intrusion detected

MrKnisely mrknisely at mrknisely.is-a-geek.org
Fri Aug 12 00:27:28 UTC 2005


Brian Walker wrote:

> Ah see now - I think we need a dedicted forum for discussing security 
> issues:
>
> On 8/11/05, *MrKnisely* < mrknisely at mrknisely.is-a-geek.org 
> <mailto:mrknisely at mrknisely.is-a-geek.org>> wrote:
>
>
>
>     What is worg with running FTPd?  I know usernames and passwords
>     are sent
>     plaintext, but what is the issue with simply having the daemon
>     running?
>     So long as you don't publish it to the internet and FTP from the
>     outside, I don't see a security issue here.
>
>
> I also failed to be so aware of security issues believing - falsely - 
> that linux would be less liable to intrusion.  Well, perhaps linux 
> systems are less liable to be broken into, BUT that does not mean that 
> we are safer, nor that the situation will not change as more people 
> get into linux and BSD and begin to try expanding geek horizins by 
> pinning our BIOS scalps to their firewalls.
>
> Merely installing a firewall is als NOT going to be sufficient, 
> especially if we adhere to the M$ concept of plug'n'play in the 
> forlorn hope things will work all the time, and rebooting if they do not.
>
> So, having been all virtuous, I now reveal that I have bought books on 
> firewalls, linux hardening, hacking and cracking and realise just how 
> ignorant I am. I am a newbie in things computer, despite many years of 
> practice and above-average skills in comparison to many others. 
> Seriously - it is onmly a matter of time before linux is targetted by 
> many more viruses and trojans, spyware and crackers. If we do not 
> start out with geek-credits and learn to protect our computers, we 
> will suffer.
>
> So - anyone up for creating a ubuntu security forum?
>
> Brian

I'm afraid I'm going to have to disagree with you here.  "[I]t is onmly 
a matter of time before linux is targetted by many more viruses and 
trojans, spyware and crackers," is true enough, but Linux is not near as 
succeptable to these issues.  Try dropping an executable file on Linux 
right away... Ok, difficut enough.  Now get that file to execute with 
root permissions so it can harm something other than normal user space.  
It's not going to happen, at least not easily.

Granted, they could get the user to do something stupid as root, but 
that would take some doing. 

Let's compare that to M$.  User goes to a website uses activeX to drop 
evil software on a system.  DONE.

Now, where the security issues lie is in services.  With Linux, it is 
VERY easy for any newbie to run services.  Let's say someone thinks it's 
a good idea to run an FTP server.  In itself, that's not a bad thing, 
but if this system is LIVE on the internet it has some very specific 
security risks.  It is unfortunate, but this is where OSS OSs (ha, that 
looks funny) flexibility can hurt people.  The one saving grace is that 
many of us run broadband routers with our Linux boxes, so it's not 
looking like it is going to be an epidemic.

For me, the thought that once Linux becomes more popular the problems 
will increase doe not hold water.  Last stats I read said that Apache 
has more than a 4 to 1 ratio on the internet.  Granted, just because it 
is running Apache doesn't mean it's Linux but odds are pretty good.  By 
definition these boxes are live on the Internet.  If you look at the 
serious penetrations on sites, most of the major issues are on IIS boxes. 

To be fair, most of those penetrations were due to misconfigurations by 
the ill-trained administrators of those IIS systems, but the out-of the 
box config on those IIS systems assisted in the penetrations too.

Systems are only as secure as you make them, but there is a starting 
poing.  ANY Linux install, strait off the disk will be MUCH more scure 
than an XP install.  I say that now, and I'll say that for the 
forseeable future.

Mike K.






More information about the ubuntu-users mailing list