Article from Security Wire Perspectives, Vol. 6, No. 19, March 8, 2004.
The increased reliability and potentially better security of Linux is tempting more than a few frustrated Windows shops to consider jumping ship to the popular open-source OS.
You'll need competent Linux admins and managers to deploy and maintain secure systems. This is critical, since the security of any system is directly proportional to the abilities and experience of the people operating them.
While there are a number of things you'll want your Linux admins to know, they should have the following security-specific skills.
--OS Hardening. This involves reconfiguring core settings, deactivating unneeded programs and tuning the remaining services for better security. In Linux implementations, this also can involve configuring the embedded system-level firewall. These steps will mitigate most known vulnerabilities and neutralize most attacks -- up to 97% in some lab tests.
Freeware applications and tools like Bastille Linux, Titan and the Center for Internet Security's (CIS) Unix security scoring tool help audit the hardening work once it's done. CIS's Linux Benchmark and books like "Building Secure Servers with Linux" are practical, step-by-step guides for hardening Linux and Unix systems.
--System Assessment. Once an OS is hardened, a sysadmin must be able to determine if it has been attacked or compromised. System assessments start with creating a baseline of the normal system and then checking the system against the baseline on a regular basis. This assessment might begin with looking at what programs are running, what user context they're running under, what files they have open, and what their level of resource consumption is.
This process is both highly technical and somewhat intuitive, thus requiring experience and knowledge. A sysadmin must know what information is important and how to gather that information. Experience will tell a sysadmin when something is amiss. Technical skills come into play to discover if the problem is really an attacker or just a system failure, such a faulty hard drive or overloaded application.
--Intelligence Gathering. Next, your sysadmin must be able to gather and manage intelligence specific to your systems' security. A Linux admin needs to know what techniques are used by both attackers and defenders. He must be able to follow the trend data to keep up to date with current attacks. This helps an organization adapt its defensive posture to changing threat conditions.
Of course, security intelligence directly feeds into the first two skill sets. A good Linux or security admin will check sites such as SecurityFocus and Incidents at least once per day for alerts and advisories. Security newsletters published by supporting vendors and media outlets help admins keep up with threat trends.
Where will you get people with such skills? Believe it or not, a good place to start is with your Windows admins, many of whom are closet Linux geeks or have experience on Linux systems. They'll also have a firm understanding of hardening systems, since locking down Windows boxes before they go into production is nearly a necessity.
JAY BEALE is the lead developer of the Bastille Linux project.
Security Wire Perspectives is published by Information Security, the industry's leading magazine for security news and information, and SearchSecurity.com, the Web's best security-specific information resource for enterprise IT professionals.
The increased reliability and potentially better security of Linux is tempting more than a few frustrated Windows shops to consider jumping ship to the popular open-source OS.
You'll need competent Linux admins and managers to deploy and maintain secure systems. This is critical, since the security of any system is directly proportional to the abilities and experience of the people operating them.
While there are a number of things you'll want your Linux admins to know, they should have the following security-specific skills.
--OS Hardening. This involves reconfiguring core settings, deactivating unneeded programs and tuning the remaining services for better security. In Linux implementations, this also can involve configuring the embedded system-level firewall. These steps will mitigate most known vulnerabilities and neutralize most attacks -- up to 97% in some lab tests.
Freeware applications and tools like Bastille Linux, Titan and the Center for Internet Security's (CIS) Unix security scoring tool help audit the hardening work once it's done. CIS's Linux Benchmark and books like "Building Secure Servers with Linux" are practical, step-by-step guides for hardening Linux and Unix systems.
--System Assessment. Once an OS is hardened, a sysadmin must be able to determine if it has been attacked or compromised. System assessments start with creating a baseline of the normal system and then checking the system against the baseline on a regular basis. This assessment might begin with looking at what programs are running, what user context they're running under, what files they have open, and what their level of resource consumption is.
This process is both highly technical and somewhat intuitive, thus requiring experience and knowledge. A sysadmin must know what information is important and how to gather that information. Experience will tell a sysadmin when something is amiss. Technical skills come into play to discover if the problem is really an attacker or just a system failure, such a faulty hard drive or overloaded application.
--Intelligence Gathering. Next, your sysadmin must be able to gather and manage intelligence specific to your systems' security. A Linux admin needs to know what techniques are used by both attackers and defenders. He must be able to follow the trend data to keep up to date with current attacks. This helps an organization adapt its defensive posture to changing threat conditions.
Of course, security intelligence directly feeds into the first two skill sets. A good Linux or security admin will check sites such as SecurityFocus and Incidents at least once per day for alerts and advisories. Security newsletters published by supporting vendors and media outlets help admins keep up with threat trends.
Where will you get people with such skills? Believe it or not, a good place to start is with your Windows admins, many of whom are closet Linux geeks or have experience on Linux systems. They'll also have a firm understanding of hardening systems, since locking down Windows boxes before they go into production is nearly a necessity.
JAY BEALE is the lead developer of the Bastille Linux project.
Security Wire Perspectives is published by Information Security, the industry's leading magazine for security news and information, and SearchSecurity.com, the Web's best security-specific information resource for enterprise IT professionals.
No comments:
Post a Comment