LINUX SECURITY --- October 17, 2000 Published by ITworld.com, the IT problem-solving network http://www.itworld.com/newsletters ********************************************************************* HIGHLIGHTS * Rick interviews LinuxSecurity.com founder Dave Wreski * Community Discussion: Intrusion detection and reporting ********************************************************************* Interview with Dave Wreski of LinuxSecurity.com by Rick Johnson Recently, I was given the opportunity to speak with LinuxSecurity.com's Dave Wreski. He was gracious enough to answer all our questions about himself, Linux and security in general. Rick: Tell us about yourself. How did you get started in this business and what path did you follow to get where you are today? Dave: I started using Unix in college some ten years ago and really enjoyed it from my first encounter. It was also good that there was never an availability problem like there was with all the students using the PCs. No one wanted to sit behind the green Wyse terminals and looked at us all funny to be working on a computer that didn't have a mouse. I loved the ability to chain multiple commands together to produce the end result using Unix instead of having to troll through multitudes of pull-down windows. When I found out there was a version of Unix I could run at home, I researched it a bit, and a few months later installed one of the first versions of Linux on my 386. I quickly fell in love with the collaboration and community spirit of those using Linux and open source tools, and from then on bet my future on it. I focused on basic system and network administration, knowing that a solid understanding of the low levels of how it worked would provide a strong building block for whatever I wanted to do with it in the future. I took a few sysadmin jobs, primarily using Solaris, and soon became the technical lead for Timeplex, a network router company. Using the experience gained there, I received a job as technical lead for United Parcel Service, helping to manage the architecture of the ups.com portal and eventually becoming their lead security engineer. Security always interested me. I played security games with the school systems, but found more challenge in designing a system that is as bullet proof as possible. Security is all about tradeoffs -- discovering new ways of securing a system without compromising usability is really intriguing. Rick: What is LinuxSecurity.com, how did it start, and where is it headed? Dave: LinuxSecurity.com is a security news and information resource for the Linux and open source communities. It is a location for users and administrators to find information on the latest security vulnerability, how to build a firewall, discover information about new product releases, discuss experiences with other people on how they implemented a particular security feature, etc. Open source truly provides a better vehicle for preventing, finding, and fixing security problems. From the time I registered LinuxSecurity.com in 1997, I had great aspirations of turning it into the definitive resource for Linux and open source users interested in security information. To this end, we are now sponsoring more Linux security projects by providing bandwidth, ssh shell accounts, mailing lists, and other resources. We are also working closely with Linux and open source security and distribution vendors to help disseminate their product information, guide them on testing, evaluation and review, as well as user feedback and promotion. The site is constantly evolving. We are forever adding new features, content, and speaking with industry professionals on what they are doing in the security arena. We've received some great feedback from the community and have implemented a great deal of their suggestions. We look forward to continuing to do so. Rick: From what sources do you gather the information for LinuxSecurity.com? Dave: News sources that contain information that directly impact the Linux and open source communities. This may include information from the government on crypto export regulation changes, directly from vendor Web sites on vulnerabilities in their products, submissions from community members. We regularly peruse Web sites looking for authoritative and informative documentation on all sorts of topics including how to secure your Linux box, building a firewall, implementing cryptography solutions, etc. Rick: How much time do you personally devote to security each week, both for work and personal growth? Dave: All of it ;) When I'm not maintaining the Linux Security HOWTO, doing research for my Linux security book, or working with LinuxSecurity.com, I'm managing Guardian Digital, Inc. Guardian Digital is an open source security company devoted to the process of developing security software for use with e-business solutions. We have developed the first open source e-business server that is completely open source as well as a web server appliance that is capable of supporting hundreds of virtual web sites, Web manageable, and highly secure using cryptography and intrusion detection. Rick: With the numerous Linux related security exploits released each week, do you feel Linux can be trusted in a production environment? Dave: Most certainly. No system is completely secure regardless of the operating system. Much of it depends on diligence by the administrators to make sure they are attentive to the security requirements of their systems. Security requires defense in depth; that is, the use of firewalls, intrusion detection, cryptography, and updated versions of software that have known vulnerabilities fixed. While obviously a security vulnerability on your Linux box is a risk, multiple layers of security on the surrounding network should help to mitigate that risk. Rick: In your opinion, what are the single biggest obstacles corporations are facing when trying to secure their networks? Dave: Organizations not willing to devote the resources required to be attentive to security issues. Security is pervasive. Whether it's a simple Web site or high-profile corporate infrastructure, the necessary resources must be allocated to continuously maintain their systems. An online shoe store in the middle of Minnesota is as big of a target to cyber vandals as a multi-national corporation. Perhaps for a different reason, but nevertheless a target. Rick: What do you feel is the most important advancement in Linux Security within the past year? Dave: LinuxSecurity.com perhaps? ;) Seriously, I'd have to say it is the level of attention security issues are now getting by the distribution vendors. Every new release shows increased promise for a version that takes security more seriously than ever before. The security companies also feel Linux is a viable platform for their products more now than ever before. All of the major Unix security companies have ported their flagship products to run with Linux. This is a major milestone, legitimizes Linux as a viable platform for the digital economy, and shows great potential for the future. Rick: What advice can you give to those who are interested in entering the security field? Dave: Develop a strong administrative background first. Without knowing how the system acts normally, you won't understand when an anomalous event occurs. Start with a sound security policy. Develop a baseline that you can use as a reference. Is it out of the ordinary to see the CFO logged on late Sunday night? Who should have access to the system? Where do you go when you suspect an intrusion? Is there a business requirement for encrypting and deleting corporate documents? Implementing this from the beginning is easiest for users to adopt. Rick: Now for the question on everyone's mind. Who is your favorite character in the UserFriendly.org comic strip and why? Dave: Heh, well, I have to admit that I only read these when they are forwarded to me periodically... ;) RESOURCES Linux firewall survey, Part 1: Open source product roundup T.Rex has teeth; team SINUS with FWTK for strong security http://www.itworld.com/jlw/linsec_nl/lw-2000-10/lw-10-fwproducts1.html Attacking Linux To stop an attacker, think like a cracker http://www.itworld.com/jlw/linsec_nl/lw-2000-08/lw-08-expo00-hacking.html Enter the secure shell Turn remote login from security hole to security strength with ssh http://www.itworld.com/jsw/linsec_nl/swol-02-1998/swol-02-security.html About the author ---------------- Rick Johnson is currently the Manager of Security Services for FusionStorm, a remote managed services company. When not writing, he heads the development team for PMFirewall, an Ipchains Firewall and Masquerading Configuration Utility for Linux. Rick can be contacted via email at rick@pointman.org or on the web at http://www.pointman.org. *********************************************************************
<<attachment: winmail.dat>>