Notebook / Archives / "security"

"security" entries.

June 08, 2003

Do not forget to be secure!

After my rant against the way the bugs-proness of operating systems are taken into account (Windows vs. Linux), here are two stories about Linux hacking/cracking, which seems to be more appreciated by hackers/crackers:

The first article lightens the need for a security policy, even if you use an open source operating system (personnaly I prefer to rely on OpenBSD when security is important):

DK Matai, executive chairman at mi2g, suggested that that there are three reasons for the recent increase in successful attacks against Linux.

First is configuration management. "As automatic attack tools scanning for vulnerabilities become ubiquitous, the online system security is heavily dependent on settings and when the last patch was applied," he said, citing out-of-the-box and un-patched installations.

Next up is the lack of a coherent trustworthy computing initiative such as that run by Microsoft.

Owing to the nature of open source there is no single point of reference for information about the dos and don'ts of online server management and security, according to Matai.

The third issue focuses on common misconceptions about the Linux operating system, which is being increasingly selected by companies and government agencies to cut costs.

Matai warned that the "cost-effective choice" of non-proprietary software does not stand up to scrutiny if there is inadequate technical experience deployed in protecting the systems, and if training costs are not factored in at the start.

"There are plenty of instances where the administrator assumes that just because they are running open source they are somehow going to be more secure," he said.

The second article shows us that patching Microsoft Windows was not the cup of tea of system administrators, whereas that is very easy now with the Microsoft Baseline Security Analyzer (and Shavlik Technologies, LLC, developers of this tools for Microsoft has an even more marvelous tools, HFNetChkPro to manage patches...):

Zone-H identified the reason of this strange phenomenon in what Zone-H calls the “Slammerworm effect”.

In fact the Slammer worm ha produced since December 2002 a spike in the Windows 2000 statistics. Since then, the Slammer worm threat has been so much covered by the media that companies started to patch at a speed never seen before. The result of this process is that Windows OS has instantly become less attractive for crackers.

The conclusion: we need a central repository to manage patches for Open Source Software.

(Via Windows vs Linux Defacement Occurances)

Posted by Jean-Philippe on June 08, 2003 17 Comments, 445 TrackBacks

April 08, 2003

Dictionary of Security aspects

For those like me who do not understand clearly english words related to security, here they are defined by questions:

Confidentiality: Can prying eyes see it?
Authentication: Are you who you say you are?
Trust: Have I agreed to work with you?
Non-repudiation: Can you claim that you didn't send or receive it even if you did?
Integrity: Was it altered before I got it?
Authorization: Are you allowed to have it?
Auditing: Can I prove what happened?

(On "::Manageability::": “Security in Plain English”)

Posted by Jean-Philippe on April 08, 2003 11 Comments, 281 TrackBacks

Entries on this page

Entries by category

Entries by month