Mackenzie Morgan, profile picture
Uploaded byMackenzie Morgan
PDF, PPTX4,100 views

Is Linux Secure?

Mackenzie Morgan gave a presentation titled "Is Linux Secure?" at the 2010 Southeast LinuxFest. The presentation introduced common security terminology related to malware and attacks, discussed threats that still affect Linux systems such as email trojans, untrusted software sources, and browser-based attacks, and provided recommendations for improving security including using trusted software sources, being cautious of launchers from untrusted locations, using browser extensions like NoScript, and following principles of least privilege.

Embed presentation

Download as PDF, PPTX
Is Linux Secure? Mackenzie Morgan Southeast LinuxFest 2010 12 June 2010 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 1 / 35
Introduction Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 2 / 35
Introduction Me Mackenzie Morgan Computer Science student Ubuntu Developer Kubuntu user http://ubuntulinuxtipstricks.blogspot.com ← find slides here Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 3 / 35
Introduction This Talk Linux Zealot: Try Linux! It doesn’t get viruses! Average Person: No viruses? I’m invincible! Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 4 / 35
Vocabulary Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 5 / 35
Vocabulary Malware Malware (or “badware”) is an umbrella term for viruses, trojans, worms, rootkits, etc. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 6 / 35
Vocabulary Virus Viruses infect individual files. They spread when people share those files. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 7 / 35
Vocabulary Social Engineering Social Engineering is tricking people into doing something that is bad for security. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 8 / 35
Vocabulary Trojan Trojans are malware that get installed via social engineering. . . or, well, lying. “I’m a fun game and totally safe! but not really, I’m actually going to steal your passwords. . . ” Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 9 / 35
Vocabulary Worm A worm infects other systems, automatically, usually over a network. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 10 / 35
Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jagoff. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
Vocabulary Botnet A botnet is a group of systems infected by malware which operate as a collective and are controlled by a erm. . . jagoff. Yes, I’m from Pittsburgh. How’d you guess? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
Vocabulary Rootkit A rootkit keeps the activities of an unauthorised user hidden so that you can’t tell your system has been owned. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 12 / 35
Vocabulary Keylogger A keylogger tracks everything you type. Yes, including passwords. It could be hardware (see ThinkGeek), but usually software. There are legitimate(-ish) uses. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 13 / 35
Vocabulary Browser-based Attack A browser-based attack is any attack that takes place inside the web browser. They are usually not limited to a specific OS. Examples: Cross-site Scripting (XSS) – using Javascript on one webpage to steal data from another Tracking cookies – harvests the information stored in your browser by other websites Cookie jacking – stealing credentials for other websites from your browser’s cookies Click jacking – hiding clickable objects on a webpage on top of other objects so that you’re not clicking what you think you’re clicking Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 14 / 35
Vocabulary Phishing Phishing is social engineering aimed at making you believe you are interacting with someone else whom you trust Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 15 / 35
What can still hurt me? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 16 / 35
What can still hurt me? What’s still a problem? All of those Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 17 / 35
What can still hurt me? But what about no viruses? Windows ones usually won’t run, even in Wine Several hundred for Linux Only ∼30 in the wild ever No known viruses exploiting current vulnerabilities Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 18 / 35
What can still hurt me? Email Trojans “Check out this cool new game! http://example.com/foo.desktop” Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 19 / 35
What can still hurt me? Untrusted Software .deb for “screensaver” on gnome-look.org Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
What can still hurt me? Untrusted Software .deb for “screensaver” on gnome-look.org . . . and now you’re on a botnet http://ubuntuforums.org/showthread.php?t=1349678 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
What can still hurt me? Browser-based attacks Unless only for Internet Explorer Firefox? Opera? Chrome? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 21 / 35
What can still hurt me? Phishing There’s no patch for gullibility Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 22 / 35
What can still hurt me? Rootkits If any of the previous work, you can get one Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 23 / 35
What protection is there? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 24 / 35
What protection is there? Trusted software sources Stick to your distro’s repos Otherwise, source directly from upstream Avoid non-software in .deb or .rpm format Heed your package manager’s warnings Grrr @ Arch Linux Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 25 / 35
What protection is there? Launchers You get a .desktop from web/email. . . Do you know what it’ll run? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
What protection is there? Launchers You get a .desktop from web/email. . . Do you know what it’ll run? Could be anything Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
What protection is there? Launchers in KDE Kubuntu’s & openSUSE’s KDE: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 27 / 35
What protection is there? Launchers in GNOME Fedora’s & openSUSE’s GNOME: Ubuntu’s GNOME: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 28 / 35
What protection is there? Browser - Javascript If you use Firefox, get NoScript extension Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 29 / 35
What protection is there? Browser - Encryption Don’t send passwords unencrypted Look for the lock Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 30 / 35
What protection is there? Browser - Phishing How do you know it’s the site it claims to be? Look at everything before the first slash Check out this green thing Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 31 / 35
What protection is there? Minimal privileges Don’t login graphically as root! Why? Malware gets full access Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 32 / 35
What protection is there? Don’t need it? Don’t use it! Don’t login remotely with command line or push files to it? Uninstall your SSH and S/FTP servers Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 33 / 35
What protection is there? Detecting problems Find rootkits: rkhunter chkrootkit Warn of changes: tripwire You probably don’t need these Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 34 / 35
What protection is there? Questions? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 35 / 35

