Major Problems in Security on Linux OS

The major Linux based DNS Server software is BIND (Berkeley Internet Name Domain) and the oft found vulnerability with this is buffer over run and cache poisoning. Upgrades are available but some administrators do not update with patches and hence face problems.

Apache has a few problems but these can be rectified by updating or fixing the vulnerabilities. These include access to restricted areas, Denial of service, ability of remote attacker to execute arbitrary code.

Passwords are known to be the areas where most attackers try to gain entry. Strict password implementation is followed by windows servers. Weak user passwords and even weak administrator passwords are areas that Linux as well as UNIX need to improve upon.

Email services are major on the list of attack. Both Windows clients as well as that of Linux are vulnerable. Send mail is a mail transport agent on Linux. Qmail, Courier, Exim and Postfix though better than send mail have their own vulnerabilities.

The ease of remote management makes Linux popular since it cam be done at command line. Yet this is the most considerable risk that exists with Linux and UNIX based operating systems. SNMP is usually enabled by default. Using higher versions can help reduce the risk due to vulnerabilities.

Open Secure Sockets Layer transport security can be affected by a denial of service due to buffer overflows that could be during handshake process in servers, clients, servers with Kerberos, buffers that hold ASCII representation of integers and ASN.1 encoding error while implementing SSL, TLS, S/MIME and PKCS#7 routines. This could be minimized with proper configurations and firewall.

Concurrent Version (CVS) and other version control systems have vulnerabilities that allow anonymous access to online databases. Data bases are another weak link that allows attackers to get into the network.

Linux kernel vulnerabilities are specific to each version of OS and has to be viewed from the Open source OS you have installed.

Suggestions to secure your network

Use of vulnerability scanners can assist in security management. These can be used for a better configuration as well as removing features that are not being used. Also better firewalls and intrusion detection systems can help troubleshooting before the danger is exaggerated. Antivirus and mal ware detection is another means of securing your systems. Using SSH for telnet, rlogin, and ftp can help in ensuring that passwords are encrypted and not sent as plain text across the internet. Secure shell goes a long way in preventing eavesdropping and other attacks.

Related Articles

Essentials of a Network: Network Security
How is the Security of your Network Compromised?
How Secure is your Windows Network?
Is your Home Network Safe From Viruses and Hackers?
How Secure is Your Wireless Network?