Myths about linux in security experts

Protecting your Linux box

Myths about linux in security experts

Postby virtuoso » Fri May 16, 2003 3:42 pm

hi all buddys
i want to express some concern over the myths about linux in comman man and amagingly in security experts too.the most dangerous myth is that they(security experts) taken it in granted that if they install linux on their systems then they r secure.but reality is not this,linux also has some loopholes and it is not linux but it is to be administrator who provides security and not the Os.so it is my request to all the security geeks that they should kept one thing in mind that nothing is secure in this world
hey freaks ur phobia is in front of u.
virtuoso
Cadet
 
Posts: 4
Joined: Mon May 12, 2003 2:32 pm
Website: http://mimit.tk
Yahoo Messenger: reloadedagain

Postby fawad » Fri May 16, 2003 9:21 pm

What people usually mean when they say 'an OS is secure' is 'an OS is easy to secure'. OpenBSD is not secure, it's secure by default. It's easy to secure because it's core is regularly audited and the default install is very minimal. You can make any OS as secure as any other OS. It's all in the hand of the admin.

So what was the point of this thread, again? :)
fawad
Site Admin
 
Posts: 918
Joined: Wed Aug 07, 2002 8:00 pm
ICQ: 17672437
Website: http://www.fawad.net
WLM: fawadhalim@hotmail.com
Yahoo Messenger: fawad2048
AOL: fawadhalim
Location: Addison, IL

Myths and Legends

Postby afridi » Fri Sep 05, 2003 8:20 pm

Myths are almost always the romanticising of legends to the degree of clear departure from reality or realism.
Legends, generally, are exagerated representations of factual occurences.

"Secure" is one such word which fits the above scenario very well. (....so...very impressed by the person who started the myth idea in the thread.......very clever).



One of the unfortunate facts of the OS development world is that phrases and titles which have very distinct "real meanings" get blurred and unrepresentative once they become Industry Jargon. "Secured" is such a word and the title "secured system" is probably the most often used misnomer among newbie security personnel.

Generally, mid 70s Unix gurus would refer to as "secured" any OS which was "stable" when accessed remotely. That is to say that access control had "comparitive integrity" when it was accessed remotely.
Later on the phrase took on a more definitive role amongst those who probably were new to the field.
Those who used "secured then, have now become very used to substituting it with "degree of trust". Therefore, you might read articles which talk about the relative degree of trust of certain systems and how a system has/can be enhanced to improve the degree of trust.

Though there are no definitive historical benchmarks, but it can be deduced that the misconception of using "secure" stems from the idea that *nix based systems are "comparitively" more "authentic" in access and priviledge controls then other widely available OSs. (what is that one called by some guy called Gates :):) ).

This is true even when we considered the beefed-up/enhanced security OSs presented by *nix and Gate's buddies (Anyone care for some Deep Purple vs PittBull?).


In comparison, *nix systems are more "reliable" at authentication and internal security. This lead to the use of the term "more secure" rather than "comparitively secure". Time being the blurrer of all definitions, "more secured" became "secure" and now almost all 2nd line security admins use that term almost without a second thought.



A quick search on the net will land you many references to "trusted" systems and you will see in comparison that this is a field of its own and one that is very "exclusive" and still very priviledged. The industry jargon for such systems is "Trusted OS".

Linux is waiting for its first "secure trusted" environment for MLS and though there are many people working on renditions (BSD is the most documented while the NSA's enhanced Linux being the most debated) abreakthrough is still not in sight.


Thus, in a very short summary above, the reason for this misnomer of "secure" is brought to you. For those interested in Linux and security aspects, fire away......


So, the Myth is based on a misrepresentation of a clear Legend. The legend, based on fact, of the comparitive access and privledge control amongst *nix systems.
afridi
Cadet
 
Posts: 7
Joined: Tue Jul 02, 2002 4:31 am

most secure is which is shut off and power cord removed

Postby farhanksa » Sat Sep 06, 2003 7:00 pm

most secure is :
which is shut off and power cord removed (removing the power cord is must... :lol: :P )
farhanksa
Subedar
 
Posts: 359
Joined: Sun Nov 03, 2002 6:40 am
ICQ: 116765501
WLM: farhan12@msn.com
Yahoo Messenger: commdsl@yahoo.com
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 2 guests

cron