HomeScanning and Securing Linux Servers

Reply to comment

Scanning and Securing Linux Servers

Tue, 02/29/2000 - 22:34 — charlie.collins

Security is rightfully becoming more and more of a paramount issue with all operating systems. Linux is more secure by default than many other operating systems (partly because of reduced complexity, smarter design and because of less time in the attack spotlight.) However, with any OS, you need to test and scan what you have setup to determine what an attacker may see.

The tool of choice for scanning is nmap. Nmap is a free GPL scanner that runs via console or with a GUI frontend (an add on) that is very powerful and very flexible. Once you setup a host, any host, any OS, make sure you scan it and not only be aware of potential holes, but note TCP sequence status and compare.

I have run nmap against Linux, Novell, NT and AIX. Interesting results for all. The most alarming is the TCP sequence number generation problem that exists with NT and Novell. Literally nmap calls guessing these sequence numbers (which are generally time based, therefore they can be guessed by determing the time required to traverse the network and the system time) a \"trivial joke\" in these operating systems. Linux and AIX both faired \"good luck\" and scored much higher. The TCP sequence takeover attack is complicated, but certainly can be done with a little determination and the right host to attack, be aware (check out tools like \"TCP Sequence Predator \" which are readily available on sites like this one.)

Along with the sophisticated (somewhat) TCP attacks, nmap will also alert you to what services and ports are listening and therfore vulnerable (its main purpose.) Make sure each service you leave running is needed and is protected.

Eliminate unwanted or unneeded services and then secure and monitor what you require left open. At the very least use some of the tools to monitor for port scans which may indicate imminent attacks. Setup TCP Wrappers available here to improve access control, logging and be aware when scans happen.

The bottom line is become educated and do an attack on your own system, as sophisticated as you want to get, to determine real security status.

Check the great site LinuxSecurity.Com for more info.   LinuxSecurity.Com nmap Usage

Reply

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <hr> <li> <dl> <dt> <dd> <pre> <b> <h1> <h2> <h3> <blockquote>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
2 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.