Linux: Avenue for Windows Sneak Attack?
Any hole, irrespective of OS, is the weakest link.
- By Roberta Bragg
San Francisco — So, what the heck is this Windows security evangelist doing
at Linux World? That's the question I asked myself as I walked the Moscone Center
halls this week. I came because a friend of mine, John Terpstra of the Samba Team,
was launching a new book, "Hardening Linux." The other reason was because
any computer on the network can influence the security status of any other. It
would be a shame to know and apply every nuance of Windows security and ignore
the implications of Linux. Truth be told, a single unsecured Linux box can be
a network's downfall. It may become infected with a virus or worm, or compromised
with a Trojan or other attack then used either directly or indirectly to attack
your Windows computers.
The answer is not to ban Linux but to learn its strengths and weaknesses. Then
you can take steps to prevent such attacks from occurring or detect and reflect
them if they do. You can't do that in a vacuum or by poking around with the
OS; you certainly can't do that by asking questions in those newsgroups in which
"Linux is secure by default" is the daily mantra. Books are good sources
of information but can only take you so far. I've used these resources and more;
but for the big picture, I like conferences.
There's another reason for my attendance. At most Windows conferences —
even at Windows security conferences and at most information security conferences
— I'm just not finding much information on how to securely integrate mixed
operating systems. Very few networks are pure Windows. We've solved many of
the issues of integrating mainframes and minis, Unix and Linux and Windows.
But we haven't solved them all.
Among the biggest unanswered questions about integration is how to do it without
- When you add another OS, what security impact will it have on your data,
other OSs and applications?
- Will you have to loosen security to get these things to play well together?
- You know how to create a secure authentication policy in a Windows network,
but how can you maintain the same level of security when granting Windows
clients access to databases running on Linux?
- You've got the IPSec policy thing down, but can you make Linux and Windows
talk IPSec to each other? How can you ensure secure communications between
disparate boxes on the network?
Linux World didn't provide the answers to all these questions, but unlike many
conferences I've attended, it did acknowledge them. While there were many sessions
on only Linux-related themes, there were also sessions on integrating Linux
into an AD environment, the pitfalls of using Kerberos for authentication in
mixed environments, and keynotes painting pretty pictures of centralized policy
management for both Windows and Linux. In addition, many exhibited vendor products
stressed compatibility and integration capabilities. Everywhere I found people
eagerly talking about managing the heterogeneous enterprise.
For Windows-focused folks, here are some questions and answers for the Linux
boxes on your network:
- Should you provide antivirus products for you Linux systems? Yes.
- There aren't any viruses for Linux, are there? Wrong.
- Are virus writers using unprotected Linux boxes to spread Windows viruses
to your Windows boxes? Yes. According to Central Command (http://www.centralcommand.com/linux_products.html)
there are some 60 known viruses for Linux, though some aren't in the wild.
This isn't many, but isn't one virus packing a malicious payload one too many?
What if that one, gaining a foothold on that Linux box, proceeds to infect
Windows machines? What if saving Windows files to the Samba server spreads
infection? Windows boxes can be used to infect Linux, and Linux boxes can
be used to infect Windows — why would you ignore these possibilities?
Run antivirus on your Linux systems, especially on the Samba box.
- If you install Samba (http://www.samba.org)
on a Linux box and use it for file and print services for Windows clients,
can you lock down access to individual files? Linux file permissions are different
than NTFS file permissions. Samba, like many programs that make file and print
services available for both Linux and Windows clients, map permissions when
they're the same — such as Read — and fudges it when they're not.
You can secure files, but it's not going to be the same. Take a close look
in order to work out the best solution for your environment.
- How do you lock down multiple databases running on diverse platforms? How
do you monitor them for evidence of attack or compromise? IPLocks (http://www.iplocks.com)
has an answer. Its product, an assessment tool for Oracle, DB2, Sybase, Microsoft
SQL server and other databases, provides a list of clearly documented, potential
vulnerabilities. It alsohas a centralized log collection and evaluation component.
The system provides analysis and can send e-mail or pager alerts when suspicious
activity occurs. They don't advertise it as such, but to me it sounds like
an intrusion detection system for databases.
So, does a Windows security evangelist belong at Linux World? You betcha. I
went there expecting to ask questions of strangers, and found, to my delight,
that I could have conversations with new friends.
Roberta Bragg, MCSE: Security, CISSP, Security+, and Microsoft MVP is a Redmond contributing editor and the owner of Have Computer Will Travel Inc., an independent firm specializing in information security and operating systems. She's series editor for Osborne/McGraw-Hill's Hardening series, books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, Hardening Windows Systems.