Network Computing

Upcoming Events

Are you caught between a desire for the benefits of the cloud and concerns about security and control? Then you should attend this insight-packed webinar to learn how private data networking technologies like MPLS IP-VPNs can address your concerns and allow you to safely and intelligently reap the savings, agility and other benefits associated with cloud computing.

Join us to hear top industry experts discuss the private data network technologies that are best suited for enterprise cloud access requirements. You won't want to miss this opportunity to learn how your organization can best mitigate risk while reaping the full potential benefits of the cloud.

Register Now!

F E A T U R E

Review: Hardened Linux Puts Hackers EnGarde

June 10, 2002
By Patrick Mueller

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Products Reviewed
	Executive Summary
	How We Tested
	By the Numbers
	OpenBSD, Pitbull, SE Get Caught in our Filter
	Web Links
	MAC Antiattack
	Report Card

Maintaining the security of your Internet-facing Linux server is a challenge. Often you're left building castles in the sand, only to see them washed away by the vulnerability du jour. If you're ready to construct your fortifications of stronger stuff, security-enhanced Linux distributions may be the answer. They offer an alternative to the patch-and-pray cycle we're stuck in today.

These niche Linux products have advantages that may make them a better choice than a standard distribution. First and foremost, a security-enhanced, or hardened, distribution lets you take a proactive security stance versus the reactive model of the mainstream vendors. Although the standard distributions have improved security, advances have come at a snail's pace, with vendors doing only enough to avoid appearing remiss. After all, reducing the default number of network services (the most common security "enhancement" of a mainstream distribution) is not a robust approach to security--it's common sense.

Defend Your Kingdom

Security-enhanced distributions use several techniques to let you rise above this reactive mind-set. One method involves enhancing access-control mechanisms. Unfortunately, however, at its inception the Unix operating system did not have security as a design goal. The all-powerful root account is a major liability to maintaining host security because it forces you to keep all your eggs in one basket. One poorly written application running with root privileges is all it takes to allow a complete compromise of your system. By providing file- and network-access control at a finer grain and giving applications only the privileges they need to run--rather than the keys to the kingdom--you can avoid getting taken down by the latest buffer overflow in a network daemon.

We discussed covered some of the major security-enhanced Linux distributions in our November 26, 2001, issue (see "Locked Down Out of the Box"). Here, we've done a full-fledged evaluation. Our ground rules: The product must be a full Linux distribution, not an add-on. It must also be a general distribution on which a range of Linux applications can be run, not just a router- or firewall-oriented product. Finally, it must be at least version 1.0 and out of beta. That left us Guardian Digital's EnGarde Secure Linux 1.1, Hewlett-Packard Co.'s Secure OS Software for Linux 1.0, Trustix AS' Trustix Secure Linux 1.5 and Wirex Communication's Immunix 7.0 (for a look at some distributions that didn't make the cut, see "OpenBSD, PitBull, SE Get Caught in our Filter").

Both Guardian Digital and Wirex offer their software products preinstalled on hardware in appliance form. In addition to the time savings, the prepackaged wares will get you a support contract to keep the server humming in time of need.

A Chink in the Armor

One metric by which we measured the distributions is their reaction to past security issues. We also considered the vendors' responses to security issues, including how quickly they sent out advisories and patches. And we analyzed how well the each worked against two critical, recent Linux vulnerabilities. The first, the ptrace vulnerability discovered in October 2001 (see "linux-ptrace-race-condition (7311)"), lets a local attacker gain root privileges by exploiting a race condition in the kernel. The second is a serious vulnerability involving the improper use of dynamically allocated memory in the zlib compression library used in many applications in a typical Linux distribution, including the kernel (see "CERT Advisory CA-2002-07 Double Free Bug in zlib Compression Library").

Security is always a trade-off, and any security mechanism implemented at a low level, such as the process level, will inevitably affect performance. Comprehensive performance tests fell outside the scope of this article, but we didn't notice any major performance hits in the lab.

EnGarde walked away with our Editor's Choice award thanks to the depth of its security strategy, which covers nearly all the bases. Everything from the low-level mechanisms (binary integrity checking and stack protection) to high-level usability issues (including an excellent patching interface) demonstrate the serious effort the Guardian Digital crew has invested in EnGarde. The company also told us it is looking to expand on this solid foundation. On the other hand, if you're a Red Hat aficionado and want an easy introduction to a secure Linux platform, take Wirex's Immunix for a spin. The protections it offers are time-proven and the most mature in this market. Both of these distributions in their commercial forms (especially the appliances) offer a high degree of usability, making them suitable for novice to intermediate Linux users.

The new face in the crowd, HP's Secure OS Software for Linux, is more specialized--it's designed for high-security environments run by experienced administrators. Once it gets a little more polish and some miles under its belt, this product will be one to watch.