More Related Content

PPTX
Information Security Awareness
bySnapComms
 
PDF
Linux Security Myth
byMackenzie Morgan
 
PPTX
Data privacy voor marketeers kluwer
byBart Van Den Brande
 
PDF
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
byPhilip Polstra
 
PDF
Secret of Intel Management Engine by Igor Skochinsky
byCODE BLUE
 
PDF
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
byCain Ransbottyn
 
PPT
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
PDF
On hacking & security
byAnge Albertini
 
Information Security Awareness
bySnapComms
 
Linux Security Myth
byMackenzie Morgan
 
Data privacy voor marketeers kluwer
byBart Van Den Brande
 
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
byPhilip Polstra
 
Secret of Intel Management Engine by Igor Skochinsky
byCODE BLUE
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
byCain Ransbottyn
 
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
On hacking & security
byAnge Albertini
 

Similar to Is Linux Secure?

PPT
BPotter-L1-05
bywebuploader
 
PPTX
Botnets Attacks.pptx
byMuhammadRehan856177
 
PPTX
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
byEric Vanderburg
 
PDF
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
byeLiberatica
 
ODP
Linux vs windows
byPrima Yogi Loviniltra
 
PPTX
Operating system security
byRamesh Ogania
 
PPT
Chapter 10
bycclay3
 
PPTX
Mitppt
byAarti Prakash
 
PDF
Your First Guide to "secure Linux"
byToshiharu Harada, Ph.D
 
PPT
Linux Intro
byLokesh Kumar N
 
PDF
Deprecated #flushyourmeds Scott Alan Barry
bydetacerped
 
PPT
Software security
byRoman Oliynykov
 
PPTX
Program and System Threats
byReddhi Basu
 
PPT
Ch11
byRaja Waseem Akhtar
 
PPT
Ch11 system administration
byRaja Waseem Akhtar
 
PPT
Security & ethical hacking p2
byratnalajaggu
 
PPT
Ch02 System Threats and Risks
byInformation Technology
 
PDF
Linux Kernel Exploitation
byScio Security
 
PDF
Footprint #flushyourmeds Scott Barry
bytnirptoof
 
PDF
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
byVale Security Conference
 
BPotter-L1-05
bywebuploader
 
Botnets Attacks.pptx
byMuhammadRehan856177
 
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
byEric Vanderburg
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
byeLiberatica
 
Linux vs windows
byPrima Yogi Loviniltra
 
Operating system security
byRamesh Ogania
 
Chapter 10
bycclay3
 
Mitppt
byAarti Prakash
 
Your First Guide to "secure Linux"
byToshiharu Harada, Ph.D
 
Linux Intro
byLokesh Kumar N
 
Deprecated #flushyourmeds Scott Alan Barry
bydetacerped
 
Software security
byRoman Oliynykov
 
Program and System Threats
byReddhi Basu
 
Ch11
byRaja Waseem Akhtar
 
Ch11 system administration
byRaja Waseem Akhtar
 
Security & ethical hacking p2
byratnalajaggu
 
Ch02 System Threats and Risks
byInformation Technology
 
Linux Kernel Exploitation
byScio Security
 
Footprint #flushyourmeds Scott Barry
bytnirptoof
 
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
byVale Security Conference
 

Recently uploaded

PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
The year in review - MarvelClient in 2025
bypanagenda
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 

Is Linux Secure?

