Posted on 10/03/2023 9:05:02 AM PDT by ShadowAce
Do you love Linux because of its user-friendly, exceptionally secure, heavy-duty, and open-source, making it easy to customize and maintain? If so, you’re not alone.
It is no wonder that Linux has captured the lion's share of the IT market. Business leaders and IT decision makers have poured their trust into Linux and prefer it for almost every business use case, and today, ZDNet reports that 96.3% of the top web servers run on Linux. The downside is that attacks on Linux are steadily rising, as cybercriminals have come to recognize the OS as an increasingly viable attack target.
This might seem far-fetched if you've always believed Linux is secure. But plenty of malware has been used to target Linux machines, and some campaigns have gone under the radar for years. For example, despite being dismantled in 2021, Emotet's botnet infrastructure is still being used to wreak havoc on Linux systems today.
Let’s examine how secure you are as a Linux user, and tips and tricks you can implement today to beat the threats targeting your systems.
Ever since it's inception, Linux has been considered one of the most secure operating systems. Here are a few reasons why:
These protocols were developed even before cybersecurity itself was clearly defined. However, cybersecurity and cybercriminals have come a long way. AI is here to help cybercriminals take down organizations in cunning ways, and IT teams must gear up with advanced tools that can evolve alongside AI technology. This shift can be seen with organizations moving from basic antivirus solutions to endpoint detection and response (EDR), next-gen antivirus, and lot more.
Let's explore why Linux is not secure on it's own along with how you can fortify it and win the game against cybercriminals.
Privilege elevation vulnerabilities in Linux are on the rise, with vulnerabilities like StackRot and Dirty Pipe creating a lot of noise in the IT world.
A Dirty Pipe attack looks something like this: A cybercriminal enters the network through brute force, or any credential abuse method, and elevates privileges. They disable your SELinux and then install malware. As the malware begins setting up processes to hide from the machine's security agent, it simultaneously expands its presence (e.g., lateral movement) through multiple payloads. Dirty Pipe has added to the growing list of attacks targeting privilege-based vulnerabilities in Linux.
The Dirty COW vulnerability, patched back in 2017, showcased how important updating Linux systems is. Dirty COW was used to escalate privileges, giving the attacker root access, with which they could not only export data, but misuse CPU and processing power, effectively executing a DoS attack to cause lag or outages.
Cyberthreats penetrate your network in creative ways that can be hard to anticipate. Cybercriminals are now taking full advantage of AI to abuse networks, because AI can make phishing attacks more sophisticated than ever.
The conventional attack pattern of installing binary on a machine and exploiting data is no longer common practice. Cybercriminals are more careful today, and can now use AI to more effectively evade notice. Even if it's becoming harder to discover how a threat originates, you can implement the following proactive strategies to keep your network secure.
Linux, like any OS, involves the use of applications, configurations, credentials, services, and much more. You can build a secure IT environment only when you have a clear picture of its boundaries.
Defining boundaries through privilege allocation and restrictions prevents mishaps occurring through unauthenticated sessions. In addition, visibility will help you classify assets based on the risk level, and real-time insights will help you track your data better.
When it comes to keeping your machines secure, it's a best practice to patch them regularly. Despite the importance of patching, IT administrators often do not patch their machines efficiently. This is not due to a lack of zeal towards patch management, but the real-time challenges admins face, like patch compatibility, end-user disruptions, etc.
As the number of Linux exploits continue to grow, IT admins can fall behind in deploying patches, resulting in the network being vulnerable. On the other hand, IT admins deploying patches at breakneck speed, without analyzing their compatibility, can lead to a breakdown of their Linux services. So, to patch your machines effectively:
All these efforts contribute to patch compliance, which indicates a secure network. These techniques can help you develop a proactive patch management strategy to stay on top of Linux security.
Your security measures for Linux won't end here. There are a lot of use cases that cannot be covered with standard tools but can be facilitated by custom scripts. For instance, securing code repositories and CI/CD tools varies from business to business. When such ad-hoc cases are compiled, IT teams will have to do a lot of scripting to address their system's particular concerns. Unfortunately, not all IT admins excel at writing custom scripts. And relying on scripts from the internet is not the ideal solution. IT admins must use scripts from trusted parties for smooth and reliable performance.
