In my observation, many of those who choose Linux just because they think that this OS is much better protected than Windows. In fact, everything is not so clear. Security is indeed the "chip" of this system, which covers the area from the Linux kernel to the desktop. However, the system always leaves a good chance for anyone who wants to "leave" in your /home folder. Linux may well be completely immune to the worms and viruses that are written for Windows, but worms and viruses are a relatively small part of the problem. Attackers have a lot of tricks up their sleeve, thanks to which they can get to important information for you, from ID photos to credit cards.
The most at risk for attacks are computers that are connected to the Web, however, devices without access to the "outside world" are no less vulnerable. For example, what can happen to an old laptop or hard drive, which are thrown by the user? After all, there are quite powerful tools for data recovery, and many are quite accessible for free download. Thanks to them, every average system administrator will be able to recover data from your disk, no matter what OS you worked with. If there is data on the hard drive, whether it is corrupted or not, then that data can be recovered. For example, you can recreate bank accounts, reconstruct recorded chat conversations, and restore images.
This is normal, but you should not completely stop using your PC because of this. Making a machine that is connected to the Internet immune to attacks is next to impossible. But it is possible to greatly complicate the task of the attacker, ensuring that he cannot "get" anything useful from an already compromised system. It is especially heartwarming that, with the help of Linux itself, as well as some programs created on the basis of open source, securing your Linux OS is easy enough.
We will discuss some aspects of Linux security in the following posts, but we will start with the most important, in my opinion, with updates. If they are disabled, then this is a serious problem, and if, for example, someone reasonably prefers to hide counterfeit Windows from the auto-update tool, then in the case of Linux, this behavior simply does not make sense.
All major Linux distributions (Debian, Fedora, and Ubuntu among them) boast their own teams of security specialists who work hand in hand with the package maintainers to ensure maximum protection users from various security vulnerabilities. These teams must ensure that vulnerabilities are discovered in a timely manner, and must also quickly release "patches" that will quickly plug any discovered "holes".
Your distribution must have a repository that is completely dedicated to security updates. You only need to activate this repository (by the way, it is quite possible that this has already been done in advance) and determine whether manually or in automatic mode install updates.
For example, in Ubuntu, this will require you to select System Administration from the menu, and then Software Sources. Then, on the Updates tab, you will need to specify how often the distribution should "test" the security repository, looking for new updates on it and determine whether the system should install updates automatically, or whether it should ask the user for confirmation before installing updates. Last option can be called more interesting, because it will allow you to view updates before they are installed. On the other hand, there is often no need to view, usually everything is in order with updates, and choosing automatic installation you will save some time.
In addition to updates, distributions often have special list mailing lists related to security issues. To send announcements of those vulnerabilities that have been discovered, as well as to send out packages that fix these vulnerabilities. It's a good idea to keep an eye on the distribution's security mailing list and regularly look for security updates in the packages that are most important to you. There is usually some time between the announcement of a finding of a vulnerability and the download of the update package to the repository; The mailing lists will show you how to download and manually install updates.
Linux distributions can be divided into different categories, depending on the purpose and intended use. target group. Servers, training, games and media are some of the popular categories Linux distributions.
For users concerned about security, there are several distributions that are designed to enhanced protection privacy. These builds ensure that your browsing activity is not tracked.
However, our selection includes not only distributions with a focus on privacy, but also distributions for intrusion testing. These builds are specifically designed to analyze and evaluate system and network security and contain wide range specialized tools for testing systems for potential vulnerabilities.
An Ubuntu-based distribution designed for intrusion testing. Due to the use of XFCE as a standard window manager, it works very quickly.
Repositories software solutions are constantly updated so that the user is always dealing with latest versions built-in tools that allow you to perform web application analysis, stress tests, assess potential vulnerabilities, privileges, and much more.
Unlike other distributions, which include a large set various applications, Backbox contains no such redundancy. Here you will find only best tools for each individual task or goal. All tools are sorted into categories, making it easy to find them.
