Topic: Remote controlling Linux (Read 2384 times)

Toasty0 · « **on:** January 12, 2004, 11:13:56 pm »

"Flaws raise red flag on Linux security
Jaikumar Vijayan, IDG News Service

12/01/2004 11:45:01

A recent report about a critical flaw in the Linux kernel was the latest in a series of recently discovered security problems with the popular open-source operating system. But many users were unfazed by the report and said Linux remains a solid and secure environment for running enterprise applications.

Poland-based iSec Security Research said it had found a critical flaw in a function used to manage virtual memory on Linux systems. The flaw affects the 2.2, 2.4 and 2.6 versions of the Linux kernel, according to iSec.

The vulnerability could allow attackers to take administrative control of compromised systems and run attack code of their choice, an iSec advisory stated. ISec claimed that it had developed and successfully tested code that was capable of exploiting the flaw, although it added that actually launching such an attack wouldn't be easy.

The news follows the discovery of a similar flaw in the Linux 2.4 kernel last fall. In November, unknown attackers used that flaw to take down several servers belonging to the Debian Project, which produces a noncommercial Linux distribution. And last month, an attack on the Gentoo Linux Project compromised a server that was being used to download copies of Gentoo's Linux source code by users.

The rise in such incidents can be attributed to Linux's growing popularity, which makes it a more attractive target for malicious attackers, said David Wreski, CEO of Linux security vendor Guardian Digital in the US.

"The underground hacker community is very interested in Linux as a potential target," he said. "Because of the accessibility of the source code to everyone, it provides an equal opportunity for malicious attackers to find vulnerabilities and ways to exploit them."

Even so, Linux remains a secure environment, said John Cahill, senior network security engineer at Piedmont Natural Gas (US).

"I would say it is more secure than Microsoft and other environments because the code is looked over by so many people and it's so widely available that any vulnerabilities can be quickly identified and patched," Cahill said. Piedmont uses Linux for several e-mail-related functions and is considering its use for antispam purposes.

"There's not very much we've needed to do to secure Linux (applications)," said Joe Poole, manager for technical support at Boscov's Department Stores. The company runs several virtual Linux servers on its mainframes that are protected by network and internal firewalls. All nonessential services, such as file transfers and Telnet, have been disabled. But there has been no need for the kind of constant patching and maintenance required for Windows, Poole said.

Linux distributors in general are also doing a better job of shipping products that have nonessential services disabled by default, said Paul Schmel, adjunct information security officer at the University of Texas at Dallas.

"The biggest plus that Linux has is that it's designed to allow users to be users and not administrators," Schmel said. "What Linux has that Windows doesn't have is ease of configuration from an administrator's standpoint. Stopping and starting services, configuring services to only respond on certain ports and interfaces is dramatically easier than it is with Windows."

http://www.computerworld.com.au/index.php?id=1372858378&fp=2&fpid=1

jualdeaux · « **Reply #1 on:** January 13, 2004, 06:30:49 am »

I have another question about remote controlling linux. Is there a way, or a program, that would let me log into a linux box from a remote location, or just from another pc on the network? It would really need a windows version too so i could remotely log into it from that OS too.

thanks.

Strafer · « **Reply #2 on:** January 13, 2004, 10:11:31 am »

Graphical or text only?

Either way, the answer is yes. With a telnet or ssh server running, you can connect text.
With the proper xauth permissions, you can remotely X in with the IP. For Windows, you'd need an app like Exceed or Exodus.

Demandred · « **Reply #3 on:** January 13, 2004, 11:49:33 am »

Yes... there have been a few serious security issues in Linux over the last few years. It's unavoidable in such a complex thing as an operating system. A root exploit like this is a big thing in the Linux world because it's so rare. In the Windows world, virtually every security bug gives root access to the operating system.

"Linux distributors in general are also doing a better job of shipping products that have nonessential services disabled by default". Maybe Microsoft will start to do the same thing one of these days. Without beefing up security, any halfwit can take over a Windows machine. Not to mention core OS components that mysteriously talk and listen to other programs on an external IP address which cannot be disabled without crippling the system.

Finally, let's talk about response to security alerts. Most open source programs are patched within 24 hours. There still remain dozens of severe security problems with Windows and Internet Explorer. And using Outlook for email remains the best way to become infected with the virus of the week.

