Small Document about Security
here is a Small Document I once wrote about Security.
I thought people might be interested.
Well tell me what you think of it.
I hope its usefull.
I heard linux doesn't get viruses? whats that about?
Well, its true.
Linux doesn't get virus as Quicky as Windows or any other OS.
The reason for this is in Windows you are a admin user by default. So you can install Drivers and change files that start when the system starts.
If you write a virus you want it to start as the system starts. So you write the virus to look like a driver or that is has to start in another way.
Well, the reason why they cant run on Linux is. If you want to change the kernel. Or modprobe or compile them into the Kernel you need to be root.
To become root you need enter a password. In order to find that password you need to read a file that only Root can read.
So what happens. The Virus cant become root.
So, the max that a misc code can do is write files as the user. But he cant compile or execute anything.
(Dont forget that a Virus isn't a Destroying system program but a program that duplicates)
Well, Linux isn't 100% safe against misc code. You can still attack a Linux box in the following ways:
- Exploit a Service running on the box. Eg SSH. to gain root access.
- Execute a Lift attack as the user to become root and then do nasty things.
- Trick root into installing your trojan/virus (Well, its lame but its done.. Called a Social Engineer attack)
- Rootkits (I talk more about these later)
Well, to secure your linux box against all these threads you should do the following this:
- Keep to be up to date
- Run a HIDS. The idea of that is that you run a checksum every now-and-then on system files. When you do that you'll see when system files are changed or not.
- Be smart of what you install. Dont install files from random sites or trust everybody. When somebody says run "rm -f /" and you do that.. Well then you are just not ment to login as root..
- Run a rootkit scanner. eg. chkrootkit or rkhunter.
- Run a IPS, (Intrusion Prevention System)
Of course you should be careful with what you do on the Internet or on your pc.
But if you have a healthy mind and not login as root you'll be really secure on linux.
Another reason why Linux is more secure is since its open source.
Let me explain this.
When Cracker A finds a exploit in Windows he can keep that security hole a secret since he found it. Even if its really visable in the source Since there is only a small people who see it.
When Cracker B find a exploit in Linux he cant keep that security hole a secret. Since even if he doesn't tell anyone there are still a lot of people who see the source. So lots of people see the code. Also Company's like MS or Symantic make big updates for security holes, so a exploit will be in windows for a couple of weeks before it gets fixed. The open source groups see a exploit, fix it and make a update instantly.
As I said before Id tell you something about rootkits.
Well Rootkits are nasty.
A rootkit is like a Virus that can run on a couple of levels.
- Firmware Level
Its coded to be Firmware
- Kernel Level
Its coded to be a Kernel module
- Library Level
Its coded to act like a normal library
- Application Level
its Hardcoded in a program
The reason why a Rootkit is Nasty is since it protects it self from beeing removed.
It removes all write rights to itself so nobody can write to it. (or remove it) it protects itself with the security that is on the system itself.
What also is important is to have a Firewall.
Since getting in a system ain't that hard. Nor in Windows or in Linux.
To get in and gather info is really easy (Cross-Site-Scripting attacks(XSS)).
But that data has to come out again without installing something or changing something (Since you need to be root for that) so if there isn't a Firewall that blocks getting out your system is really open for Crackers.
Having no password for root or for sudo is really stupid as well. Don't do that.
So you might wonder now,
What is a save network then?
Simple answer: None. As long as there is Internet nothing is safe.
But you can secure it as much as possible