  • 1.
    Is Linux Secure? Mackenzie Morgan Southeast LinuxFest 2010 12 June 2010 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 1 / 35
  • 2.
    Introduction Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 2 / 35
  • 3.
    Introduction Me Mackenzie Morgan Computer Science student Ubuntu Developer Kubuntu user http://ubuntulinuxtipstricks.blogspot.com ← find slides here Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 3 / 35
  • 4.
    Introduction This Talk Linux Zealot: Try Linux! It doesn’t get viruses! Average Person: No viruses? I’m invincible! Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 4 / 35
  • 5.
    Vocabulary Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 5 / 35
  • 6.
    Vocabulary Malware Malware (or “badware”)is an umbrella term for viruses, trojans, worms, rootkits, etc. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 6 / 35
  • 7.
    Vocabulary Virus Viruses infect individualfiles. They spread when people share those files. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 7 / 35
  • 8.
    Vocabulary Social Engineering Social Engineeringis tricking people into doing something that is bad for security. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 8 / 35
  • 9.
    Vocabulary Trojan Trojans are malwarethat get installed via social engineering. . . or, well, lying. “I’m a fun game and totally safe! but not really, I’m actually going to steal your passwords. . . ” Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 9 / 35
  • 10.
    Vocabulary Worm A worm infectsother systems, automatically, usually over a network. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 10 / 35
  • 11.
    Vocabulary Botnet A botnet isa group of systems infected by malware which operate as a collective and are controlled by a erm. . . jagoff. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
  • 12.
    Vocabulary Botnet A botnet isa group of systems infected by malware which operate as a collective and are controlled by a erm. . . jagoff. Yes, I’m from Pittsburgh. How’d you guess? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 11 / 35
  • 13.
    Vocabulary Rootkit A rootkit keepsthe activities of an unauthorised user hidden so that you can’t tell your system has been owned. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 12 / 35
  • 14.
    Vocabulary Keylogger A keylogger trackseverything you type. Yes, including passwords. It could be hardware (see ThinkGeek), but usually software. There are legitimate(-ish) uses. Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 13 / 35
  • 15.
    Vocabulary Browser-based Attack A browser-basedattack is any attack that takes place inside the web browser. They are usually not limited to a specific OS. Examples: Cross-site Scripting (XSS) – using Javascript on one webpage to steal data from another Tracking cookies – harvests the information stored in your browser by other websites Cookie jacking – stealing credentials for other websites from your browser’s cookies Click jacking – hiding clickable objects on a webpage on top of other objects so that you’re not clicking what you think you’re clicking Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 14 / 35
  • 16.
    Vocabulary Phishing Phishing is socialengineering aimed at making you believe you are interacting with someone else whom you trust Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 15 / 35
  • 17.
    What can stillhurt me? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 16 / 35
  • 18.
    What can stillhurt me? What’s still a problem? All of those Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 17 / 35
  • 19.
    What can stillhurt me? But what about no viruses? Windows ones usually won’t run, even in Wine Several hundred for Linux Only ∼30 in the wild ever No known viruses exploiting current vulnerabilities Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 18 / 35
  • 20.
    What can stillhurt me? Email Trojans “Check out this cool new game! http://example.com/foo.desktop” Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 19 / 35
  • 21.
    What can stillhurt me? Untrusted Software .deb for “screensaver” on gnome-look.org Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
  • 22.
    What can stillhurt me? Untrusted Software .deb for “screensaver” on gnome-look.org . . . and now you’re on a botnet http://ubuntuforums.org/showthread.php?t=1349678 Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 20 / 35
  • 23.
    What can stillhurt me? Browser-based attacks Unless only for Internet Explorer Firefox? Opera? Chrome? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 21 / 35
  • 24.
    What can stillhurt me? Phishing There’s no patch for gullibility Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 22 / 35
  • 25.
    What can stillhurt me? Rootkits If any of the previous work, you can get one Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 23 / 35
  • 26.
    What protection isthere? Outline 1 Introduction 2 Vocabulary 3 What can still hurt me? 4 What protection is there? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 24 / 35
  • 27.
    What protection isthere? Trusted software sources Stick to your distro’s repos Otherwise, source directly from upstream Avoid non-software in .deb or .rpm format Heed your package manager’s warnings Grrr @ Arch Linux Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 25 / 35
  • 28.
    What protection isthere? Launchers You get a .desktop from web/email. . . Do you know what it’ll run? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
  • 29.
    What protection isthere? Launchers You get a .desktop from web/email. . . Do you know what it’ll run? Could be anything Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 26 / 35
  • 30.
    What protection isthere? Launchers in KDE Kubuntu’s & openSUSE’s KDE: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 27 / 35
  • 31.
    What protection isthere? Launchers in GNOME Fedora’s & openSUSE’s GNOME: Ubuntu’s GNOME: Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 28 / 35
  • 32.
    What protection isthere? Browser - Javascript If you use Firefox, get NoScript extension Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 29 / 35
  • 33.
    What protection isthere? Browser - Encryption Don’t send passwords unencrypted Look for the lock Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 30 / 35
  • 34.
    What protection isthere? Browser - Phishing How do you know it’s the site it claims to be? Look at everything before the first slash Check out this green thing Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 31 / 35
  • 35.
    What protection isthere? Minimal privileges Don’t login graphically as root! Why? Malware gets full access Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 32 / 35
  • 36.
    What protection isthere? Don’t need it? Don’t use it! Don’t login remotely with command line or push files to it? Uninstall your SSH and S/FTP servers Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 33 / 35
  • 37.
    What protection isthere? Detecting problems Find rootkits: rkhunter chkrootkit Warn of changes: tripwire You probably don’t need these Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 34 / 35
  • 38.
    What protection isthere? Questions? Mackenzie Morgan (SELF 2010) Is Linux Secure? 12 June 2010 35 / 35