LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Vincenzo Ciaglia Speaks Security 2004 Print E-mail
User Rating:      How can I rate this item?
Source: Vincenzo Ciaglia - Posted by Vincenzo Ciaglia   
Features Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux Security. A full immersion in the world of Linux Security from many sides and points of view.

Introduction

And another year arrives. What will this 2005 give to us? Only chocolates, cakes, happiness and no other stress from the work or anything else? Ok, I'm just joking. Let's start! The year 2004 has been the year of Linux, according to many "linux critics". In my opinion, it has just been another year for Linux to demonstrate its power, usability, and security in comparison to other operating systems and commercial products. Many successes followed one another without a break.

Management's View of Linux Security Today

There is still very little consideration for Linux. It's a simple sentence, but a complex situation. Let's take the example of Italy (my home country).

Only too few companies understood the real problem of security. Here is a simple example:

"Hey manager, you could be a simple target for an attacker if you make this or do this with your LAN", "Hey Linux-Security-addict don't worry, please! We have so many computer experts in our company"

Ok, nothing it's strange but the "computer experts" are really so expert? Many times we see how this computer experts are just some Windows beginners who want to conquer the world with a simple "double click". Well, dear managers, the security isn't only this. Security being synonymous with professional is a joke. Moreover I see how many Linux companies all over the world are growing up. This is another very good thing for us. It means that the managers are understanding day by day the problem and want to do everything to solve their big security problems.

User's View of Linux Security

However, with the passing of the time, there are many home users who love to configure good firewalls for their own computers or use commercial products. This is a very good thing but we're still far away from a full concept of "security". Security isn't just a simple firewall. Security is behavior! If you still take notes of your passwords on some papers and you leave them on your desktop ... well, you can be secure that you're not a security-care user. If you are not a connoisseur of social engineering and its techniques, you can't sleep at night very well, trust me. We can talk about Physical Security, too. If you still leave your computer unguarded at lunch break you can be secure that someone so curious and more clever than you will use your computer to have your sensitive data and use them for some uses (legal or not). So dear user, come on, be careful and don't be sure that you have a big security plan for your LAN. And ... trust no one to avoid social engineering.

State of Linux Security

On this side we can talk for hours but I have just a little space to spare. There are so many interesting projects that are helping the Linux community to solve the security problems. Linux is the most attaccked system from the attackers but it is even the most secure. Don't worry, isn't a contradiction. I just want to say that thanks to its structure , Linux can be considered as the most secure operating system today but thanks to many sleepy SysAdmin is the most attacked one, too. I appreciate many security projects, for example: Aide, Chkrootkit, Ettercap, Nmap, just to make some names about linux security related packages. I can't forget the SELinux Project, in my opinion the most important and useful kernel security patch never created without forget GrSecurity.

What can be done?

We must believe in security and in a secure world without attackers. We have to improve our behavior about security and be careful about everything. From the SysAdmin side, the best way to follow is to keep upgraded their systems and don't sleep at work. Finally, we have to burn every Windows copy and switch to Linux ;)

Holiday Thanks

I can't forget the so many linux security communities on the net and the big helps of the Linux Expert users through mailing lists, forums with the hope of helping the newbie one. It's really a wonderful thing, don't you think? It's just OpenSource and a perfect world is possible with it.


Vincenzo Ciaglia is the founder of the Netwosix project and contributing writer for LinuxSecurity.com

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Shellshock makes Heartbleed look insignificant
Hacker Group Lizard Squad Takes Down Destiny, Call of Duty, FIFA And More
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.