Toasty0 · « **Reply #4 on:** January 12, 2004, 11:13:56 pm »

"Flaws raise red flag on Linux security
Jaikumar Vijayan, IDG News Service

12/01/2004 11:45:01

A recent report about a critical flaw in the Linux kernel was the latest in a series of recently discovered security problems with the popular open-source operating system. But many users were unfazed by the report and said Linux remains a solid and secure environment for running enterprise applications.

Poland-based iSec Security Research said it had found a critical flaw in a function used to manage virtual memory on Linux systems. The flaw affects the 2.2, 2.4 and 2.6 versions of the Linux kernel, according to iSec.

The vulnerability could allow attackers to take administrative control of compromised systems and run attack code of their choice, an iSec advisory stated. ISec claimed that it had developed and successfully tested code that was capable of exploiting the flaw, although it added that actually launching such an attack wouldn't be easy.

The news follows the discovery of a similar flaw in the Linux 2.4 kernel last fall. In November, unknown attackers used that flaw to take down several servers belonging to the Debian Project, which produces a noncommercial Linux distribution. And last month, an attack on the Gentoo Linux Project compromised a server that was being used to download copies of Gentoo's Linux source code by users.

The rise in such incidents can be attributed to Linux's growing popularity, which makes it a more attractive target for malicious attackers, said David Wreski, CEO of Linux security vendor Guardian Digital in the US.

"The underground hacker community is very interested in Linux as a potential target," he said. "Because of the accessibility of the source code to everyone, it provides an equal opportunity for malicious attackers to find vulnerabilities and ways to exploit them."

Even so, Linux remains a secure environment, said John Cahill, senior network security engineer at Piedmont Natural Gas (US).

"I would say it is more secure than Microsoft and other environments because the code is looked over by so many people and it's so widely available that any vulnerabilities can be quickly identified and patched," Cahill said. Piedmont uses Linux for several e-mail-related functions and is considering its use for antispam purposes.

"There's not very much we've needed to do to secure Linux (applications)," said Joe Poole, manager for technical support at Boscov's Department Stores. The company runs several virtual Linux servers on its mainframes that are protected by network and internal firewalls. All nonessential services, such as file transfers and Telnet, have been disabled. But there has been no need for the kind of constant patching and maintenance required for Windows, Poole said.

Linux distributors in general are also doing a better job of shipping products that have nonessential services disabled by default, said Paul Schmel, adjunct information security officer at the University of Texas at Dallas.

"The biggest plus that Linux has is that it's designed to allow users to be users and not administrators," Schmel said. "What Linux has that Windows doesn't have is ease of configuration from an administrator's standpoint. Stopping and starting services, configuring services to only respond on certain ports and interfaces is dramatically easier than it is with Windows."

http://www.computerworld.com.au/index.php?id=1372858378&fp=2&fpid=1

jualdeaux · « **Reply #5 on:** January 13, 2004, 06:30:49 am »

I have another question about remote controlling linux. Is there a way, or a program, that would let me log into a linux box from a remote location, or just from another pc on the network? It would really need a windows version too so i could remotely log into it from that OS too.

thanks.

Strafer · « **Reply #6 on:** January 13, 2004, 10:11:31 am »

Graphical or text only?

Either way, the answer is yes. With a telnet or ssh server running, you can connect text.
With the proper xauth permissions, you can remotely X in with the IP. For Windows, you'd need an app like Exceed or Exodus.

Demandred · « **Reply #7 on:** January 13, 2004, 11:49:33 am »

Yes... there have been a few serious security issues in Linux over the last few years. It's unavoidable in such a complex thing as an operating system. A root exploit like this is a big thing in the Linux world because it's so rare. In the Windows world, virtually every security bug gives root access to the operating system.

"Linux distributors in general are also doing a better job of shipping products that have nonessential services disabled by default". Maybe Microsoft will start to do the same thing one of these days. Without beefing up security, any halfwit can take over a Windows machine. Not to mention core OS components that mysteriously talk and listen to other programs on an external IP address which cannot be disabled without crippling the system.

Finally, let's talk about response to security alerts. Most open source programs are patched within 24 hours. There still remain dozens of severe security problems with Windows and Internet Explorer. And using Outlook for email remains the best way to become infected with the virus of the week.

