Nigel Edwards - Internet Security Solutions Division, Hewlett-Packard

Securing Linux Servers

This talk will look at the various strategies for securing your Linux Server. We will give a short overview of some popular security tools including Nessus (a remote system vulnerability scanner) and tripwire (a host intrusion detection system).

We will look at the strengths and weaknesses of the various strategies and tools. Most tools and strategies offer little protection against exploits that are unknown. In addition, we shall demonstrate that you cannot depend on tools protecting you against existing well-known exploits.

We will argue that security is a race: a race between the attackers (to discover a new vulnerability) and you (to update your system and tools before the vulnerability can be exploited).

There is an alternative approach - harden the kernel. In this approach the Linux kernel is hardened so that it resists known and as-yet-undiscovered attacks and exploits. Historically, kernel hardening has been focused on "military-grade" security models and has not been widely used. Recently there has been a development of alternative models that are simpler to use.

We will describe the principle features of two kernel hardening approaches: LIDS and HP Secure OS Software for Linux. These features provide a way of locking into the Linux kernel the known correct behaviour of the application: the application can only access those system resources that are made available to it, even if root access is gained. Thus a hardened kernel prevents an attacker from being able to cause the application to deviate from its correct behaviour. So the integrity of the system is preserved and the attack prevented.