|
Newbie on security. Server?
Security people had a world conference recently on the new threat to Linux servers.
As a noob to me a Server is what web hotel use. and Email services has a mail server. But I also have heard that many linux users have a server at home. My questions 1. Does every Linux distro have built in Server but it is not activated until you start it? 2. Does that mean that an intruder could fire up, start my built in Linux server without me knowing it? 3. When in Linux using dual boot WUBI Ubuntu I notised a lot of HDD activity without me doing anything. Could that be such an intruder or was WUBI phoning home to Ubuntu or some scheduled activity? How could I look for source and cause of such activity. some kind of log? That are readable for a beginner? As I remember the conference was reported in IDG news and RSS to their Mags around the world. My text in Swedish so no use linking to it. The alarming thing was that none of the Linux server users had a clue on that their servers had a root kit that allowed their servers to be used as control centers for international crime in blackmailing. Controlling 20000 Window machine bots around the world. It was very serious. 7 out of 10 servers had it? My memory could have that wrong but very serious. It seems not true anymore that Linux is not targetted. Servers are. So that is my question. doesn't every distro have a server built in? |
1. there is no such thing a "a server"... you don't pour it out by the pint or something. any process which accepts external connections and processes them can be deemed to be a server (among many other even looser descriptions), regardless of whatever it's actually doing. do you mean a web server? email? ftp? ssh? there are a million things you could serve, each with a totally seperate and unrelated bit of software.
2. as above, this makes little sense... you are already serving something i bet, probably ssh for a start. you can not start "The Server(tm)(r)" though. if you don't advertise connectivity to thises services from the outside world, no one can attack them. 3. that's not a question... but yes... things do happen in the background. could be plenty of things. |
I should have given the link. I didn't have it at time of writing, now read this:
http://www.linuxworld.com/news/2007/...rss-linux-news Quote:
Which goes against your "if you don't advertise connectivity to thises services from the outside world, no one can attack them. " Had the Linux users known they did what you say they would have stopped doing it. So it seems that even very advanced users didn't know they did. Which is scary for a newbie like me. How could I know such then? I think you are formally right and technically right but it didn't help all these owners of Linux servers out there. |
it doesn't go against what i said, it's right in line. those users who end up with rootkits probably had ssh services portforwarded on their router so they can get in. someone is then scanning port 22 against an ip list and finds somethign that responds. they do a simple dictionary attack and get root access to the box and do what they want.
|
No it doesn't goes against what you said but it goes against all the assertions that linux is free of the problems of windows. Well it is only a matter of time. They will target linux too when enough money is to be harvest from doing it. Linux live on borrowed time.
What about VMware Player. Would that give one more security and still be able to use Linux on a nwindows machine? Maybe a bit slower? But one would learn linux without crashing the windows? |
Quote:
Quote:
As for you, personally:
|
As it's 'Microsoft sponsored' I'd be surprised if they hadn't come up with an anti-Linux quote somewhere....
|
I apology, I am a poor reader. Trust massmedia too much.
But even if it is an attack. Then we have to come up with other figures. Even if biased they had some facts, it was not imagined figures. None of the infected knew that that was so. Shows we have to improve the knowledge of the average linux users. How good are these anti-root-kit programs to find them? |
The best tactics are still prevention, prevention and prevention.
Turn off which ever service you don't require; don't allow inbound connections if you don't have to. If you have to, make sure you use sensible authentication methods and strong passwords. Don't allow connections as user root from anywhere but a local console. Put file-integrity checking into place (e.g. AIDE, tripwire, ....) BEFORE you put your machine on the net .... Read the stickies in our security forum ;} for details. Cheers, Tink |
I trust you gave good advise but you missed out that some of us noobs even fail to know what the advise says. We stumble on words like "inbound".
And even more to these. Quote:
don't get me wrong. I do appreciate you answer. I value it highly. But it is a too wide gap to the level some of us noobs are on. Maybe wee need a living person at our side. |
Quote:
internet w/o you having initiated a session. Quote:
checksums, and store them securely, and then alert you if a protected file has been tampered with. Part of an intrusion detection system. Quote:
holds highly important data or is for corporate use, by all means - getting a "consultant" (a friend who knows or a paid for person) in to set it up for you may be the right choice. However, the learning curve shouldn't stop you from trying to set up tight security. That would be like buying an el cheapo car w/o seat belts and airbags, and with bald tyres, and leaving it at that :} (this holds true for windows more so than Linux, btw). Cheers, Tink |
I saw one cool linux thing. A dedicated security thumb. I find the link after editing. They list all new products. this one had a kind of firewall within so it protected itself. I am a poor reader of text. Not sure of if it could be used as a linux but it has linux inside
http://www.linuxdevices.com/news/NS5094510735.html |
Looks interesting :}
Cheers, Tink |
| All times are GMT -5. The time now is 04:24 PM. |