March 6, 2000

Printer ready

Linux Security:
Open-Source Software Doesn't Have To Be Unsafe
Turn Linux's open-source nature to your company's advantage

By Oliver Rist

Related links:

Linux Toolbox

And from our sister publications:

PlanetIT Linux Technology Center

TechEncyclopedia

Need a definition of a technology term? Look it up here:

Send Us Your Feedback

sking questions about Linux's security features can bring a stream of hotly disputed and widely varying responses. Linux proponents remind everyone of the operating system's similarities to Unix and that Unix is the most secure operating system. Others point out that Linux isn't actually Unix and, as a result, suffers from security vulnerabilities not found in its older sibling.

Some people won't address Linux's nuts-and-bolts security measures at all. Rather, these folks are afraid of its open-source coding philosophy. They suspect that most open-source software is programmed by hacker or cracker types, and that these nefarious folks leave back doors in their software so they can get back into it later--after it's running something critical for someone's company.

If you're tempted to move to Linux but are afraid of precisely this kind of danger, you can do little to prevent it on a technical level outside of some reverse coding of your own to determine if your prospective software does indeed have any back doors. Alternatively, you could contact the software's creators and voice your concerns. Seeing how they respond could go a long way to easing or confirming your fears.

On the other hand, you could embrace the open-source model as a benefit, rather than as a threat to security. Linux's security benefits from its similarities to Unix. Once "hardened," Unix can turn into a near-impenetrable operating system. Its philosophy of coding small applications in a single-function architecture and linking them via scripting also helps avoid the security loopholes often found in larger applications.

Open-source applications add another potential benefit to this mix: openly available source code. For those who are truly after total security, the ability to grab an application or operating system's source code and modify it to meet their own requirements can have an amazing impact on system security. Again, however, this ability is a double-edged sword. Those who don't have the time or skill to modify an application to suit themselves are left at the mercy of whatever the open-source designer built into the program.

Is this really such a threat? After all, you can't get access to commercial software source code, either. As long as you know who designed the software you're using, their liability for malicious coding is the same as if they were designing commercial software. Make sure you test new open-source software just as you would commercial software. If possible, have a Linux-savvy programmer check the application's source code for possible security problems. These two steps alone should greatly decrease your chances of encountering security problems with either Linux or open-source applications.

Does this mean network administrators have no way of securing a general-purpose Linux server without resorting to close scrutiny of the source code? No. As with any operating system, a systems administrator can take a number of steps to keep a Linux machine running strong in the face of hostile intentions.

Those running a Linux box as a primary server should carefully watch Samba, which lets Linux mimic the file and print services of Windows NT and similar services, and domain name system services at first. Running your DNS service off Linux is definitely a performance bonus, but administrators need to be aware of the sheer amount of data about their networks that's available to someone who gains access to the DNS server.

DNS servers, such as the popular BIND-8 (Berkeley Internet Name Domain) used on many Linux machines, divide a network into zones, each with its own DNS naming properties. Often, these properties provide detailed information about the nodes in that zone of the network--not something you want everyone accessing. A good way to begin securing your Linux installation is to restrict not only access to the BIND server, but also to whom the BIND server will give information. You can accomplish this by becoming familiar with BIND configuration files.

LINUX SECURITY RESOURCES
Linux Vendors www.redhat.com www.caldera.com www.turbolinux.com	The best place to start when securing a Linux system is your Linux vendor. Make sure you keep tabs on its Web site for information on patches to the operating systems and other libraries--often thse changes have security implications. Most vendors also maintain how-to guides on securing their particular implementations.
CERT Coordination Center www.cert.org	.Carnegie Mellon's CERT Coordination Center generally contains the most up-to-date listing of known security threats. In particular, it offers a prodigious collection of information on BIND- and Samba-specific issues.
Linux Online www.linux.org	Linux Online provides detailed guides on creating and configuring Linux as a proxy server and other security-specific configurations.
Planet IT Security Tech Center www.planetit.com/ techcenters/security	CMP Media's Planet IT has a technology center devoted to security topics. Covering security technologies, reviews of security products, and related news, it's an excellent resource for dealing with networkwide security issues.
Sendmail Consortium www.sendmail.org	Sendmail--the E-mail service bundled in Linux-exposes a surprising number of security vulnerabilities, including the ability to relay, or "pipe," the contents of E-mail messages to other programs on your server.

The newest version of BIND has updated its support for logging. It lets network administrators who take the time to become familiar with BIND configuration modify its default logging criteria to show almost all DNS activity on the network. Admittedly, this could turn into a large volume of data, but that's a small price to pay for those interested in real security.

Samba is another potentially powerful tool. Most people are under the impression that Samba provides Linux with connectivity only to other network operating systems such as Windows NT and NetWare. But it's capable of more. Samba 2.0 not only talks to NT, but takes the place of an NT primary domain controller. In a conventional NT network, the primary domain controller acts as the central authentication server for the entire network, administering not only global user authentication but also domain trust relationships. By using Samba in this fashion, Linux administrators can decrease the amount of loopholes in a mixed Linux-NT installation.

Another must-have in any Linux installation is one of the widely available open-source scanning applications. A security scanner lets a network administrator scan the network for possible signs of intrusion or other malicious mischief. Some of these scanning tools, such as Nessus (www.nessus.org), can even look for security vulnerabilities across multiple operating systems. That way, Linux administrators can scan their entire networks, rather than just their Linux nodes, all at once.

Finally, the best way to ensure safety in the Linux world is to take the time necessary to understand the operating system. Many Windows users have criticized Linux in this regard, saying the operating system is much harder to use than Microsoft's software. In reality, building a really secure NT server requires as much in-depth knowledge of the operating system as it would under Linux. There's no getting around it: Security means becoming intimately familiar with your operating systems of choice--or at least hiring people who are.

Once you know more about Linux, you'll be able to deviate more comfortably from default installations. That can be a huge security gain, because removing unwanted or unneeded applications and processes from your Linux server always means closing a door on a potential security hazard. Indeed, understanding what network services are enabled by default is key to securing any network host. In addition to exposing too much network information through DNS, other services, Remote Procedure Calls in particular, can expose critical information about your hosts that you don't want outsiders to know. As a rule, if you don't explicitly need a network service, disable it--or better yet, remove it from your hosts.

Learning more about Linux also means you'll become more familiar with the security options already inherent in Linux, such as its ability to be converted easily into an IP firewall or proxy server.

In a practical sense, Linux's open-source foundation also confers another security benefit. Realistically, few companies can rigorously review every line of source code in an operating system to locate security weaknesses. Just as the open collaborative development model makes Linux such a success, the same effect lets all Linux users benefit from the security reviews of programmers throughout the world. Because so many eyeballs have examined parts of the Linux source code, there's a far greater chance that security flaws will be found and fixed.

The bottom line: Open-source software represents a few more unknowns than traditional commercial software-- but with a little time and effort, you can turn those unknowns into custom advantages to keep your network safer than ever.

Oliver Rist is editor of the Planet IT Systems Management Tech Center and a contributing technical editor for InternetWeek. He can be reached at orist@grand-central.net.

Back to Labs
Send Us Your Feedback
Top of the Page

---