GNU/Linux GUI Security Suite

hi there could someone please tell me which is the best security suite to use. im currently using norton 360 but it slows my internet connection way down. and i had problems with mcafee. any info appreciated

On Linux, you don't need a security suite. If security is your primary focus, use Fedora, Redhat or CentOS, as those distributions are security oriented.

Quote:

Originally Posted by macemoneta On Linux, you don't need a security suite. If security is your primary focus, use Fedora, Redhat or CentOS, as those distributions are security oriented.

I don't think those three focus primarily on security. Linux in general has more inherent security than Windows, which is probably what you meant (hopefully).

Security-oriented distros are distros such as Backtrack (which is more of a forensics/pentest distro). Or, OpenBSD (which isn't Linux but *nix nonetheless).

Even then, as an admin, you still have to harden your install and cater security to your own requirements. Even with Linux, services such as SSH could be bruteforced unless you put things in place to lessen the impact of that bruteforce (bruteforce is just one example). The same goes for web servers and other software. You shouldn't just install an OS thinking its so secure that you don't create a normal user account or don't disable any unneeded services.

That is just a start. The process will always be ongoing, depending on what services and/or software you happen to install in the future.

Quote:

Originally Posted by unixfool I don't think those three focus primarily on security. Linux in general has more inherent security than Windows, which is probably what you meant (hopefully).

No, it is not what I meant.

Different Linux distributions have different focus. Security is not a concern for most distributions - they rely on the uniqueness of Linux for protection, which is inadequate.

Many distributions do not even install a firewall by default. Only a a handful install and configure a robust SELinux configuration by default. Few have ExecShield implemented. Few have all the code in the distribution compiled with FORTIFY_SOURCE, stack smash protection, buffer overflow detection and variable reordering.

If security is a concern, pick your distribution carefully - they are not equal.

Depending on who you ask, a firewall may be a network device or security device, depending on the application. I don't define a security-based distro based on if it firewalls data. The overall protection of data, pentesting, forensices, or hardcore lockdown of the install in general (and maybe hardened applications and the way it may handle processes and such).

I can think of many distributions nowadays that install IPTables as default. Slackware is one, but that doesn't make it security-oriented. Even the inclusion of security applications such as SELinux doesn't justify calling a distro security-oriented, because its one application of many that are installed. IMO, security orientation usually suggests that the overall package is as secure as possible, compared to other distributions and OSs.

Just my thoughts...

What are you talking about? SELinux is an application? Please don't misinform folks; do some research.

SELinux implements MAC at a kernel level which controls where, what and when a program can access a file or files or even system resources. There are other options as well. Grsecurity, RSBAC are both kernel based access control methods. Other options like stated above are D_FORTIFY_SOURCE which will check the code while compiling to help check for improperly used buffers. There is also thing like -fPIC and -fPIE for gcc when compiling to support help improve ASLR by useing position independent code (PIC) and postition independent executables (PIE). if you wanted to be really crazy you could implement a system with SELinux W/MLS, Grsecurity, ASLR, PIE, PIC, ssp (fstack-protector), FORTIFY_SOURCE and even use something like RATS to scrub the code before you compile it.

It seems the term "security-oriented distro" is interpreted as different things by different people. For some it describes a distro designed with security in mind throughout its development. For others it describes a distro with a focus on security-related applications. IMHO both points of view make sense. I do admit, however, that whenever I hear the term "security-oriented distro" I think of hardened generic distros, not specialized pentesting/forensic ones. In the end, with a little bit of explanation, the other party will understand what type of distro we mean, so it's all good.

Getting back to the topic at hand (the OP), I'm almost sure there is no "desktop security suite" type of all-in-one security application for GNU/Linux at the present time. My guess is the reason for this is market demand. It's just a guess. I mean, big GNU/Linux deployments typically come with GNU/Linux geeks included in one way or another, and geeks will have no problem making individual use of the vast array of security tools available - without the need to have one GUI application to rule them all. In fact, I dare say true geeks won't even consider using GUI apps at all for security programs.

With that said, it's really hard to suggest something which AFAIK doesn't exist yet. Or at least most of us have never heard of it apparently. Suggesting hardened distros such as Fedora is great, but it is sort of beside the point I think. In my mind I see the OP as being after a nice GUI application where desktop users can easily configure all their firewall, anti-malware, backup, encryption, anti-phishing, IDS, etc. settings in one central location. And the bottom line is we really don't have that, or do we?

Quote:

Originally Posted by macemoneta What are you talking about? SELinux is an application? Please don't misinform folks; do some research.

I'm not misinformed.

Per Wikipedia:

Code:

Security-enhanced Linux is a FLASK implementation integrated in some versions of the Linux kernel with a number of utilities designed to demonstrate the value of mandatory access controls to the Linux community and how such controls could be added to Linux.

The "integrated into some versions of the Linux kernel..." part suggests that this is code. Code is usually some type of software. Software is usually an application. Kernels, although they can't function by themselves, are considered software...code. Can SELinux stand function independently from the kernel? No. That does not mean it isn't some type of software, as it does offer enhanced kernel functionality.

