|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Linux security classes now available
(IDG) -- Whether your firm has been running Linux for awhile or is one of a growing number of companies that have only recently moved to Linux on their networks, you may be concerned about how to secure Linux. If you're not, you should be. ISS (Internet Security Systems), the security firm founded by Christopher Klaus in 1994, has announced that it will be the first company to offer a professional Linux security training course.
Before researching ISS and Christopher Klaus, I assumed that he had been a black hat cracker who had changed his ways and then appeared in the enterprise wearing a white hat. That is often the case with those involved with Internet security, and I knew that his creation, the first port-scanning program (also called ISS) had been a popular item in many hacker toolkits in the past. I supposed that the appeal of the ISS corporation would be based on the old notion of using a thief to catch a thief all over again. But I was wrong.
Klaus appears to have always been on the side of the angels. He didn't hang out on an "elite" BBS, he didn't sit on IRC and try to build a rep on #hack, and he didn't write stories for phrack (one of the computer underground's longest-running zines) about how to break into machines on the Internet. In fact, in one of the two references I found to Klaus in the phrack archives, he plainly states that he didn't want ISS, the first program of its type, to appear there. In another issue, he mockingly explained how to become an "bercracker."
But he did publish the source code for the ISS port scanner, which allows you, via the Internet, to look across a network and see what ports are open on a specific machine or range of machines. He wrote ISS in 1992. In September of 1993, he posted the full source code to version 1.00 of ISS to the comp.sources.misc newsgroup on Usenet.
ISS is still available on the Internet at security and hacker sites alike. I found it at Purdue University's CERIAS FTP site. In any event, tool usage is a habit shared by both those interested in maintaining site security and those interested in violating it.
Regardless of the color of Klaus' hat, ISS became a part of many hacker toolkits in the years following its release. It isn't used as often these days by those with bad intentions simply because it is too obvious. Using a port scanner today to find active ports on a system is like casing a house for a burglary by driving up to it in the middle of the night and then aiming a huge spotlight at every nook and cranny, looking for open doors and windows. (Services like sendmail, BIND, Telnet, FTP, HTTP, and so on are usually run on well-known ports.)
Only the most naive script kiddies will use a port scanner, blissfully unaware that they are probably triggering security alarms at many of the sites they scan. Their only potential victims are those sites whose owners are even less aware of security than they are. But when I conducted an authorized security test on my employer's network three years ago -- a test in which I eventually got root privileges on two machines -- the first tool I used was ISS.
Klaus' real background is much different than I had envisioned. In 1990, while he was in high school and a lot of his computer-savvy peers were swapping "warez" on elite BBSs, Christopher was accepted for an internship at Lawrence Livermore National Laboratory. It was there that he began his research into computer and network security.
He also read some interesting books; he credited William Gibson's novel Neuromancer for the concepts that eventually became his security scanner. When he published the source code to ISS on the comp.security.misc newsgroup, he also credited as sources of relevant information phrack and CERT, the Computer Emergency Response Team, created in 1988 after a worm disabled ten percent of all the computers connected to the Internet.
Today, Atlanta-based ISS (the company) offers a full suite of security tools, educational services, and security consulting services around the world. It also sponsors the X-Force Website, an excellent source of information on the latest exploits. The site houses a searchable database of previous exploits, security mailing lists, and "zero day" advisories. Klaus handed over the reins of the company in 1997, but remains with ISS as the firm's chief technology officer.
The ISS class for Linux security will be distribution neutral, but will be taught on Red Hat 6.2. It addresses Linux-specific security issues and the ways they can be addressed within the framework of a security enforcement policy.
IT pros debate security of Linux and Unix
RELATED IDG.net STORIES:
Linux security tips
Download ISS for Unix
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.