What Intrusion Detection systems exist for Linux?
Answer:
Try Snort (http://www.snort.org), it is the most popular Linux IDS solution.
Dec 252009
Dec 252009
What is a trojan? What is a worm?
Answer:
A trojan is a malicious program that masquerades as a legitimate application. Unlike viruses, they do not self replicate, but instead, their primary purpose is (usually) to allow an attacker remote access to your computer or its resources. Sometimes, users can be tricked into downloading and installing trojans onto their own computers, but more commonly, trojans are installed by an intruder to allow him future access to your box.
Trojans often come packaged as "root kits". A "root kit" is a set of trojaned system applications to help mask a compromise and facilitate unauthorized remote access. A root kit will usually include trojaned versions of ps, getty, passwd, tcp_wrappers, login, and syslogd.
A worm is a self-replicating, auto infecting program that spreads through computer networks. Unlike a virus, a worm does not require user intervention to be activated. Worms take advantage of vulnerabilities to propagate themselves across networks. Once it has infected a machine, a worm may also install a DDOS zombie, a r00tkit to prevent detection, or a trojan to allow unauthorized remote access. Many worms exist for Linux, including ADM, Ramen, and Lion.
Dec 252009
Is Linux Vulnerable to viruses?
Answer:
In a practical sense, no. Technically...
Due to the design of Linux, it is difficult for viruses to spread far within a system, as they are confined to infecting the user space of the user who executes them. Of course, this is a problem if infected files are launched by root, but as a security conscious individual, you wouldn't be running untrusted files as root, would you?
It is theoretically possible for a virus launched by a regular user to escalate its privileges using system exploits; however, a virus with this capability would be quite sizable, and difficult to write. As of this date, few viruses have actually been discovered for Linux, and the ones that have been discovered aren't worth losing sleep over. This will undoubtedly change with time.
Viruses do exist for Linux, but at the present time are the least significant threat you face. Presently, trojans and worms, which are explained in the following section, pose a greater threat to Linux users.
Dec 252009
How do I use GPG?
Answer:
The following tutorial are recommended to learn more about GPG:
The GNU Privacy Guard HandBook: http://www.gnupg.org/gph/en/manual.html
Dec 252009
How can I keep my Linux secure?
Answer:
Security is a process, not a permanent state. Once you've taken the initial steps to secure your box, you must engage in regular maintenance to ensure that your box continues to remain secure.
To ensure continued security, regularly do the following:
Keep current with patches - Keep current with your distribution's security updates, and patch on a regular basis.
Monitor Logfiles - Logfiles should be monitored regularly for anomalous events. Monitoring with automated tools is acceptable (Sometimes even necessary!), provided you do a regular manual audit of logfiles as well.
Audit Password Strength - Run a password auditing tool such as John the Ripper every month or so to check for insecure passwords.
Check your binaries - Regularly scan your system for trojaned or otherwise altered binaries using both an integrity checker, and a trojan scanner.
Check for Remote Vulnerabilities- Periodically run a current vulnerability scanner against your machine from another box, preferably one outside of your firewall.