As for the research part, IT security is my profession. Although I don't pretend to know everything regarding security or IT, I'm paid to consult Fortune 10 organizations as a representative of a very large ISP, providing managed security services in a security operations center. I can honestly say that I've researched enough to know that SELinux certainly isn't a hardware solution. It is code designed to enhance existing code. In my arena, code normally means software and software normally means applications.

Regarding the OP's question, as with win32sux, I'm not aware of an equivalent solution for *nix, although I'm sure that as Linux grows more prominent in the marketplace, the Linux community may see something similar. Norton 360 is a product that only functions within a Windows/Vista environment, so that leads me to believe that the OP may be looking for an equivalent product that operates on a MS system. I believe there are several equivalent Windows- and Vista-based products, but I don't use security suite packages on my Windows-based systems, so I can't recommend something that may help.

Quote:

Originally Posted by win32sux In my mind I see the OP as being after a nice GUI application where desktop users can easily configure all their firewall, anti-malware, backup, encryption, anti-phishing, IDS, etc. settings in one central location. And the bottom line is we really don't have that, or do we?

I think this is part of the problem. "a nice GUI application". I think before the release security software with a nice GUI they need to put some security into the X desktop. There are alot of problems with the coding of the X desktop. They focused to much on functionality and not enough on security when creating X. Most of the security programs out right now are mainly commmand line because there is alot more you can do with command line and the developers of the security apps focus more on security and speed. Not on the "Pretty GUI"


I also feel that a hardened distro is more of a security based distro then backtrack. I think backtrack, dvl, hakin9, FIRE, Phlak would fall into a pentest or security audit distro. backtrack, dvl, etc. are not really created to be "Secure" they are created to test security and anyone had messed with pentest software knows that having a secure machine with lots of pentest/security audit tools on it do not work very well because of all the ports that have to be opened on the machine to run those tools.

Quote:

Originally Posted by unixfool I'm not misinformed. "integrated into some versions of the Linux kernel..."

Wikipedia is wrong in a way in this instance. The reason it is in some versions of the linux kernel is because it was not always in the kernel but as of 2.6.9 (i think) it has been put into the standard vanilla kernel. So from 2.6.9 it is part of the kernel. The wiki is updated by people like you and me so it is not always 100% true

Quote:

Originally Posted by unixfool the OP may be looking for an equivalent products that operates on a MS system.

You are right. I hadn't noticed this. The OP doesn't even mention the word "Linux". Heh. I just took a look at his other posts and it does seem he is 100% Windows. Hmmm. Well, even if that's the case, I'm willing to leave this thread here in Security as long as the discussion revolves around GUI Security Suites for GNU/Linux. I think doing so would benefit the LQ community more than if I move this to General and let it turn into a Windows discussion.

NOTE: I've edited the thread title to make things clearer.

Quote:

Originally Posted by slimm609 Most of the security programs out right now are mainly commmand line because there is alot more you can do with command line and the developers of the security apps focus more on security and speed. Not on the "Pretty GUI"

I agree. But I think that if a third-party steps up to the plate and designs a GUI security suite, the security app developers wouldn't necessarily have to change what they are doing. The suite could essentially be nothing but a front-end. Kinda like what Firestarter does with iptables, except this would be for several tools, not just iptables. At least this is how I picture it. I think an application like this would be awesome for non-techie desktop users.

Quote:

Originally Posted by slimm609 Wikipedia is wrong in a way in this instance. The reason it is in some versions of the linux kernel is because it was not always in the kernel but as of 2.6.9 (i think) it has been put into the standard vanilla kernel. So from 2.6.9 it is part of the kernel. The wiki is updated by people like you and me so it is not always 100% true

I'm not aware of too many people still utilizing kernels below v2.6.9, which was probably release around 2003. Those that do use those versions probably mitigate the security risks involved in running older kernels (you'd think and hope). I think that Wiki, as a whole, is spot-on. The reason it mentions "some versions" statement is to impress upon the reader that some kernels function without SELinux code and that at some point in the past, SELinux wasn't a part of the Linux kernel (as with most of the current kernel code).

I usually don't rely on Wikipedia for my work but I do tend to use it to get a basic understanding of a specific topic. Besides, everyone has different interpretations, no matter the topic. The reason I posted what I did was so that I could provide a somewhat short and concise description of what SELinux was...it can't get any shorter or more descriptive than that, IMO. The statement seems true enough, even understanding that everyday people like you and I update Wikipedia. Reading the whole page instead of that one blurb expands on the subject quite a bit, though, which is why I also provided a link to the page.

A quick observation: Astaro Linux has a pretty good suite of security-oriented tools. Although it is one of those 'gateway' distributions, akin to Clarkconnect, Smoothwall, and IPCop (but thicker on security), I'm surprised someone hasn't built a *nix suite (bundled all together) with some of the software packages that Astaro implements: VPN capability, proxies based on several protocols, a lightweight IDS, IPTables...all in a package that can be installed with minimal interaction (to help the Linux neophyte). Although Astaro is so configurable that it may boggle the average mind, I'm pretty sure that a group of dedicated and focused developers can come up with a watered-down lightweight solution that implements half of what Astaro does...it could be offered as a security suite. Just some musings...

Take a look at engarde if you have not already done so. It has av, ids, selinux, ips, hardened web server, dns servers, mail servers all with a pretty simple web interface. but it does not have a GUI. I am guessing it is because the GUI is the hardest thing to try and secure.