Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Linux servers safer than ever

That's according to honeypot security researchers.

Article comments

Attackers are no longer bothering to attack average Linux systems, because there's so much more money to be made from invading Windows, according to security researchers.

The Honeynet Project, which sets up ordinary seeming Linux networks in order to observe attack activity, found that the life expectancy of such systems has dramatically increased from a year or two ago. Its 2004 findings, published recently, found an unpatched Linux system lasts, on average, three months before it is compromised, compared to about 72 hours for 2001-2002. Some of the project's systems were exposed to the Internet for nine months without a successful attack.

The project's "honeynets" - networks of two or more "honeypots" - are designed to detect random attacks on the Internet, carried out on targets detected through random searching, scanning and hacking systems such as worms and autorooters, rather than particular attacks focussed on specific, high-value targets. A honeypot is a system set up for the purpose of attracting random attack activity.

Since overall Internet attacks don't seem to be going down, the project's researchers theorised that the focus of hacking activity has shifted to Windows systems, simply because the platform is so widespread that it presents an irresistible target. "It's now easier to hack the end user than hacking the bank," Honeynet Project president Lance Spitzner told Techworld. "Banks are well protected, end users are not. Hack enough end users, and you can make as much, if not more, than hacking the bank."

While the project didn't carry out comparative research using Windows, Spitzner pointed out that research from security organisations such as Symantec and and the Internet Storm Center (ISC) has found no shortage of attacks on Windows honeypots. For example, an ISC project measuring the survival time for Windows systems, found here, measures survival time in minutes rather than hours.

The average survival time for the systems the ISC tests has declined from about 55 minutes in the autumn of 2003 to just under 20 minutes at the end of 2004, although the figures have been improving gradually from a low of 15 minutes in the spring of 2004. Microsoft says survival rates for Windows should decline as Windows XP Service Pack 2 becomes more widely used - the update is designed to make Windows' default configuration more secure.

The project deliberately focussed on average systems that didn't present any particular attraction to attackers - in the real world, the equivalent would be home networks or small and medium-sized businesses. The project deployed 12 honeynets in eight countries (the US, India, the UK, Pakistan, Greece, Portugal, Brazil and Germany), consisting of a total of 24 unpatched Unix and Unix-like honeypots. Nineteen of the systems were Linux, mostly Red Hat, including one Red Hat 7.2 system, five Red Hat 7.3, one 8.0, eight 9.0 and two Fedora Core 1 systems. Other deployments included one Suse 7.2, one Suse 6.3, two Solaris Sparc 8, two Solaris Sparc 9 and one Free-BSD 4.4

Services such as SSH, HTTPS, FTP, SMB were enabled, with inbound connections to these services allowed; some of the systems also used insecure or easily guessed passwords. The systems weren't registered in DNS or search engines, so they could only be found by automated means.

The situation for high-value Linux systems, such as company Web servers, CVS repositories or research networks is potentially very different, Spitzner said. "I'm sure these high-value Linux systems are prime targets and are attacked every day, if not every hour. If vulnerable, they would be hacked very soon," he said.

Older Linux systems were more likely to be successfully attacked than newer deployments, when left unpatched, probably because more vulnerabilities have been uncovered and attackers have had time to learn which exploits work, the project found. This also reflects the fact that default Linux installations are becoming more secure, the project said.

Once compromised, attackers used the systems mainly for IRC bouncing, bots and to host phishing scams, the project found. On at least one of the systems attackers attempted to set up a fake bank in order to harvest bank and credit card information.

The Honeynet Project is a non-profit research organisation supported by a number of security companies, including Foundstone, Counterpane, SecurityFocus.com and SourceFire.




Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *