Linux Security: Tips from the Experts - page 3
Positive Perceptions of Linux Security Pick Up SteamYou should also run Bastille--an interactive lockdown/hardening script--assuming that it supports the distro you're using. Currently, Bastille provides support for Red Hat, SuSE, Debian, Mandrake, and TurboLinux distros of Linux, along with HP-UX and Mac OS X.
"Bastille Linux provides feedback to administrators about security during installation. The focus is on proper configuration," concurs Spire Security's Lindstrom. As opposed to configuration issues, most other approaches to vulnerabilities today focus on software bugs, he says.
'Jail Services' and Other Firewalls
Virtually no one would dispute the merits of network firewalls with packet detection. For added layers of protection, though, Dennis advises the use of "jail services" such as chroot, Linux capabilities (Lcap), User Mode Linux (UML), VMware, and dedicated hardware.
"You can think of all of these as firewalling processes, too. One caveat, though, is that chroot isn't root safe. Also, UML and other VMs may cost too much in [terms of] performance," he adds.
New Vulnerabilities in the Wings
On the downside, emerging software technologies such as CGI and dynamic content have introduced new vulnerabilities. "Application-layer protection is a must," Lindstrom cautions. "This can include web shields, web application firewalls, or other solutions that provide some protection against attack."
- Skip Ahead
- 1. Positive Perceptions of Linux Security Pick Up Steam
- 2. Positive Perceptions of Linux Security Pick Up Steam
- 3. Positive Perceptions of Linux Security Pick Up Steam
- 4. Positive Perceptions of Linux Security Pick Up Steam