Toasty0 · « **Reply #8 on:** January 12, 2004, 11:13:56 pm »

"Flaws raise red flag on Linux security
Jaikumar Vijayan, IDG News Service

12/01/2004 11:45:01

A recent report about a critical flaw in the Linux kernel was the latest in a series of recently discovered security problems with the popular open-source operating system. But many users were unfazed by the report and said Linux remains a solid and secure environment for running enterprise applications.

Poland-based iSec Security Research said it had found a critical flaw in a function used to manage virtual memory on Linux systems. The flaw affects the 2.2, 2.4 and 2.6 versions of the Linux kernel, according to iSec.

The vulnerability could allow attackers to take administrative control of compromised systems and run attack code of their choice, an iSec advisory stated. ISec claimed that it had developed and successfully tested code that was capable of exploiting the flaw, although it added that actually launching such an attack wouldn't be easy.

The news follows the discovery of a similar flaw in the Linux 2.4 kernel last fall. In November, unknown attackers used that flaw to take down several servers belonging to the Debian Project, which produces a noncommercial Linux distribution. And last month, an attack on the Gentoo Linux Project compromised a server that was being used to download copies of Gentoo's Linux source code by users.

The rise in such incidents can be attributed to Linux's growing popularity, which makes it a more attractive target for malicious attackers, said David Wreski, CEO of Linux security vendor Guardian Digital in the US.

"The underground hacker community is very interested in Linux as a potential target," he said. "Because of the accessibility of the source code to everyone, it provides an equal opportunity for malicious attackers to find vulnerabilities and ways to exploit them."

Even so, Linux remains a secure environment, said John Cahill, senior network security engineer at Piedmont Natural Gas (US).

"I would say it is more secure than Microsoft and other environments because the code is looked over by so many people and it's so widely available that any vulnerabilities can be quickly identified and patched," Cahill said. Piedmont uses Linux for several e-mail-related functions and is considering its use for antispam purposes.

"There's not very much we've needed to do to secure Linux (applications)," said Joe Poole, manager for technical support at Boscov's Department Stores. The company runs several virtual Linux servers on its mainframes that are protected by network and internal firewalls. All nonessential services, such as file transfers and Telnet, have been disabled. But there has been no need for the kind of constant patching and maintenance required for Windows, Poole said.

Linux distributors in general are also doing a better job of shipping products that have nonessential services disabled by default, said Paul Schmel, adjunct information security officer at the University of Texas at Dallas.

"The biggest plus that Linux has is that it's designed to allow users to be users and not administrators," Schmel said. "What Linux has that Windows doesn't have is ease of configuration from an administrator's standpoint. Stopping and starting services, configuring services to only respond on certain ports and interfaces is dramatically easier than it is with Windows."

http://www.computerworld.com.au/index.php?id=1372858378&fp=2&fpid=1

jualdeaux · « **Reply #9 on:** January 13, 2004, 06:30:49 am »

I have another question about remote controlling linux. Is there a way, or a program, that would let me log into a linux box from a remote location, or just from another pc on the network? It would really need a windows version too so i could remotely log into it from that OS too.

thanks.

Strafer · « **Reply #10 on:** January 13, 2004, 10:11:31 am »

Graphical or text only?

Either way, the answer is yes. With a telnet or ssh server running, you can connect text.
With the proper xauth permissions, you can remotely X in with the IP. For Windows, you'd need an app like Exceed or Exodus.

Demandred · « **Reply #11 on:** January 13, 2004, 11:49:33 am »

Yes... there have been a few serious security issues in Linux over the last few years. It's unavoidable in such a complex thing as an operating system. A root exploit like this is a big thing in the Linux world because it's so rare. In the Windows world, virtually every security bug gives root access to the operating system.

"Linux distributors in general are also doing a better job of shipping products that have nonessential services disabled by default". Maybe Microsoft will start to do the same thing one of these days. Without beefing up security, any halfwit can take over a Windows machine. Not to mention core OS components that mysteriously talk and listen to other programs on an external IP address which cannot be disabled without crippling the system.

Finally, let's talk about response to security alerts. Most open source programs are patched within 24 hours. There still remain dozens of severe security problems with Windows and Internet Explorer. And using Outlook for email remains the best way to become infected with the virus of the week.

News: