IT Security Blog

Accessing Remote Displays

By

It is possible, using X11, the graphical system for UNIX and Linux, to display the interface to a program on another user’s X display. In order for this to happen, they have to allow access to their display, which is not the default, but it may be set on certain systems, especially poorly configured multi-user systems.

You can, of course, try this on any system. Simply run the command

xhost +

This removes access restrictions. Now, you can launch X programs as another user on the same machine, or as a user on a different machine, by setting your DISPLAY environment variable. For example, if an X session is running on 10.0.0.5 and access restrictions have been removed, it is possible to run Firefox on another computer, say, 10.0.0.26, and have it display on 10.0.0.5’s screen.

DISPLAY=”10.0.0.5:0″ firefox

Note that you don’t need to log in to 10.0.0.5 over SSH, the X system makes use of port 6000/tcp to communicate between the program and the X display.

The xhost – command can be used to enable access control, but on systems where it is useful to have other users share a display (for instance, if you have two user accounts but only one monitor, and want to use GUI applications from both accounts) the X port should be firewalled.

X11 uses TCP port 6000, and the following iptables command should prevent access to the X port from ethernet interfaces. Use wlan+ for wireless devices, or simply use -i ! lo to block all X access except from localhost.

iptables -A chainname -i eth+ -p tcp –dport 6000 -j DROP

Hardening Slackware

By

Transmarit is a guide to hardening Slackware Linux 10.2.0. It was written by Jeffrey Denton in January 2006, and covers most of the steps you’d want to take to securely lock down a Slackware server.

Locking down a system this much is probably unsuitable for home users, or on most workstations, but in the server environment, most of the security precautions mentioned make sense.

Of course, locking down a system brings with it inconvenience as well as security, and most sites will want to find a balance between security and usability. The document does lean somewhat more toward security, though.

There are actually some interesting tricks in there, such as checking if a user with UID zero is in fact root, and, if not, killing their processes and e-mailing the real root.

For those wishing to secure their Slackware servers, this makes an excellent read. In fact, even if you’re just looking to slightly increase the security of your home system, I’d say that reading this document would be a good place to start getting some ideas as to what you can and can’t do, and what sort of thing makes for good security.

Hardening a Linux system is the topic of many books and documents. Some try to be generic and cover the things you can do regardless of distribution, but many are written for the “popular” enterprise distributions such as RedHat and SuSE. It’s nice to see a Slackware one out there, and with such sound security information in it, Slackware should keep its reputation for security as well as speed and stability.

Anonym.OS

By

Anonym.OS is an interesting development on the LiveCD front. Its an OpenBSD based operating system on a CD, engineered for anonymity.

According to the various news sources, Anonym.OS is running in secure mode, but changes its TCP packet length, and other technical details, to make it appear as a Windows XP SP1 system.

This is an interesting concept, and it does indeed seem to be engineered for anonymity. Provided it doesn’t leave any unique fingerprint, this should be a fairly big step towards reclaiming some anonymity.

The project website itself talks of government surveillance and corporate content restrictions. The Anonym.OS CD contains “strong tools for anonymising and encrypting connections”.

Anonym.OS makes use of the Tor network; an onion routing network which uses an array of servers to pass encrypted traffic. This prevents tracing, but slows down the connection considerably.

Novell: Secure your system with AppArmor

By

AppArmor

Novell would like to release a Linux with security management made easy according to the news on Security Focus. They have decided to not use security modifications by the National Security Agency because of the difficulty in configuring it. They have with it AppArmor though.

According to an article on Security Focus, the latest additions to SuSE Linux Enterprise Desktop (SLED) have been discussed in LinuxWorld. The focus was on AppArmor.

What’s up with AppArmor?

The AppArmor will be concerned with making access a bit more restrictive. There are some applications which need root access — these applications could make changes that would affect the entire system and if you want to make sure it would not happen, AppArmor could be the way for you to restrict access.

It is said to be that it is easy to use. Aside from that your system could be protected from internal and external attacks. This would be a plus factor, especially if you think about the costs of recovering from attacks that could affect your data.

How simple is simple?

  • You have a name-based access control system.
  • There is a graphical user interface.
  • There are predefined profiles.
  • There are wizards you could use to build security profiles for third party applications.

Check it out

Novell Linux is surely geared towards the users in the enterprise. If you want something that has a robust set of open source applications, a good user interface and tools, it is definitely one to try. You might not enjoy tweaking around too much and from the looks of things, SLED could be the Linux to give you an easy transition, in case you are migrating from proprietary to open source software.

[tags]novell,linux,security,applications[/tags]

Windows, Mac OSX, Linux — which is more secure?

By

all three logos

There have been many flame wars, there have been different studies made regarding the security of each operating system mentioned in the title. The studies are sometimes said to be biased because it depends on what organization or company has funded the studies. At the end of the day, however, we must realize that no matter what operating system we use on our computers, we should be responsible enough to download security patches and the like.

Sometimes articles and threads on forums and blogs end up in fanaticism. Some of the points raised when it comes to vulnerability and operating systems would be:

The popularity of the operating system
Take for example Windows. It is probably the most popular operating system and some say that that is one of the main reasons why it is most attacked by hackers and creators of malware. They say that there is no point in attacking an operating system that is not used by many. The logic, they say, is that if you are going to do something, make sure it will be something big. (This is why there are people who seem to insist on getting a Mac — more stable and secure that way, as they say.)

Linux, BSD are operating systems that you can’t even run right away/properly/(insert phrase here)…
It sounds so petty, doesn’t it? But there are those who argue with Linux and BSD users that the difficulty with their operating system is that it is not easy to run it. Would an average computer users be able to use it and run it without much fiddling around? Truth be told, it looks like it is possible. But that depends on which Linux distribution you would run. In any case, the argument is more along the lines of “If you can’t even have the OS running properly, who would bother attacking it?”

Everyone must learn how to set up security measures. Be it setting up a firewall, being careful about which sites to check out, downloading patches — each of us will have different needs and we will have different experiences.

[tags]security, windows,linux,mac[/tags]

Software flaws prediction – a research

By

research

Dreaming of the perfect software? It might still be something of a dream but researchers in Colorado State University are on to making models that you could use to predict the number of flaws in an application or operating system. They aim to present the results of their study in a conference on secure computing in September.

In achieving this goal,they are testing their models on the Apache Web server and the Microsoft IIS server. They are hoping that this would be useful in reducing the number of flaws, especially those involving security. So far, the researchers have found out the number of vulnerabilities found in Windows 95, Windows NT and Red Hat 7.1, in the web servers Apache and IIS all fit their model well. They also found out that there is an S-curve relationship for the vulnerabilities.

Better decision-making

This research would be helpful in decision-making. This would be a good way of gauging the readiness of the software the developers are about to release. It would be difficult to ship the software without the knowledge of how vulnerable it is. The difficulty in the case of software that are released immediately is that there might be a lot of flaws. Think of the number of times you might have had to download security patches for the software you are using. That is not just a hassle on your end, but think of how much damage your system could have suffered.

Learning from mistakes

There are many causes of flaws and vulnerabilities. Even so, there is an opportunity to improve the quality of the software being developed. There are people who are continuously working on the security issues and these researchers are going to be part of this group. It is not an easy task and having tools like this could create an impact on the software industry.