Wikipedia presents short reviews many built-in tools. Although Backbox was originally created purely for testing purposes, the distribution also supports the Tor network, which will help hide your digital presence.
Kali
Probably the most popular distribution for penetration testing, based on Debian Wheezy. developed by Offensive Security Ltd and is a continuation of the earlier BackTrack Linux project.
Kali is available as 32-bit and 64-bit ISO images that can be burned to a USB stick or CD, or even installed on HDD or solid state drive. The project also supports ARM architecture and can even run on single board computer Raspberry Pi and also includes great amount analysis and testing tools. The main desktop is Gnome, but Kali allows you to create a custom ISO image with a different desktop environment. This highly customizable distribution allows users to even modify and rebuild Linux kernel to meet specific requirements.
The popularity of Kali can be judged by the fact that the system is a compatible and supported platform for the MetaSpoilt Framework - powerful tool, which allows you to develop and execute exploit code on a remote computer.
Available for 32-bit and 64-bit machines, it is an intrusion testing distribution based on Gentoo Linux. Gentoo users can optionally install Pentoo, which will install on top of the main system. The distribution is based on XFCE and supports saving changes, so when the USB drive is disconnected, all applied changes will be saved for future sessions.
The built-in tools are divided into 15 different categories such as Exploit, Fingerprint, Cracker, Database, Scanner, etc. Being based on Gentoo, the distribution inherited the set protective functions Gentoo that allow you to run additional settings security and manage the distribution in more detail. You can use the Application Finder utility to quickly discover applications located in different categories.
Since the distribution is based on Gentoo, some manipulations will be required to make it work. network card and other hardware components. When downloading, select the verification option and set up all your devices.
Based on Ubuntu given distribution designed for intrusion detection and monitoring network security. Unlike other penetration testing distributions, which are more offensive in nature, it is more of a defensive system.
However, the project includes a large number of offensive tools found in other penetration testing distributions, as well as network monitoring tools such as the Wireshark packet sniffer and Suricata intrusion detection tool.
Security Onion is built around XFCE and includes all the most necessary applications available in Xubuntu. Security Onion is not intended for amateurs, but rather for experienced professionals who have a certain level of knowledge in the field of network monitoring and intrusion prevention. Fortunately, the project is constantly accompanied detailed guides and video tutorials to help with complex embedded software.
Caine
Default account: root:blackarch. BlackArch is over 4 gigabytes in size and comes with several different window managers, including Fluxbox, Openbox, Awesome.
Unlike other penetration testing distributions, BlackArch can also be used as a penetration testing tool. increased privacy. In addition to various analysis, monitoring, and testing tools, the distribution also includes anti-tracking tools such as sswap and ropeadope for securely wiping the contents of the swap file and system logs respectively, and many other programs to ensure privacy.
Developed by the Italian IT security and programming network Frozenbox, based on Debian, it can be used for intrusion testing and privacy maintenance. Like BlackArch, Parrot Security OS is a rolling release distribution. The default login for a Live session is root:toor.
The live image that you install offers several boot options, such as persistent mode or persistent mode with data encryption. In addition to analytical tools, the distribution includes several programs for anonymity and even cryptographic software.
Mate's customizable desktop environment offers an attractive interface, and Parrot Security OS itself runs very quickly even on machines with 2 gigabytes of RAM. Several niche utilities are built into the system, for example, apktool is a tool APK changes files.
For users who care about privacy, the distribution provides a special category of applications where users can enable anonymous surfing on the Internet (used Tor networks) in one click.
Jondo
Found a typo? Select and press Ctrl + Enter
Most often in the context of their unprecedented security. Some even claim that Linux is the most secure operating system on the market. This, of course, is an unprovable hyperbole. Indeed, many Linux distributions turn out to be an order of magnitude safer and, but most of them fall short of FreeBSD standards, not to mention OpenBSD, which has established itself as one of the most secure user systems. And this is even if we leave aside highly specialized operating systems such as various RTOS, IBM i, OpenVMS and TrustedBSD.
