The State of Linux Security Doc Shankar Linux Technology Center IBM Austin
by user
Comments
Transcript
The State of Linux Security Doc Shankar Linux Technology Center IBM Austin
The State of Linux Security Doc Shankar Linux Technology Center IBM Austin 04/16/04 Doc Shankar 1 Myths or Realities? • Linux is not as secure as other operating systems. • Open Source is more secure. • Linux can resist attacks better than other OS’ s. • It takes longer to fix security bugs in Linux. • Unix security is better than Linux security. • Linux cannot be certified. 04/16/04 Doc Shankar 2 Agenda • • • • • • • • • Linux Security Options Enterprise Security Problem Is Open Source more Secure? How does one get attacked? Linux Security Today Open Source Linux Security Initiatives IBM Linux Security Strategy Customer Role Securing Linux Servers 04/16/04 Doc Shankar 3 Linux Security Options LSM DAC VPN Nessus Open SSL IPSEC Physical Access SELinux Open SSH Password Open SSL LIDS Smart Card PAM Token Open LDAP Hook Verification Open CA Kerberos H/W Crypto MAC Bastille PKCS#11 Wizard Certificate NIAP CC Secure Distro Hardening Snort TCP Wrapper Tripwire Shorewall Astaro freeav RSBAC 04/16/04 Doc Shankar 4 Total Security Problem AS/400® S/390® UNIX NT Security Management Mission-Critical Servers Proxy-Server Workload Management Core Network Web Servers Certificate Authority Backup Restore Single Sign-on Security Auditing Internet Access Firewall Perimeter Network Merchant Server Intrusion Detection VPN Active Content E-Mail Filtering PC Security Access Network Customers PC Anti-Virus 04/16/04 Doc Shankar Suppliers Distributors Business Partners Mobile Employees 5 Enterprise Security Problem • • • • • • • • Increasing Vulnerabilities Virus Attacks Insufficient Physical Security Asset/Data Protection Protecting the Privacy of Customer Data Intrusions DDoS Patch Management 04/16/04 Doc Shankar 6 What’s Different About Linux Security? Source code availability – Most programmers take extra precautions – Community inspection/review – Community audit Patch speed • – One example – Network Time Demon(ntpd) – Open source distributors released workaround/fixes within hours – Other vendors took days Community participation • – Lot of interest from research community – Hard for one vendor to do this – Large/talented community has spanned interesting projects Maturing lot faster than UNIX security • Cryptography comparison • – Crypto is hard to do right – the only way is to keep open – The only way to tell good crypto from bad crypto is to have it examined by experts – Open source crypto algorithms are strong – e.g, DES, AES – Open crypto is not only better – it’ s cheaper (AES is free) Comparison to secure protocols • – (Same points as above) ) – Open design is better (SSL, IPSEC, TLS, S.MIME, SET,… 04/16/04 Doc Shankar • 7 Is Open Source More Secure? • Simply publishing code does not mean people will examine it for security flaws. • Security researchers are fickle and busy people. • There are many Open Source libraries that no one has ever heard of, and no one has ever evaluated. • Bad guys have access to code. • So, while Open Source is a good thing, it is NOT a guarantee for security. • On the other hand, Linux has been looked at by a lot of very good security engineers. 04/16/04 Doc Shankar 8 Attack Categories • Unsafe Programs • Misconfigured Programs • Buggy Programs – – – – 04/16/04 Buffer Overflows Parsing Errors Formatting Errors Bad input to cgi bin • Malicious Programs – – – – – Trojans Virus Worms Rootkits DoS/DDoS • People – Social Engineering – Weak passwords – Sloppy Admins. Doc Shankar 9 Where Is Linux Security Today? • • • • • Linux can be secured as well as any other OS (with proper patching, configuration & hygiene) Linux has achieved CAPP certification Linux has achieved EAL3+ certification LSM hooks and SELinux in 2.6 kernel Lots of good free security software – Snort, Astaro, freeav,Open SSH, Open SSL, SELinux,Tripwire, Nessus,............ • Lots of good paid software – Tivoli, CA, WireX,............ • Main distros concerned and handling security well – Red Hat, SuSE, Mandrake, Turbo,... • Secure distributions exist – Immunix, Engarde, Trustix, Commercial SELinux,.... 04/16/04 Doc Shankar 10 Linux Security Initiatives • Security Certification* – – – – • – – – – – – OpenCryptoki* HW crypto acceleration* FIPS 1402** TCG' s TPM/TSS Implementation* • – – • Open SSL** Open SSH IPSec** Base Security** – LSM** – Audit * – EIM* – Kerberos** – PKI** 04/16/04 SELinux** MLS** Secure Configuration** – – • • • Encrypted File System* Identity management** Firewall Antivirus IDS** Security Scanners Mandatory Security** Networking Security** – – – • Common Criteria EAL2+ achieved* CAPP/EAL3+ achieved* Working CAPP/EAL4+* Trusted Computing* – • Applications Security** Crypto* – – – • • Bastille** Security Planner* Vulnerability reduction/reporting** Secure Programming** Verification Tools* – – – Doc Shankar Vali* Gokyo* UT tool** * IBM Leading ** IBM Participating 11 IBM Linux Security Strategy • • • • • • • • • Ensure Linux meets the security needs of an enterprise and the IBM Brands Ensure Linux platform security is synergistic with IBM and other vendor middleware security Contribute security enhancements to the Linux open source communities where it makes sense Work aggressively with the distributors to release the appropriate security enhancements Ensure adequate processes are being followed to obtain higher levels of security certification Work closely with the government & marketplace to formulate Linux security requirements Ensure synergy with IGS security offerings Ensure synergy between LTC & platformspecific activities Ensure IBM & Linux security strategies are complimentary 04/16/04 Doc Shankar 12 Customer Role • • • • • • • • Define Security Policy Implement Secure Solution to meet policy Ensure Secure Configuration Patch Management Strategy/Execution Secure Administration Client Policy Enforcement User Training Ensure adequate physical security 04/16/04 Doc Shankar 13 How Do I Secure My Linux Server? • • • • • • • • • • Patch/upgrade strategy Set UID/Set GID programs Limit privileged accounts – superuser Password policy Unused services/ports – turn them off Insecure services – use secure version Intelligent and secure logging – “ overapplied/underutilized” Secure configuration Applications security – vulnerable CGI programs, buffer overflows Kernel security – patches, specialized kernels, LSMs,… .. – Industry (LIDS, SELinux, Owl,…..) – Commercial (Pitbull, HPLX, Immunix, Engarde, Trustix,……….) • Use of tools – 100s of tools available – Nmap, ethereal, snort, port sentry, nessus, saint, sara, tripwire,………….. 04/16/04 Doc Shankar 14