Keeping Informed

To secure a system, you need to know its vulnerabilities. Your goal should be to stay as well-informed about Linux's vulnerabilities as the vandals are. Frankly, you won't be able to. You have a life and responsibilities, so the vandals who have nothing better to do will get ahead of you, and may compromise your system. Despite the difficulty, you should do your best to keep up-to-date about security problems.

There are several good sources of information about known security vulnerabilities:

• Your Linux vendor's website should have useful security information specific to your Linux distribution.

• General information about the bugs that create security vulnerabilities is available in the Bugtraq archive, which can be found on the web at http://www.securityfocus.com/.

• Security advisories are available from http://www.l0pht.com/, csrc.nist.gov, http://www.cert.org/, and other sites.

• A good site for Linux software updates and security hole announcements is http://www.freshmeat.com/.

• The SANS (System Administration, Networking and Security) Institute offers informative security newsletters that are delivered weekly via email. It also has a useful online reading room. These resources are available from its website http://www.sans.org/.

Track all of the problems that pertain to Linux, Unix, and Unix applications—all of these could affect your Linux server. Figure 12.1 shows an example of the Bugtraq archive at http://www.securityfocus.com/.

-igure 12.1: Searching the Bugtraq Archives

Figure 12.1 is the result of searching the Bugtraq Archives for the string Linux. Clicking a link takes you to the bug report, so you can read it and determine whether this bug is a threat to your system.

In addition to visiting the sites that report bug and security problems, visit the http://www.hackers.com/ website. It provides information about security exploits. The site gives you access to the same scripts that intruders use to attack your system. http://www.hackers.com/ gives a description of the exploit, the exploit technique, and the defense against the exploit. Use this information to make sure that your system is not vulnerable to the old attacks and to evaluate the new attacks as they appear in order to understand the vulnerabilities they exploit. In addition to providing descriptions of current exploits, this site gives information about what is currently going on in the network security world.

Figure 12.2 shows the Linux exploits report from http://www.hackers.com/ as it existed in June 2002. Clicking on View Exploit for any of the listed exploits takes you to a page that describes the exploit. From there, you can follow links to pages that tell you how to exploit the vulnerability and to pages that tell you how to defend against the exploit.

Next Evolution Hackers - Mozilla {Build ID: 2001090111}

File Edit View Search Go Bookmarks lasks Help

Back Foiward

.¿http:/AwAv.hat search

Print

Back Foiward

.¿http:/AwAv.hat search

Print

EXPLOITS ft

HDC EXPLOITS-,

. DATABASE

PROTECT YOURSELF

BY KNOWING

FROM EXPLOITS

HOW THEY WORK

Exploits >Linux >

1 Exploit Title

Date

pam.d

2001-09-02

View Exploit

telnetd

2001-08-16

View Exploit

Linux 2.0, Linux 2.2 kernel

2001-08-07

View Exploit

xman

2001-07-28

View Exploit

dip 3.3.7p

2001-07-23

View Exploit

crontab

2001-07-01

View Exploit

execveO

2001-07-01

View Exploit

LPRng-3.7.4-23 (and earlier)

2001-07-01

View Exploit

KTVision

2001-07-01

View Exploit

Copyright © 1999, 2000, 2001, 2002 Hackers.com All Rights Reserved.

-¡ai (03 Connected to VAW/.hackers.com

-¡ai (03 Connected to VAW/.hackers.com igure 12.2: Linux exploits found at http://www.hackers.com/

Was this article helpful?

0 0

Post a comment