Theoretically, of course, such a statement still has the right to exist. Considering that with the words "operating system with open source"Most users think primarily (if not exclusively) of Linux (and sometimes even believe that Linux is the name of the OS), then they are right. Other things being equal, popular systems open source ones do have a security advantage over closed source ones. Nevertheless, Linux family- far from the only example of open source operating systems.
If we think of Linux as the symbol of open source software and MS Windows as the symbol of closed software, then of course we can say that “Linux is the most secure systems of all”, despite the fact that the concept of “all” includes only two categories of products. But the world is far from being so simple.
In fact, Linux OSes are far from being the most secure when you consider the range of operating systems available. And some Linux distributions were actually created solely for research purposes and therefore intentionally have minimum level protection as standard. They range in level from completely unprotected to monsters like Hardened Gentoo. Well, the average Linux distribution is, of course, somewhere in the middle.
In addition, calculating "" is not as easy as it seems at first glance. Main criterion, which users who are not versed in security standards (and those who manipulate these users for their own interests) are guided by is the number of vulnerabilities identified. But you and I know that the minimum of loopholes found in the system is not a reason to consider it reliably protected. When it comes to security, there are a number of factors to consider, including:
Is code quality checked?
which are given standard settings security;
how quickly and efficiently corrections are written;
how the system of distribution of powers works;
...and much more.
Even if you do not take into account the OS that does not run, for example, popular web browsers (Firefox), mail clients(Thunderbird) and office programs(OpenOffice.org) with GUI WIMP on a computer with Intel architecture x86, the average Linux distribution is by no means the most secure operating system. And in any case, Ubuntu - perhaps the most common Linux OS - definitely cannot claim this title.
And in general, in any category of systems, there will certainly be one that turns out to be an order of magnitude better Ubuntu in all respects, and often just other Linux distributions. But some argue that among - the safest. In this case, and assuming that Linux systems generally the most secure on the market, which means that Ubuntu is even more secure than OpenVMS. Sorry, something is unbelievable.
If you are also convinced that “Linux is the most secure operating system”, I strongly advise you to reconsider your views. Many other operating systems turn out to be much more secure than the average Linux distribution. In addition, given how diverse the Linux OS family is in general and what different criteria accepted to assess the degree of security of operating systems, such a statement sounds at least idealistic.
The answer to the question “are Linux operating systems the most secure” depends on which systems to compare and from what point of view to evaluate the security of the OS (unless, of course, we are talking about an abstract comparison of open and closed software). If, however, it is unfounded to state that Linux is safer everyone, there is always a risk of running into a person who understands the problem much better and can easily blow this unreasonable point of view to smithereens.
You need to be more precise in your statements, otherwise there is a danger of acquiring a superficial view of the problem of security in general and creating a lot of trouble for those who are inclined to listen to such statements. If you mean that, other things being equal, popular open source operating systems are safer than popular closed source operating systems, then you should say so. If it means that standard configuration Ubuntu is safer than the default configuration
At the annual LinuxCon 2015 conference, the creator of the GNU/Linux kernel Linus Torvalds shared his opinion about the security of the system. He emphasized the need to mitigate the effect of the presence of certain bugs with competent protection, so that if one component fails, the next layer covers the problem.
In this article we will try to reveal this topic from a practical point of view:
7. Install firewalls
Recently there was a new vulnerability that allows DDoS attacks on servers under Linux control. A bug in the system core has appeared since version 3.6 at the end of 2012. The vulnerability allows hackers to inject viruses into download files, web pages and expose Tor connections, and it does not take much effort to hack - the IP spoofing method will work.Maximum harm for encrypted HTTPS connections or SSH - termination of the connection, but an attacker can put new content into unsecured traffic, including malware. To protect against such attacks, a firewall is suitable.
Block access with Firewall
Firewall is one of the most important tools for blocking unwanted incoming traffic. We recommend that you allow only the traffic you really need to pass through and completely block all other traffic.
