際際滷

際際滷Share a Scribd company logo

Is Linux Secure?

Mackenzie Morgan
Mackenzie Morgan

Mackenzie Morgan gave a presentation titled "Is Linux Secure?" at the 2010 Southeast LinuxFest. The presentation introduced common security terminology related to malware and attacks, discussed threats that still affect Linux systems such as email trojans, untrusted software sources, and browser-based attacks, and provided recommendations for improving security including using trusted software sources, being cautious of launchers from untrusted locations, using browser extensions like NoScript, and following principles of least privilege.

1 of 38
Downloaded 106 times
Is Linux Secure? Mackenzie Morgan Southeast LinuxFest 2010 12 June 2010 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 1 / 35
Introduction Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 2 / 35
Introduction Me Mackenzie Morgan Computer Science student Ubuntu Developer Kubuntu user http://ubuntulinuxtipstricks.blogspot.com 鍖nd slides here Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 3 / 35
Introduction This Talk Linux Zealot: Try Linux! It doesnt get viruses! Average Person: No viruses? Im invincible! Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 4 / 35
Vocabulary Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 5 / 35
Vocabulary Malware Malware (or badware) is an umbrella term for viruses, trojans, worms, rootkits, etc. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 6 / 35
Vocabulary Virus Viruses infect individual 鍖les. They spread when people share those 鍖les. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 7 / 35
Vocabulary Social Engineering Social Engineering is tricking people into doing something that is bad for security. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 8 / 35
Vocabulary Trojan Trojans are malware that get installed via social engineering. . . or, well, lying. Im a fun game and totally safe! but not really, Im actually going to steal your passwords. . . Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 9 / 35
Vocabulary Worm A worm infects other systems, automatically, usually over a network. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 10 / 35
Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jago鍖. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jago鍖. Yes, Im from Pittsburgh. Howd you guess? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
Vocabulary Rootkit A rootkit keeps the activities of an unauthorised user hidden so that you cant tell your system has been owned. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 12 / 35
Vocabulary Keylogger A keylogger tracks everything you type. Yes, including passwords. It could be hardware (see ThinkGeek), but usually software. There are legitimate(-ish) uses. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 13 / 35
Vocabulary Browser-based Attack A browser-based attack is any attack that takes place inside the web browser. They are usually not limited to a speci鍖c OS. Examples: Cross-site Scripting (XSS) using Javascript on one webpage to steal data from another Tracking cookies harvests the information stored in your browser by other websites Cookie jacking stealing credentials for other websites from your browsers cookies Click jacking hiding clickable objects on a webpage on top of other objects so that youre not clicking what you think youre clicking Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 14 / 35
Vocabulary Phishing Phishing is social engineering aimed at making you believe you are interacting with someone else whom you trust Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 15 / 35
What can still hurt me? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 16 / 35
What can still hurt me? Whats still a problem? All of those Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 17 / 35
What can still hurt me? But what about no viruses? Windows ones usually wont run, even in Wine Several hundred for Linux Only 30 in the wild ever No known viruses exploiting current vulnerabilities Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 18 / 35
What can still hurt me? Email Trojans Check out this cool new game! http://example.com/foo.desktop Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 19 / 35
What can still hurt me? Untrusted Software .deb for screensaver on gnome-look.org Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
What can still hurt me? Untrusted Software .deb for screensaver on gnome-look.org . . . and now youre on a botnet http://ubuntuforums.org/showthread.php?t=1349678 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
What can still hurt me? Browser-based attacks Unless only for Internet Explorer Firefox? Opera? Chrome? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 21 / 35
What can still hurt me? Phishing Theres no patch for gullibility Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 22 / 35
What can still hurt me? Rootkits If any of the previous work, you can get one Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 23 / 35
What protection is there? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 24 / 35
What protection is there? Trusted software sources Stick to your distros repos Otherwise, source directly from upstream Avoid non-software in .deb or .rpm format Heed your package managers warnings Grrr @ Arch Linux Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 25 / 35
What protection is there? Launchers You get a .desktop from web/email. . . Do you know what itll run? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
What protection is there? Launchers You get a .desktop from web/email. . . Do you know what itll run? Could be anything Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
What protection is there? Launchers in KDE Kubuntus & openSUSEs KDE: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 27 / 35
What protection is there? Launchers in GNOME Fedoras & openSUSEs GNOME: Ubuntus GNOME: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 28 / 35
What protection is there? Browser - Javascript If you use Firefox, get NoScript extension Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 29 / 35
What protection is there? Browser - Encryption Dont send passwords unencrypted Look for the lock Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 30 / 35
What protection is there? Browser - Phishing How do you know its the site it claims to be? Look at everything before the 鍖rst slash Check out this green thing Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 31 / 35
What protection is there? Minimal privileges Dont login graphically as root! Why? Malware gets full access Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 32 / 35
What protection is there? Dont need it? Dont use it! Dont login remotely with command line or push 鍖les to it? Uninstall your SSH and S/FTP servers Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 33 / 35
What protection is there? Detecting problems Find rootkits: rkhunter chkrootkit Warn of changes: tripwire You probably dont need these Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 34 / 35
What protection is there? Questions? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 35 / 35

More Related Content

Is Linux Secure?

