Programs
• Buggy Programs
–
–
–
–
04/16/04
Buffer Overflows
Parsing Errors
Formatting Errors
Bad input to cgi bin
• Malicious Programs
–
–
–
–
–
Trojans
Virus
Worms
Rootkits
DoS/DDoS
• People
– Social Engineering
– Weak passwords
– Sloppy Admins.
Doc Shankar
9
Where Is Linux Security Today?
•
•
•
•
•
Linux can be secured as well as any other OS (with proper patching, configuration & hygiene)
Linux has achieved CAPP certification
Linux has achieved EAL3+ certification
LSM hooks and SELinux in 2.6 kernel
Lots of good free security software
– Snort, Astaro, freeav,Open SSH, Open SSL, SELinux,Tripwire, Nessus,............
•
Lots of good paid software
– Tivoli, CA, WireX,............
•
Main distros concerned and handling security well
– Red Hat, SuSE, Mandrake, Turbo,...
•
Secure distributions exist
– Immunix, Engarde, Trustix, Commercial SELinux,....
04/16/04
Doc Shankar
10
Linux Security Initiatives
•
Security Certification*
–
–
–
–
•
–
–
–
–
–
–
OpenCryptoki*
HW crypto acceleration*
FIPS 140­2**
TCG'
s TPM/TSS Implementation* •
–
–
•
Open SSL**
Open SSH
IPSec**
Base Security**
– LSM**
– Audit *
– EIM*
– Kerberos**
– PKI**
04/16/04
SELinux**
MLS**
Secure Configuration**
–
–
•
•
•
Encrypted File System*
Identity management**
Firewall
Antivirus
IDS**
Security Scanners
Mandatory Security**
Networking Security**
–
–
–
•
Common Criteria
EAL2+ achieved*
CAPP/EAL3+ achieved*
Working CAPP/EAL4+*
Trusted Computing* –
•
Applications Security**
Crypto*
–
–
–
•
•
Bastille**
Security Planner*
Vulnerability reduction/reporting**
Secure Programming**
Verification Tools*
–
–
–
Doc Shankar
Vali*
Gokyo*
UT tool**
* IBM Leading ** IBM Participating
11
IBM Linux Security Strategy
•
•
•
•
•
•
•
•
•
Ensure Linux meets the security needs of an enterprise and the IBM Brands
Ensure Linux platform security is synergistic with IBM and other vendor middleware security
Contribute security enhancements to the Linux open source communities where it makes sense
Work aggressively with the distributors to release the appropriate security enhancements
Ensure adequate processes are being followed to obtain higher levels of security certification
Work closely with the government & marketplace to formulate Linux security requirements
Ensure synergy with IGS security offerings
Ensure synergy between LTC & platform­specific activities
Ensure IBM & Linux security strategies are complimentary
04/16/04
Doc Shankar
12
Customer Role
•
•
•
•
•
•
•
•
Define Security Policy
Implement Secure Solution to meet policy
Ensure Secure Configuration
Patch Management Strategy/Execution
Secure Administration
Client Policy Enforcement
User Training
Ensure adequate physical security
04/16/04
Doc Shankar
13
How Do I Secure My Linux Server?
•
•
•
•
•
•
•
•
•
•
Patch/upgrade strategy
Set UID/Set GID programs
Limit privileged accounts – superuser
Password policy
Unused services/ports – turn them off
Insecure services – use secure version
Intelligent and secure logging – “ over­applied/under­utilized”
Secure configuration
Applications security – vulnerable CGI programs, buffer overflows
Kernel security – patches, specialized kernels, LSMs,… ..
– Industry (LIDS, SELinux, Owl,…..)
– Commercial (Pitbull, HPLX, Immunix, Engarde, Trustix,……….)
•
Use of tools – 100s of tools available
– Nmap, ethereal, snort, port sentry, nessus, saint, sara, tripwire,…………..
04/16/04
Doc Shankar
14
Fly UP