osOpinion: Linux Security, or Rather, the Lack Thereof

[ Thanks to Kelly
for this link. ]

Then, the worst thing happened, high-speed Internet finally
took off. Entire crops of default Redhat installs invaded the
Internet, often running for weeks on the same IP. It didn’t take
long for the script kiddies to find out what an easy source for
zombie machines these are
, and started taking down sites “just
for fun” with the most lame attack possible, the denial-of-service.
DoS attacks require no skill. I could teach my mom how to do it in
15 minutes. But the fact that they’re lame doesn’t make them
harmless. In fact, all those newbie users with their default Redhat
installs are unknowingly helping script kiddies to cause billions
of dollars in damage every year, simply because the script kiddie
owns the bandwidth of every cracked PC and can thus saturate it by
directing a ping flood at a site. Because of this, a profound
dislike has developed against newbie users who don’t keep their
systems upgraded amid the *nix crowd. But it’s not the users who
are in error.”

“Recently I made my very first server install. I had weeks of
time on my hands (blessed is the student’s life) so I wanted to do
it thoroughly. I learned everything there is to learn in the field
of securing your system. I started out with what everyone is
supposed to know, firewalls, tcp wrappers, sudo, and then worked
myself down to the details. I was horrified to discover how evil
distribution manufacturers really are. Most distro companies make
their distributions with little thought to security in mind. (Yes,
I know you’ve heard that before. I did too. But it never “sinks
in”.) There are hundreds of ways to make a Linux install more
secure, but none of these companies apparently know of them. Some
have glimpses. There are some who have a default install that’s
reasonably secure (go Debian!) or others have options allowing you
to specify how secure you want your install to be, but this changes
nothing to the picture. You see, they expect the user to choose the
most secure option he needs, but how can a newbie know this? A
newbie barely knows cd, cp and ls. How could he know about the
relative security of different applications?”

Complete Story