[Nottingham] Security on Linux

Danny King dannyking at gmail.com
Thu Jun 26 12:18:35 BST 2008 

Linux can be really really secure and really really insecure. I think
we have to be careful not to just assume the stereotype that Linux is
always more secure than, say, Windows. But for the average desktop
user, it probably will be more secure than a default install of a
modern Windows instillation.

Let's take on-line banking as an example. Under Linux you are probably
less likely to have any malware running (a virus, trojan or keylogger)
that steals your log-in details, but you would of course still need to
be weary that you're not logging into a fake site and that your
connection is encrypted (the little lock icon in your browser).

If you're interested in security for Servers then Linux is not always
seen as the most secure, although of course it can be made very secure
by a good administrator. There is a bewildering amount of stuff to
read on linux security, just take a look at any large bookshop or
search google.

2008/6/26 Steve Caddy <steve.m.caddy at ntlworld.com>:
> Ron Wilton wrote:
>
>> Can you tell me a little more about 'ssh' and 'casual poking on port 22',
>> please?
>
> Basically, ssh is the more secure replacement for telnet (which is now
> pretty much deprecated), so you can remotely login to your computer, to
> access a command prompt. It's normally accessed via port 22 on your
> computers network interface (like http (web) is normally served on port 80).
> It's fairly common for casual hackers to probe port 22 to see if they can
> get a ssh login prompt. Of course, without a valid username and pssword,
> they won't be able to login. However, what I normally do, it change the port
> to something non-standard, so that I know where it is, should I want to
> login, but to the casual hacker, it looks like the machine isn't offering
> ssh login, because port 22 doesn't respond.
>
> Of course, there's nothing you can do about a hacker probing all the ports
> in turn to find out what services are provided on which ports to try to find
> a way in, but then it's proetty obvious that someone's trying to attack your
> machine, and it isn't a "mistaken IP/accidental attempt". If you find
> someone port scanning your machine (which you'll see clearly in the logs,
> complete with time and source address), that's normally sufficient grounds
> to alert the domain owner (usually the ISP) that someone (whose IP address
> and the times you can supply from your log) is doing something naughty,
> which may be breaking the ISP's acceptible Use policy.
>
> As long as you've got up to date versions of the services that you're
> providing, then your machine will be pretty secure. The weakest link will
> probably always be the username and password pair, unless there's an
> undiscovered way of causing a buffer or stack overflow by sending specially
> constructed messages to the service to exploit the vulnerability. But that's
> pretty much always going to be a risk on any system, which can only be
> mitigated by using tried, tested, and mature services, where such problems
> will have already been discovered and fixed.
>
> Steve
>
> --
> Steven M Caddy, MEng ------------------------------------------------------
> "Hardware - the part of the computer you kick when the software fails"
> Email: steve.m.caddy at ntlworld.com
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
>



-- 
- Danny King of Gleaming Pixel Web Design.

Email: danny at gleamingpixel.co.uk / dannyking at gmail.com
Web: www.GleamingPixel.co.uk

More information about the Nottingham mailing list