Security Watch

Linux: Avenue for Windows Sneak Attack?

Any hole, irrespective of OS, is the weakest link.

• By Roberta Bragg
• 08/09/2004

San Francisco — So, what the heck is this Windows security evangelist doing at Linux World? That's the question I asked myself as I walked the Moscone Center halls this week. I came because a friend of mine, John Terpstra of the Samba Team, was launching a new book, "Hardening Linux." The other reason was because any computer on the network can influence the security status of any other. It would be a shame to know and apply every nuance of Windows security and ignore the implications of Linux. Truth be told, a single unsecured Linux box can be a network's downfall. It may become infected with a virus or worm, or compromised with a Trojan or other attack then used either directly or indirectly to attack your Windows computers.

The answer is not to ban Linux but to learn its strengths and weaknesses. Then you can take steps to prevent such attacks from occurring or detect and reflect them if they do. You can't do that in a vacuum or by poking around with the OS; you certainly can't do that by asking questions in those newsgroups in which "Linux is secure by default" is the daily mantra. Books are good sources of information but can only take you so far. I've used these resources and more; but for the big picture, I like conferences.

There's another reason for my attendance. At most Windows conferences — even at Windows security conferences and at most information security conferences — I'm just not finding much information on how to securely integrate mixed operating systems. Very few networks are pure Windows. We've solved many of the issues of integrating mainframes and minis, Unix and Linux and Windows. But we haven't solved them all.

Among the biggest unanswered questions about integration is how to do it without compromising security.

• When you add another OS, what security impact will it have on your data, other OSs and applications?
• Will you have to loosen security to get these things to play well together?
• You know how to create a secure authentication policy in a Windows network, but how can you maintain the same level of security when granting Windows clients access to databases running on Linux?
• You've got the IPSec policy thing down, but can you make Linux and Windows talk IPSec to each other? How can you ensure secure communications between disparate boxes on the network?

Linux World didn't provide the answers to all these questions, but unlike many conferences I've attended, it did acknowledge them. While there were many sessions on only Linux-related themes, there were also sessions on integrating Linux into an AD environment, the pitfalls of using Kerberos for authentication in mixed environments, and keynotes painting pretty pictures of centralized policy management for both Windows and Linux. In addition, many exhibited vendor products stressed compatibility and integration capabilities. Everywhere I found people eagerly talking about managing the heterogeneous enterprise.

For Windows-focused folks, here are some questions and answers for the Linux boxes on your network:

• Should you provide antivirus products for you Linux systems? Yes.
• There aren't any viruses for Linux, are there? Wrong.
• Are virus writers using unprotected Linux boxes to spread Windows viruses to your Windows boxes? Yes. According to Central Command (http://www.centralcommand.com/linux_products.html) there are some 60 known viruses for Linux, though some aren't in the wild. This isn't many, but isn't one virus packing a malicious payload one too many? What if that one, gaining a foothold on that Linux box, proceeds to infect Windows machines? What if saving Windows files to the Samba server spreads infection? Windows boxes can be used to infect Linux, and Linux boxes can be used to infect Windows — why would you ignore these possibilities? Run antivirus on your Linux systems, especially on the Samba box.
• If you install Samba (http://www.samba.org) on a Linux box and use it for file and print services for Windows clients, can you lock down access to individual files? Linux file permissions are different than NTFS file permissions. Samba, like many programs that make file and print services available for both Linux and Windows clients, map permissions when they're the same — such as Read — and fudges it when they're not. You can secure files, but it's not going to be the same. Take a close look in order to work out the best solution for your environment.
• How do you lock down multiple databases running on diverse platforms? How do you monitor them for evidence of attack or compromise? IPLocks (http://www.iplocks.com) has an answer. Its product, an assessment tool for Oracle, DB2, Sybase, Microsoft SQL server and other databases, provides a list of clearly documented, potential vulnerabilities. It alsohas a centralized log collection and evaluation component. The system provides analysis and can send e-mail or pager alerts when suspicious activity occurs. They don't advertise it as such, but to me it sounds like an intrusion detection system for databases.

So, does a Windows security evangelist belong at Linux World? You betcha. I went there expecting to ask questions of strangers, and found, to my delight, that I could have conversations with new friends.