Tux-UKUUG logo
UKUUG Linux Developers' Conference
Linux 2002
---------------------------------------------------
4 - 7 July 2002
Bristol

Nigel Edwards - Internet Security Solutions Division, Hewlett-Packard

Securing Linux Servers

This talk will look at the various strategies for securing your Linux Server. We will give a short overview of some popular security tools including Nessus (a remote system vulnerability scanner) and tripwire (a host intrusion detection system).

We will look at the strengths and weaknesses of the various strategies and tools. Most tools and strategies offer little protection against exploits that are unknown. In addition, we shall demonstrate that you cannot depend on tools protecting you against existing well-known exploits.

We will argue that security is a race: a race between the attackers (to discover a new vulnerability) and you (to update your system and tools before the vulnerability can be exploited).

There is an alternative approach - harden the kernel. In this approach the Linux kernel is hardened so that it resists known and as-yet-undiscovered attacks and exploits. Historically, kernel hardening has been focused on "military-grade" security models and has not been widely used. Recently there has been a development of alternative models that are simpler to use.

We will describe the principle features of two kernel hardening approaches: LIDS and HP Secure OS Software for Linux. These features provide a way of locking into the Linux kernel the known correct behaviour of the application: the application can only access those system resources that are made available to it, even if root access is gained. Thus a hardened kernel prevents an attacker from being able to cause the application to deviate from its correct behaviour. So the integrity of the system is preserved and the attack prevented.


Programme Timetable Dinner Call for Papers
Location Accommodation Booking Form Exhibition


S  P O N S O R S
IBM
IBM developerWorks
Sony PlayStation 2
Sony PlayStation 2
Sistina Software
Sistina Software
  Astaro Network Firewall
Astaro Network Firewall
 
AMD
AMD
Perforce
Perforce
Borland
Borland

M  E D I A   S  P O N S O R S
OSDN
OSDN
Linux Magazine
Linux Magazine
Linux User
Linux User
Linux Format
Linux Format
Need To Know
NTK

For more information please contact UKUUG Problems? e-mail webmaster
© Copyright 2002 UKUUG Ltd