Linux security expert Kurt Seifried(Part)
Lc: There's so many distributions out there. Can someone still be a "Linux security" expert today without having to be on top of all the nuances in all the many distributions, or is this another layer of complexity they have to know?
KS: Well, the good news is that most Linux systems are pretty similar. You have the same class of vulnerabilities and attacks in most cases: poor file permissions, badly written applications, etc.
There are, of course, differences (Where the heck is config file X? And why did they allow this service by default?), but once you learn the core fundamentals, how to read man pages, and probably most importantly of all how to use Google, you should be ok.
Lc: Do you have any favorite Linux security tools?
KS: SELinux for host security (fine grained control, but a monster to configure!). Nmap for verifying that my firewall rules are correct. Emacs for editing files to configure my system securely. There is literally no one tool that is my favorite, but indeed hundreds.
Lc: What's the one most important thing that your average Linux admin can do to increase security?
KS: I guess that would be run the automatic updater your distribution comes with. If nothing else, this will minimize the number of gaping-wide holes in your system. Security is a holistic practice, you are only as strong as your weakest link, an attacker only needs to find one mistake to exploit a system.
Lc: So can it be said that newer software -- like in unstable or beta releases -- is generally more secure than old, tested software that's been around for a few years?
KS: Nope. [The new software] probably contains a ton of security holes as well -- just not widely known ones (yet).
The difference being, an older version has holes for which I can get exploit code from Packet Storm or Metasploit, and break in trivially. The newer holes take a little more time to develop exploit code for.
Original Link:
http://www.linux.com/article.pl?sid=06/12/01/18023
http://www.seifried.org/lasg/
posted by 晓风 at
9:13 AM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home