Asset Management, Cloud Security, Compliance Management, Patch/Configuration Management, Container security, DevSecOps, Endpoint/Device Security, Patch/Configuration Management, Vulnerability Management

How to Defend Linux from Attacks

Although Linux is still a fraction of the market share of Microsoft Windows and Mac OS X, its growth continues to accelerate.  Linux will continue to grow at compounded annual growth rate (CAGR) of 19.2% through 2027.  Some of the primary factors for this growth include:

  • Cloud computing infrastructure,
  • Containerization of applications, and
  • Microsoft’s support for a Linux kernel

With all of this positive news and momentum for Linux, it has also put Linux in the spotlight, and thus the attention of attackers.  No longer are attacks just focused on Windows or OS X.  Linux has seen its fair share of vulnerabilities over the past few years, including the recent sudo vulnerability and other Linux kernel vulnerabilities.  So how do we defend Linux from attacks?

We recently interviewed Brandon Edwards, Co-founder and Chief Scientist at Capsule8, on Application Security Weekly to discuss targeting, exploiting, and defending Linux.  Brandon discusses some of the biggest challenges with Linux, including:

  • The Linux Attack Surface, including the recent sudo vulnerability, distributions, binary dependencies, and other kernel vulnerabilities
  • Linux Exploitation Attacks, including kernel fuzzing and privilege escalation
  • Defending Linux, including static analysis of binaries/libraries, creating custom distributions, and continuous monitoring of Linux in runtime

Containerization also adds a few more interesting twists to Linux, including segmentation, root access, and container break out.  Brandon also discusses some of the things they are seeing with their honeypots, including no sudo vulnerabilities lately or the desire to break out of the container.  The orchestration layer of containers (i.e., Kubernetes) is where he sees the attack surface shifting, but it’s all about monitoring.

To see how Capsule8 can help defend your Linux infrastructure, watch the interview on Application Security Weekly here, watch their on-demand webcast, Preparing Linux Hosts for Unexpected Threats, or visit securityweekly.com/capsule8 for more information.

Matt Alderman

Chief Product Officer at CyberSaint, start-up advisor, and wizard of entrepreneurship.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.