LinuxPlanet: Preventing Buffer Overflow Exploits Using the Linux Distributed Security Module, Pt. 1

"Internet servers (such as Web, email, and ftp servers) have been the target for different kinds of attacks aiming to disable them from providing services to their respective users. One particular exploit, which has become almost ubiquitous in the last several years, is the buffer overflow exploit. While the exploit requires particularly arcane and detailed knowledge of both assembly language and, in some cases, operating system interface details, once someone has coded an exploit and published it, anyone can use it. The results of these exploits provide interactive command shells on UNIX and Linux systems and the ability to upload and execute arbitrary programs on Windows systems.

"To answer the need for advanced security features for Linux servers, the Open Systems Lab at the Ericsson Research Corporate Unit in Montreal, Canada, started the Distributed Security Infrastructure project (DSI) to design and develop a secure infrastructure that provides advanced security mechanisms for telecom applications running on carrier grade Linux servers. One of the goals of DSI is to prevent attacks incoming from the Internet and Intranet, which include buffer overflow exploits, denial of service attacks, and other type of attacks and exploits..."

Complete Story

Related Stories:

• SearchOpenSource: Linux Virtual Address Randomization and Impacting Buffer Overflows(Nov 18, 2005)
• Linux Magazine: Securing Your Environment: Part 2(May 08, 2005)
• NewsForge: A Critique of Port Knocking(Aug 11, 2004)
• Linux Journal: Buffer Overflow Attacks and Their Countermeasures(Mar 12, 2003)