For packet filtering, most Linux distributions have an iptables controller. They usually use advanced users, and for simplified setup you can use UFW on Debian/Ubuntu or FirewallD on Fedora.
8. Disable unnecessary services
Specialists from the University of Virginia recommend turning off all services that you do not use. Some background processes are set to autoload and run until the system shuts down. To configure these programs, you need to check the initialization scripts. Services can be started via inetd or xinetd.If your system is configured via inetd, then in the /etc/inetd.conf file you can edit the list background programs"daemons", to disable the loading of the service, it is enough to put the "#" sign at the beginning of the line, turning it from an executable into a comment.
If the system uses xinetd, then its configuration will be in the /etc/xinetd.d directory. Each directory file defines a service that can be disabled by specifying the disable = yes clause, as in this example:
Service finger ( socket_type = stream wait = no user = nobody server = /usr/sbin/in.fingerd disable = yes )
Also worth checking out permanent processes which are not managed by inetd or xinetd. You can configure startup scripts in the /etc/init.d or /etc/inittab directories. After the changes have been made, run the command under the root account.
/etc/rc.d/init.d/inet restart
9. Protect the server physically
It is impossible to fully protect against attacks by an attacker with physical access to the server. Therefore, it is necessary to secure the room where your system is located. Data centers take security seriously, limiting access to servers, installing security cameras, and appointing constant guards.To enter the data center, all visitors must go through certain authentication steps. It is also strongly recommended to use motion sensors in all areas of the center.
10. Protect the server from unauthorized access
An unauthorized access system, or IDS, collects data about system configuration and files and then compares this data with new changes to determine if they are harmful to the system.For example, the Tripwire and Aide tools collect a database of system files and protect them with a set of keys. Psad is used to track suspicious activity through firewall reporting.
Bro is designed to monitor the network, track suspicious activity patterns, collect statistics, perform system commands and generating alerts. RKHunter can be used to protect against viruses, most often rootkits. This utility scans your system against a database of known vulnerabilities and can detect unsafe settings in applications.
Conclusion
The tools and settings listed above will help you partially protect the system, but security depends on your behavior and understanding of the situation. Without attention, caution and constant self-learning, all protective measures may not work.What else do we write about?
Tags:
- 1cloud
- linux
- IS
The most frequently attacked forte free OS - security. What Linux users are most proud of and value most. We bring to your attention 5 main myths.
Source
Myth 1. Linux is insecure because the source codes of the programs are available for hackers to examine. Ordinary users are unlikely to pick complex code, but hackers will, in order to exploit the vulnerabilities found later. Besides,
What is actually: manually view millions of rows source code and not required. This task is solved by statistical code analyzers and special software complexes for audit. Random and intentional errors are caught automatically and then the expert deals with each specific case. For closed binary Windows code this does not work. This is where you can really easily hide the bookmark.
Viruses
Myth 2. There are few viruses under Linux, but only because Linux is an unpopular operating system. As soon as the number of users increases, virus writers will also catch up, and Linux itself will be no different from Windows in terms of susceptibility to network infection.
What is actually: 2% of Linux users are tens of millions of computers. If it were really simple, then it would have been created long ago. Android is also 95% Linux. Devices based android already billion. So where are the epidemics?
Power Users
Myth 3. Linux is more secure, but only because Linux is used by more experienced users. If everyone starts using Linux, then the same epidemics of computer infection will begin.
What is actually: this is partly true. But not only from viruses, but also from fools. That's why a lot of people don't like him. Windows users who tried to switch to Linux, but did not master it. For example, Windows actually encourages running as administrator account(the user is less bothered). Linux will not allow you to constantly work as root.
Again viruses
Myth 4. Linux also has viruses.
Antivirus
Myth 5. Under Linux installation antivirus is a must.
What is actually: mandatory is iptables setup and refraining from linking questionable third party repositories. Then there is no need for an antivirus. Moreover, marketers of antivirus companies.
