This article can also be found in the Premium Editorial Download "Information Security magazine: Closing the gap: How to decide when (and if) to patch vulnerabilities."
Download it now to read this article plus other related content.
The increased reliability and potentially better security of Linux is tempting more than a few frustrated Windows shops to consider jumping ship to the popular open source OS.
You'll need competent
While there are a number of things you'll want your Linux administrators to know, they should have the following security-specific Linux skills.
- OS Hardening. This involves reconfiguring core settings, deactivating unneeded programs and tuning the remaining services for better security. In Linux implementations, this also can involve configuring the embedded system-level firewall. These steps will mitigate most known vulnerabilities and neutralize most attacks -- up to 97% in some lab tests.
Freeware applications and tools like Bastille Linux, Titan and the Center for Internet Security's (CIS) Unix security scoring tool help audit the hardening work once it's done. CIS's Linux Benchmark and books like Building Secure Servers with Linux are practical, step-by-step guides for hardening Linux and Unix systems.
- System Assessment. Once an OS is hardened, an administrator must be able to determine if it has been attacked or compromised. System assessments start with creating a baseline of the normal system and then checking the system against the baseline on a regular basis. This assessment might begin with looking at what programs are running, what user context they're running under, what files they have open and what their level of resource consumption is.
This process is both highly technical and somewhat intuitive, thus requiring experience and knowledge. An administrator must know what information is important and how to gather that information. Experience will tell an administrator when something is amiss. Technical skills come into play to discover if the problem is really an attacker or just a system failure, such a faulty hard drive or overloaded application.
- Intelligence Gathering. Next, your administrator must be able to gather and manage intelligence specific to your systems' security. A Linux administrator needs to know what techniques are used by both attackers and defenders. He or she must be able to follow the trend data to keep up to date with current attacks. This helps an organization adapt its defensive posture to changing threat conditions.
Of course, security intelligence directly feeds into the first two skill sets. A good Linux or security administrator will check sites such as SecurityFocus and Incidents at least once per day for alerts and advisories. Security newsletters published by supporting vendors and media outlets help administrators keep up with threat trends.
Where will you get people with such skills? Believe it or not, a good place to start is with your Windows administrators, many of whom are closet Linux geeks or have experience on Linux systems. They'll also have a firm understanding of hardening systems, since locking down Windows boxes before they go into production is nearly a necessity.
About the author
JayBeale is the lead developer of the Bastille Linux project.
This was first published in March 2004