Content

When the root is the problem

It goes without saying that as multi-child parents raise their kids, they learn more with each child. The same is true with developers within the open source community. Since the early days when UNIX was free, with developer tools readily available, open source developers feasted on each other's creativity and work ethic. Now, some 20-plus years later, the growth of Linux, like a younger sibling, is turning heads.

As Linux matures, vulnerabilities are found, and as attacks grow on the operating system, the question that needs to be answered is: can it cope? According to the Aberdeen Group and others, Microsoft does not have the worst track record when it comes to security vulnerabilities. About one out of every two CERT security advisories this year was for open source and Linux software.

In the fight against malicious code writers, the open source community is at a disadvantage – no single company is responsible for security patches when vulnerabilities arise. High-profile security incidents are typically dealt with in a timely manner, but the lesser known, although still potentially damaging, vulnerabilities occasionally get put on the back burner.

Protecting the special "root"

The target of any Linux system is a special account called root. When access to root is surrendered, the user has full permission over the system – they can do anything. The root account allows the user to perform any command and access any data. Buffer overflow and distributed denial-of-service attacks typically result in access to the root account. Once in root, hackers can create backdoors and install root kits on many systems to come back again and again. In a recent survey conducted by UNIX/Linux security provider Symark, more than 60 percent of the companies with Linux platforms do not have a solution to manage root administrative privileges. Of those that have implemented password/login solutions, two out of three use native services which have limited security.

With the many benefits of the Linux operating system come multiple shortcomings in its native security services. Linux uses an "all or nothing" security model, as opposed to the more advanced multi-tiered security program. If compromised, native security surrenders full access via root. Once inside, a user can gain access to other machines via services like ftp or UseNet without authenticating themselves.

Not every attack is external. Many security threats can come from inside the network. Gartner Group estimates 70 percent of network security incidents involve those inside the corporate firewall. Whether intentional or accidental, incidents caused within the network can be extremely harmful. Native services do little to combat these events.

Linux services offer no accountability for users and lack detailed logging capabilities. There is no delegation of privileges within Linux, thereby offering full rights to anyone who has access to the machine. File systems, processes and system administration are left unprotected by native services.

Securing Linux outside native services

Finding alternative solutions that will offer enhanced root security, for both internal and external incidents, is the first step in securing Linux platforms.

Implementing tiered security for systems includes the ability to delegate account administrative privileges on a per-user basis, controlling access to files and directories, comprehensive logging mechanisms for input and output, and a central tool for authorization management across heterogeneous Linux and UNIX networks (if applicable). Additional levels of security to consider in Linux systems include granular login control and password management.

In a world that requires increasing security, Linux systems tied into corporate networks cannot be overlooked. As the Linux platform continues to make tracks in the industry, users need to start considering appropriately securing their Linux machines and root.

Using the proper tools, internal threats and external vulnerabilities can be rebuffed. Controlled access to services and functions within Linux, and most of all root, will result in stronger Linux security inside the network.

 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.