Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux Security. A full immersion in the world of Linux Security from many sides and points of view.

Introduction

And another year arrives. What will this 2005 give to us? Only chocolates, cakes, happiness and no other stress from the work or anything else? Ok, I'm just joking. Let's start! The year 2004 has been the year of Linux, according to many "linux critics". In my opinion, it has just been another year for Linux to demonstrate its power, usability, and security in comparison to other operating systems and commercial products. Many successes followed one another without a break.

Management's View of Linux Security Today

There is still very little consideration for Linux. It's a simple sentence, but a complex situation. Let's take the example of Italy (my home country).

Only too few companies understood the real problem of security. Here is a simple example:

"Hey manager, you could be a simple target for an attacker if you make this or do this with your LAN", "Hey Linux-Security-addict don't worry, please! We have so many computer experts in our company"

Ok, nothing it's strange but the "computer experts" are really so expert? Many times we see how this computer experts are just some Windows beginners who want to conquer the world with a simple "double click". Well, dear managers, the security isn't only this. Security being synonymous with professional is a joke. Moreover I see how many Linux companies all over the world are growing up. This is another very good thing for us. It means that the managers are understanding day by day the problem and want to do everything to solve their big security problems.

User's View of Linux Security

However, with the passing of the time, there are many home users who love to configure good firewalls for their own computers or use commercial products. This is a very good thing but we're still far away from a full concept of "security". Security isn't just a simple firewall. Security is behavior! If you still take notes of your passwords on some papers and you leave them on your desktop ... well, you can be secure that you're not a security-care user. If you are not a connoisseur of social engineering and its techniques, you can't sleep at night very well, trust me. We can talk about Physical Security, too. If you still leave your computer unguarded at lunch break you can be secure that someone so curious and more clever than you will use your computer to have your sensitive data and use them for some uses (legal or not). So dear user, come on, be careful and don't be sure that you have a big security plan for your LAN. And ... trust no one to avoid social engineering.

State of Linux Security

On this side we can talk for hours but I have just a little space to spare. There are so many interesting projects that are helping the Linux community to solve the security problems. Linux is the most attaccked system from the attackers but it is even the most secure. Don't worry, isn't a contradiction. I just want to say that thanks to its structure , Linux can be considered as the most secure operating system today but thanks to many sleepy SysAdmin is the most attacked one, too. I appreciate many security projects, for example: Aide, Chkrootkit, Ettercap, Nmap, just to make some names about linux security related packages. I can't forget the SELinux Project, in my opinion the most important and useful kernel security patch never created without forget GrSecurity.

What can be done?

We must believe in security and in a secure world without attackers. We have to improve our behavior about security and be careful about everything. From the SysAdmin side, the best way to follow is to keep upgraded their systems and don't sleep at work. Finally, we have to burn every Windows copy and switch to Linux ;)

Holiday Thanks

I can't forget the so many linux security communities on the net and the big helps of the Linux Expert users through mailing lists, forums with the hope of helping the newbie one. It's really a wonderful thing, don't you think? It's just OpenSource and a perfect world is possible with it.

Vincenzo Ciaglia is the founder of the Netwosix project and contributing writer for LinuxSecurity.com