In today's lesson, we'll discuss Linux and security. We're going to discuss what threats Linux has, discuss what items administrators need to be concerned with when dealing with Linux systems, and understand that there's no such thing as a secure computer. Even Linux gets viruses. So, the question I always hear is, is Linux secure? Well, no computer is ever secure. So, computers may be secure at one specific point in time, but it depends on a whole bunch of different things. So it depends on how, where, what software you have on it, a whole bunch of different things to make sure that a computer system is secure. So we can configure Linux in a specific way to make sure that it is secure at one point in time. So, if my computer is – Linux computer – is completely off the network and I have all the latest patches and it's in a locked room, is it secure? Maybe, maybe not. Depends on what threats that it has against it. So maybe somebody could break in the door. If I don't have a password or the hard drive is not encrypted, I can easily bypass the security of that device and get in. So it doesn't matter if it's on the network or not, doesn't matter if it's locked in a room. So, I need to make sure that I have layers of security protecting my Linux system just as I would any other system. It's no more secure than a Windows system and it's no more secure than a Mac. Everything gets viruses. Everything has problems with users and configuration unless I follow very strict guidelines. Linux can be configured in such a way while that you wouldn't have or you would mitigate a lot of those security vulnerabilities. There are also some pitfalls that we have when dealing with Linux, specifically. Okay, the benefits of Linux for security. Linux, because it's open source, we don't see many viruses being developed for it. We see Linux has the tendency to have software installed that has vulnerabilities. But because Linux is open source and has a community of developers around it, the more eyes you have on something, the greater security it has. So the Linux security, or the Linux kernel itself, is pretty secure. There's always something or a vulnerability that may come out here or there, but it's patched relatively quick. In the past year, we have seen – or two years depending on whenever you're viewing this – we've seen Shellshock, we've seen Ghost, and those have been really serious Linux vulnerabilities that we can exploit. Software typically has less privileges as well, within Linux. So, Linux processes things with a user and a group as well. So, Linux is pretty secure from the standpoint of software execution unless you increase its privileges. The size of Linux is smaller, meaning that the community or where Linux is installed in is smaller. So, where Windows, for example, has millions, billions of machines running Windows versions, we may see very little of those machines actually running Linux, and we don't install a lot of software on those Linux machines either even though they are running a majority of the large enterprise systems across the Internet. So how Linux may be compromised? There are four different areas that system administrators need to be concerned with when looking at Linux and security. The first one is software vulnerabilities; second one is gonna be configuration errors; third one is social engineering, users in general; and finally the fourth one is going to be rootkits, viruses, and Trojans. So from greatest threat to least threat, let's go through these one by one. Software vulnerabilities. For as long as I can remember, buffer overflows are still the number one vulnerability out there for software. Developers either forget to sanitize their code for memory leaks and buffer overflows or buffer underruns may take place, but it's still the number one thing that plagues everything. So, the software that's installed on Linux is not infallible to exploitation of buffer overflows or buffer underruns. So, the Linus's Law states basically given enough eyeballs, all bugs are shallow, meaning that the more people that you have looking at code and developing that code, the less chance you have at major vulnerabilities and those vulnerabilities becoming public. Developers of custom software may not have the luxury of testing software, so software vulnerabilities may be in some of that code that is not used by a lot of people. Software also may not be patched. Linux typically uses package managers to manage the software that's installed on them. However, if we compile Linux code or source code and put those on our systems, install the code from source, we don't get that luxury of those patches unless you recompile that software again. So, it's always best to use a package manager to install certain packages for example, like Debian packages or RPMs for example. Configuration errors is the second most common type of threat that we see with Linux. Because we're configuring manually a lot of software on Linux, we have a tendency to make mistakes. So, a directory, the permissions on that directory may be incorrect, or we may forget to delete a configuration page which may allow an attacker in, for example, or perhaps one of the ports that we have for a certain application is left unsecured. For example, port 3306 for MySQL. If we forget to turn that port off or put it behind the firewall, an attacker may get in. It's very easy to do something in Linux, meaning that you can type in rm -rf /* for example and delete everything – Linux will let you do that. It's very unforgiving that you can't undo it, unlike Microsoft or Windows which will not let you delete all your files. So, forgetting to do something like that and not have root privileges is also one of those configuration errors that we need to watch out for. Social engineering and users are always a concern no matter what operating system that you're using – no matter if it's Mac, Windows, Sun, doesn't matter. And we need to be concerned with social engineering and users because users are the weakest part of any system. Even though it's the job of the system administrator to make sure systems are secure, humans cannot be secure 100% of the time. So, if a user leaks their password information out, an attacker may get into that system. This is very evident in one of the more famous cases in the hacktivist group, Anonymous, several years ago with the HBGary leaks. This social engineering of the CEO actually led to their downfall of HPGary, and Anonymous was at the helm of that. Okay, users make mistakes; users accidently delete files, for example, like I said, rm -rf /*. Okay? It's a very easy command to enter. If your users have privileges to do that, then they've just destroyed a system. Amazon and other large corporations have been taken down because of configuration errors and inadvertent commands. So several weeks ago and depending on when you're viewing this video, maybe months, maybe a year, but Amazon – a third of Amazon – was taken down their AWS platform because somebody accidentally entered a wrong command when configuring some software. So it took out major companies – major companies lost millions of dollars of revenue because Amazon was down. Finally, rootkits, viruses, and Trojans. Linux is not as susceptible to rootkits, viruses, and Trojans because of the way that they're built, because of the way the privileges are designed to be least privileges. They're still better than a lot of the other operating systems out there that are less secure. Windows for example, most Windows users have elevated privileges, for example. An example of a Linux worm would be the Morris worm back in 1988, which was one of the very first worms for Linux. Okay? Linux also has several different types of ways to mitigate that. So, chkrootkit, rkhunter, and ClamAV are all open-source packages that are designed to keep Linux secure. So in conclusion, administrators need to be diligent about how they are addressing security, and security always needs to be a consideration. While Linux doesn't contract viruses often, we still need to be concerned with configuration errors and software vulnerabilities and make sure our systems are up to date.
