{"id":7444,"date":"2017-04-25T11:00:36","date_gmt":"2017-04-25T19:00:36","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/25\/news-1235\/"},"modified":"2017-04-25T11:00:36","modified_gmt":"2017-04-25T19:00:36","slug":"news-1235","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/04\/25\/news-1235\/","title":{"rendered":"Linux is secure\u2026right?"},"content":{"rendered":"

Credit to Author: Lauren Newby| Date: Tue, 25 Apr 2017 18:45:13 +0000<\/strong><\/p>\n

\"\"<\/p>\n

“There are no threats for Linux servers. Aren\u2019t they built to be secure?” <\/em><\/strong><\/p>\n

“<\/em><\/strong>Linux servers are so secure and hardened, why do we need security controls on those?”<\/em><\/strong><\/p>\n

“I do understand there are threats out there but I am not aware of any major attacks on Linux servers”<\/em><\/strong><\/p>\n

If you find yourself nodding in agreement, you\u2019re not alone. There is a common belief that Linux servers are more secure and less vulnerable than Windows servers. Although you\u2019re not totally wrong, you wouldn\u2019t be completely right either, and by acting (or not) on this belief you would be putting your business at risk.<\/p>\n

Secure, but still vulnerable.<\/strong>\u00a0<\/strong><\/p>\n

With more and more servers moving beyond the enterprise boundary and into the cloud, network protection at the host-level becomes increasingly important, as workloads need to defend themselves vs. having a perimeter around them. And remember, workloads include the applications that sit on top of Linux\u2026it\u2019s more than just the OS.<\/p>\n

Having a host-based Intrusion Prevention System (IPS) will help protect against vulnerabilities in core operating system AND the application stack running on top. Great examples of network-accessible vulnerabilities with wide-spread impacts are the recent Apache Struts-2<\/a> issue, Heartbleed and Shellshock, but there are many more. And just because a vulnerability, like Heartbleed, is a couple years old doesn\u2019t mean that applications and servers are not still vulnerable. In a recent Shodan survey, it showed that Heartbleed was still an available vulnerability on more than 180,000 servers around the world, with the majority of them in the US!<\/p>\n

\"\"<\/p>\n

If you run a web server on Linux (running at least 37 percent of the web servers out there according to W3Techs<\/a>), you need protection against vulnerabilities affecting them, including Apache, Nginx, etc.<\/p>\n

 <\/p>\n

\n\n\n\n\n\n\n\n\n\n
\u00a0<\/strong><\/td>\nVulnerabilities Covered in and after 2014 (approx.)<\/strong><\/td>\nBefore 2014 (approx.)<\/strong><\/td>\nTotal<\/strong><\/td>\n<\/tr>\n
Non-Windows OS and Core Services<\/strong><\/td>\n80<\/strong><\/td>\n230<\/strong><\/td>\n310<\/strong><\/td>\n<\/tr>\n
Web Servers<\/strong><\/td>\n114<\/strong><\/td>\n472<\/strong><\/td>\n586<\/strong><\/td>\n<\/tr>\n
Application Servers<\/strong><\/td>\n255<\/strong><\/td>\n319<\/strong><\/td>\n574<\/strong><\/td>\n<\/tr>\n
Web Console\/Management Interfaces<\/strong><\/td>\n113<\/strong><\/td>\n453<\/strong><\/td>\n566<\/strong><\/td>\n<\/tr>\n
Database Servers<\/strong><\/td>\n10<\/strong><\/td>\n218<\/strong><\/td>\n228<\/strong><\/td>\n<\/tr>\n
DHCP, FTP, DNS servers<\/strong><\/td>\n9<\/strong><\/td>\n82<\/strong><\/td>\n91<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

Table 1: Vulnerabilities Protected by Deep Security<\/em><\/p>\n

 <\/p>\n

It is very important to not confuse vulnerabilities with threats. While there may be fewer known threats for Linux, if you look at the National Vulnerability Database, there are a similar number of vulnerabilities reported for both Linux<\/a>, and Windows<\/a> operating systems.\u00a0<\/strong><\/p>\n

Malware, designed for Linux<\/strong><\/p>\n

Contrary to popular belief, there is a lot of malware for the Linux platform. While the numbers in comparison to Microsoft Windows are not quite as high, there are still tens of thousands of pieces of malware designed for Linux.<\/p>\n

Deploying ONLY anti-malware is inadequate for protecting servers. However, most attacks on datacenters that lead to breach involve the installation of malware as part of the attack chain.\u00a0 This is why compliance and security frameworks such as PCI-DSS<\/a> (Section #3), SANS CIS Critical Security Controls<\/a> (Section #8), and NIST Cybersecurity Framework<\/a> (Section DE.CM-4) all continue to recommend anti-malware as a best practice.\u00a0<\/strong><\/p>\n

Layered security for Linux workloads<\/strong><\/p>\n

It\u2019s becoming more and more clear that there is no silver bullet when it comes to server security, and that businesses should be using a layered security approach to protect vulnerable Linux machines. Beyond anti-malware and IPS, there are a number of controls that will help to build a robust Linux strategy:\u00a0<\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Application Control:<\/strong> helps ‘lock down’ the host to prevent any unknown process or script from running. This prevents the malware from running in the first place or attackers from taking advantage of backdoors that it might have placed on the server.<\/li>\n
  • Integrity Monitoring: <\/strong>A new threat is likely to make changes to the system, so it\u2019s important to watch for these. Integrity monitoring helps with monitoring the system for any changes outside of the change window, which tend to be few for your typical production servers.<\/li>\n
  • Log Inspection: <\/strong>Scans log files and provides a continuous monitoring process to help identify threats early in the cycle. Attacks like SQL Injection, command injection, attacks against APIs can be seen in the logs and then action taken.\u00a0<\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The lesson we learn here is that although Linux is a more secure and reliable operating system option, it\u2019s not your cure-all solution when it comes to security. Like any other platform, some assembly and maintenance is required, and it\u2019s your responsibility to adopt a multi-layered security strategy and manage regular updates to ensure your systems are protected, including the applications that live on those systems. To learn more about Linux vulnerabilities and how to protect against them using Trend Micro Deep Security, read our short research paper here.<\/a><\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Lauren Newby| Date: Tue, 25 Apr 2017 18:45:13 +0000<\/strong><\/p>\n

\"\"“There are no threats for Linux servers. Aren\u2019t they built to be secure?” “Linux servers are so secure and hardened, why do we need security controls on those?” “I do understand there are threats out there but I am not aware of any major attacks on Linux servers” If you find yourself nodding in agreement,…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[1001,714],"class_list":["post-7444","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-business","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7444"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7444\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}