  • 1. Is Linux Secure? Mackenzie Morgan Southeast LinuxFest 2010 12 June 2010 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 1 / 35
  • 2. Introduction Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 2 / 35
  • 3. Introduction Me Mackenzie Morgan Computer Science student Ubuntu Developer Kubuntu user http://ubuntulinuxtipstricks.blogspot.com 鍖nd slides here Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 3 / 35
  • 4. Introduction This Talk Linux Zealot: Try Linux! It doesnt get viruses! Average Person: No viruses? Im invincible! Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 4 / 35
  • 5. Vocabulary Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 5 / 35
  • 6. Vocabulary Malware Malware (or badware) is an umbrella term for viruses, trojans, worms, rootkits, etc. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 6 / 35
  • 7. Vocabulary Virus Viruses infect individual 鍖les. They spread when people share those 鍖les. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 7 / 35
  • 8. Vocabulary Social Engineering Social Engineering is tricking people into doing something that is bad for security. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 8 / 35
  • 9. Vocabulary Trojan Trojans are malware that get installed via social engineering. . . or, well, lying. Im a fun game and totally safe! but not really, Im actually going to steal your passwords. . . Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 9 / 35
  • 10. Vocabulary Worm A worm infects other systems, automatically, usually over a network. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 10 / 35
  • 11. Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jago鍖. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
  • 12. Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jago鍖. Yes, Im from Pittsburgh. Howd you guess? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
  • 13. Vocabulary Rootkit A rootkit keeps the activities of an unauthorised user hidden so that you cant tell your system has been owned. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 12 / 35
  • 14. Vocabulary Keylogger A keylogger tracks everything you type. Yes, including passwords. It could be hardware (see ThinkGeek), but usually software. There are legitimate(-ish) uses. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 13 / 35
  • 15. Vocabulary Browser-based Attack A browser-based attack is any attack that takes place inside the web browser. They are usually not limited to a speci鍖c OS. Examples: Cross-site Scripting (XSS) using Javascript on one webpage to steal data from another Tracking cookies harvests the information stored in your browser by other websites Cookie jacking stealing credentials for other websites from your browsers cookies Click jacking hiding clickable objects on a webpage on top of other objects so that youre not clicking what you think youre clicking Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 14 / 35
  • 16. Vocabulary Phishing Phishing is social engineering aimed at making you believe you are interacting with someone else whom you trust Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 15 / 35
  • 17. What can still hurt me? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 16 / 35
  • 18. What can still hurt me? Whats still a problem? All of those Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 17 / 35
  • 19. What can still hurt me? But what about no viruses? Windows ones usually wont run, even in Wine Several hundred for Linux Only 30 in the wild ever No known viruses exploiting current vulnerabilities Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 18 / 35
  • 20. What can still hurt me? Email Trojans Check out this cool new game! http://example.com/foo.desktop Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 19 / 35
  • 21. What can still hurt me? Untrusted Software .deb for screensaver on gnome-look.org Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
  • 22. What can still hurt me? Untrusted Software .deb for screensaver on gnome-look.org . . . and now youre on a botnet http://ubuntuforums.org/showthread.php?t=1349678 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
  • 23. What can still hurt me? Browser-based attacks Unless only for Internet Explorer Firefox? Opera? Chrome? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 21 / 35
  • 24. What can still hurt me? Phishing Theres no patch for gullibility Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 22 / 35
  • 25. What can still hurt me? Rootkits If any of the previous work, you can get one Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 23 / 35
  • 26. What protection is there? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 24 / 35
  • 27. What protection is there? Trusted software sources Stick to your distros repos Otherwise, source directly from upstream Avoid non-software in .deb or .rpm format Heed your package managers warnings Grrr @ Arch Linux Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 25 / 35
  • 28. What protection is there? Launchers You get a .desktop from web/email. . . Do you know what itll run? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
  • 29. What protection is there? Launchers You get a .desktop from web/email. . . Do you know what itll run? Could be anything Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
  • 30. What protection is there? Launchers in KDE Kubuntus & openSUSEs KDE: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 27 / 35
  • 31. What protection is there? Launchers in GNOME Fedoras & openSUSEs GNOME: Ubuntus GNOME: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 28 / 35
  • 32. What protection is there? Browser - Javascript If you use Firefox, get NoScript extension Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 29 / 35
  • 33. What protection is there? Browser - Encryption Dont send passwords unencrypted Look for the lock Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 30 / 35
  • 34. What protection is there? Browser - Phishing How do you know its the site it claims to be? Look at everything before the 鍖rst slash Check out this green thing Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 31 / 35
  • 35. What protection is there? Minimal privileges Dont login graphically as root! Why? Malware gets full access Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 32 / 35
  • 36. What protection is there? Dont need it? Dont use it! Dont login remotely with command line or push 鍖les to it? Uninstall your SSH and S/FTP servers Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 33 / 35
  • 37. What protection is there? Detecting problems Find rootkits: rkhunter chkrootkit Warn of changes: tripwire You probably dont need these Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 34 / 35
  • 38. What protection is there? Questions? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 35 / 35