Embed Size (px)
Citation preview
8/14/2019 Protect Your Web Assets - Is Linux Still Safe
http://slidepdf.com/reader/full/protect-your-web-assets-is-linux-still-safe 1/3
Protect your web assets - Is Linux still safe? The Register is reporting that Linux servers have been recruited into a botnet.
In May we saw TROJ/ JSRedir -R and many variants thereof attacking web servers.
Last November SophosLabs reported that after more than six years there are stillover 10 thousand Linux hosts infected with Linux/ Rst -B.
What does this all mean? What it means is that non-Windows hosts are vulnerable,
contribute to the global security problem and cannot be ignored. There are viruses
and worms for Linux; however, the greatest threat posed by Linux is its primary use
as a server for many mission-critical, sensitive, and public-facing applications.
According to netcraft.com Apache has a 47.17 percent market share as of August
2009 (mostly Linux).
There are three primary means by which attackers are compromising Linux hosts. I
will outline each of these and provide advice on what you might do to protect yourLinux assets from intruders.
Problem: Password guessing SSH attacks. Too many systems use trivial passwords
and predictable usernames for critical accounts. As mentioned in the SophosLabs
blog on Linux/Rst-B, by guessing accounts such as root, apache, mysql, wwwuser
and other stock accounts, bots are able to automatically scour the internet and find
weak systems to exploit.
Solution: Use non-standard account names. Don't allow keyboard interactive logins
on your OpenSSH server, and require the use of password-protected keys. This will
eliminate close to 100% of attacks with very little effort. University of Georgia has agreat Linux tutorial, and University of California at Berkeley has a tutorial for
Windows.
Problem: Compromised FTP passwords. FTP does not encrypt credentials when sent
across the wire. A combination of methods are being used to steal FTP passwords
including malware on Windows hosts to scrape FTP passwords from client
computers and sniffing network traffic in search of FTP transactions. The primary
reason to use authenticated FTP these days is updating web content.
Solution: Stop using FTP... Really. It's long past its due date and it's time to move on
to SCP and SFTP. Windows users who are familiar with many of the graphical FTP
clients out there will find a comfortable friend in WinSCP. Another best practice to
follow is never tell applications on any operating system to "Remember my
password". I have seen a lot of malware on Windows that specifically hunts down
these stored passwords to send back to the criminals for their dastardly uses.
Problem: Insecure web applications. Every week I receive a list from the SANS
Institute containing all the known web-based applications that have had
8/14/2019 Protect Your Web Assets - Is Linux Still Safe
http://slidepdf.com/reader/full/protect-your-web-assets-is-linux-still-safe 2/3
vulnerabilities discovered since the previous week. The list is very long, and not
updating any one of them can allow an attacker to compromise your host.
Solution: Carefully audit all software used in hosting applications to the open
internet. Subscribe to the security mailing lists for all utilized applications including
BIND, Apache and all web hosted applications. By subscribing to lists like SANSmentioned above, you can do a quick weekly audit to see if applications you depend
on have reported vulnerabilities. The best defense is to stay on top of where your
weaknesses may be, and to patch early and often.
This article was written by Chester Wisniewski of Sophos and is published here with their full permission. Sophos provides full data protection services including: security software,
encryption software, antivirus, and malware protection.
8/14/2019 Protect Your Web Assets - Is Linux Still Safe
http://slidepdf.com/reader/full/protect-your-web-assets-is-linux-still-safe 3/3