Linux is an integral part of many organzations' ecosystems, and it's up to business leaders and IT decision makers to get the most out of it. In today's landscape, IT admins should keep Linux operations light and easy on the machines while keeping them secure and productive. Security protocols should blend seamlessly with user experience. To yield the best results, prioritize security and empower end users with productivity boosters
Bookmark
Not sure how the article can claim that Linux has 96.4% of the webserver share
https://www.wappalyzer.com/technologies/web-servers/
I am not a linux guru, in fact I probably need a linux for dummies book
I could totally setup an IIS webserver with .Net framework cause that is really easy to do
but I can hardly mount a usb drive on linux
“A cybercriminal enters the network through brute force, or any credential abuse method.”
Just like any and all systems. Since 99% of Linux attack vulnerabilities are local and hands on, Local credential access is the main issue. Don’t let anyone near your machine and don’t give anyone credential root access you cannot personally hold accountable. And a very strong password that even their wildest dreams cannot figure out will prevent the 1% chance of brute force attacks from remote sources.
Not the underlying OS.
you cannot run IIS on Linux, and even if you could, why would you?
bookmark
There are whole nations running Linux as their government computer infrastructure.
96.3% of the top 1 million web servers run Linux. And 90% of cloud infrastructure operates on Linux.
SpaceX has used Linux-supported systems to complete 65 missions so far. This includes the famous Falcon 9 missions. Being the primary choice of governmental agencies as well as private companies, Linux users include other high-end space organizations, including NASA and ESA.
https://truelist.co/blog/linux-statistics/
Know what I want? Unlike most who are plain lazy, I want to implement a “timed” requirement for two logins to pass with two different credentials before mine can be rooted. That way even if one is breached there is a second to pass within a time limit or it locks up.
How would I do this?
How would I do this
Not quite the same thing, but "port knocking" can give you additional protection.
Cool! digging around about it, thank you!
Those of us who use Linux regularly have to guard against our tendency to think that with regards to security we’re bullet-proof. No such thing when it comes to any computer connected to the Internet, is there?
Biggest thing to help linux for home use is Steam Deck.
except for those with encrypted disks. That would take me a while longer
The largest threat is social engineering. A well-hardened/secured Linux box is much more secure, technically, than a Windows box.
In fact, I've set up all our new builds here at work so that no user (except one account) can become root--even if they know the root password. They can run a limited subset of commands as root (to enable them to do their jobs), but they cannot become root, and they cannot edit important configuration files as root--though they can edit other files as root.
Well of course there are those like yourself who can do that. But at that point there is no way to keep someone like you out anyhow. But... It would be nice to better harden it from the 99.999% of attempts.
It would be comparable to digging through a thousand keys to unlock the first door. Then having to dig through thousands of different keys to unlock the second inside door. But only having 5 seconds to dig through all those keys to unlock both doors quick enough to keep it from locking up completely requiring a hard power down and reboot.
No one can root it without both “known” door keys already in hand, use them quickly in sequence, or too late you are not getting in at all because the whole thing locks up and you have to start all over again from power up and reboot.
But at it’s face it would look like the first was just a failed attempt because it gives you the login form again. There would be no indicators at all that the first was successful or not. But entering the second password within 5 seconds would then root it. So the secret requirement of two logins would not even be detectable or obvious. You would have to know it was set up this way. Even if they do guess the first login, screwing around trying to guess the second login in 5 seconds would be near impossible. If they even figure out the problem is that it also needs a second.
Digging through PAM stuff now to see if something can be put together. :)
“In fact, I’ve set up all our new builds here at work so that no user (except one account) can become root—even if they know the root password. They can run a limited subset of commands as root (to enable them to do their jobs), but they cannot become root, and they cannot edit important configuration files as root—though they can edit other files as root.”
Yes, I was just reading about creating levels of configuration access.
No, for me most of the above applies to Windows 11, as customized (which few do), thank God, but you knew that. Maybe someday MS will change too many things the wrong way and make the time needed to customize one of the multitudinous flavors of Linux warranted. No need to as of now, but thanks for being out there. Linux
It is no wonder that Linux has captured the lion's share of the IT market
I think the fact that it is free also has something to do with that.
Quite a stat.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.