ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Linux security classes now available


June 12, 2000
Web posted at: 10:19 a.m. EDT (1419 GMT)

(IDG) -- Whether your firm has been running Linux for awhile or is one of a growing number of companies that have only recently moved to Linux on their networks, you may be concerned about how to secure Linux. If you're not, you should be. ISS (Internet Security Systems), the security firm founded by Christopher Klaus in 1994, has announced that it will be the first company to offer a professional Linux security training course.

Before researching ISS and Christopher Klaus, I assumed that he had been a black hat cracker who had changed his ways and then appeared in the enterprise wearing a white hat. That is often the case with those involved with Internet security, and I knew that his creation, the first port-scanning program (also called ISS) had been a popular item in many hacker toolkits in the past. I supposed that the appeal of the ISS corporation would be based on the old notion of using a thief to catch a thief all over again. But I was wrong.


Klaus appears to have always been on the side of the angels. He didn't hang out on an "elite" BBS, he didn't sit on IRC and try to build a rep on #hack, and he didn't write stories for phrack (one of the computer underground's longest-running zines) about how to break into machines on the Internet. In fact, in one of the two references I found to Klaus in the phrack archives, he plainly states that he didn't want ISS, the first program of its type, to appear there. In another issue, he mockingly explained how to become an "Ÿbercracker."

But he did publish the source code for the ISS port scanner, which allows you, via the Internet, to look across a network and see what ports are open on a specific machine or range of machines. He wrote ISS in 1992. In September of 1993, he posted the full source code to version 1.00 of ISS to the comp.sources.misc newsgroup on Usenet.

  Linux security tips
  Securing Linux, Part 2: Advanced Linux security
  10 awesome security utilities
  Is Linux a security risk?
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

ISS is still available on the Internet at security and hacker sites alike. I found it at Purdue University's CERIAS FTP site. In any event, tool usage is a habit shared by both those interested in maintaining site security and those interested in violating it.

Regardless of the color of Klaus' hat, ISS became a part of many hacker toolkits in the years following its release. It isn't used as often these days by those with bad intentions simply because it is too obvious. Using a port scanner today to find active ports on a system is like casing a house for a burglary by driving up to it in the middle of the night and then aiming a huge spotlight at every nook and cranny, looking for open doors and windows. (Services like sendmail, BIND, Telnet, FTP, HTTP, and so on are usually run on well-known ports.)

Only the most naive script kiddies will use a port scanner, blissfully unaware that they are probably triggering security alarms at many of the sites they scan. Their only potential victims are those sites whose owners are even less aware of security than they are. But when I conducted an authorized security test on my employer's network three years ago -- a test in which I eventually got root privileges on two machines -- the first tool I used was ISS.

Klaus' real background is much different than I had envisioned. In 1990, while he was in high school and a lot of his computer-savvy peers were swapping "warez" on elite BBSs, Christopher was accepted for an internship at Lawrence Livermore National Laboratory. It was there that he began his research into computer and network security.

He also read some interesting books; he credited William Gibson's novel Neuromancer for the concepts that eventually became his security scanner. When he published the source code to ISS on the newsgroup, he also credited as sources of relevant information phrack and CERT, the Computer Emergency Response Team, created in 1988 after a worm disabled ten percent of all the computers connected to the Internet.

Today, Atlanta-based ISS (the company) offers a full suite of security tools, educational services, and security consulting services around the world. It also sponsors the X-Force Website, an excellent source of information on the latest exploits. The site houses a searchable database of previous exploits, security mailing lists, and "zero day" advisories. Klaus handed over the reins of the company in 1997, but remains with ISS as the firm's chief technology officer.

The ISS class for Linux security will be distribution neutral, but will be taught on Red Hat 6.2. It addresses Linux-specific security issues and the ways they can be addressed within the framework of a security enforcement policy.

IT pros debate security of Linux and Unix
June 8, 2000
Linux works its way toward prime time
June 5, 2000
Linux struggles to get beyond the Web
June 2, 2000
Red Hat launches IA-64 Linux distribution
May 19, 2000
Two Linux standards groups combine into one
May 10, 2000
Security firm warns of Red Hat Piranha 'back door'
April 27, 2000
Linux livin' large on mainframe
April 5, 2000

Linux security tips
Securing Linux, Part 2: Advanced Linux security
Free Linux software blocks hackers
Is Linux a security risk?
The back door to Frontpage
10 awesome security utilities
(PC World)
Windows an easy hacker target
Inside a hacker's toolchest

Download ISS for Unix
ISS Linux Security Course
Joe Barr's intrusion test
CERT Advisories
EFF phrack archive

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.