Linux Security Software

Firewalls

The main Linux firewalls rely on either IPChains or IPTables as their engine. IPChains is the older version of IPTables, which will be found on almost all current Linux distrubutions, but either can be used effectively to build a very strong firewall. Both work on the principle of there being 'paths' for TCP/IP traffic - in, out, forward, etc., which have rules applied to determine what function to perform on connections received at a particular interface. Both very flexible applications.

There are many Linux-based firewall systems available, such as Smoothwall, IPCop, ClarkConnect, e-smith and they all use IPChains or IPtables as part of their firewalling function.

IDS

Intrusion Detection Systems for Linux consist of Snort. This works by 'inspecting' the traffic seen on a network and analysing it against a database of known exploits, such as Nimda, CodeRed, etc., and then blocking the connection.

Anti-virus

There are very few viruses that affect Linux, although they do exist, and whilst there are Linux AV programs available, they tend to come at a premium price. Fundamental security techniques are a far more effective way of preventing viruses, so do not run unknown attachments (the myriad of Windows virus attachments will not run on a Linux platform, but c++ or shell programs may), login as a user and not root, turn off unneeded services and so on.

Trojans and Worms

Again, there are few trojans or worms that affect Linux, but those that exist are very effective.

Spyware Detectors

Spyware? What's that then? ;-)

Seriously, everyone knows that Linux is open source. That means you can download the source code for programs that are running on it. Nice. Do you understand it? How do you know that a particular program loop is not enabling a remote access trojan, or is going to replace your ps executable with one that hides certain applications that are running? Possibly, you don't. In which case, there are utilities, such as Tripwire, available that can monitor the file system and identify attempted changes to files, and this is as close to a Spyware detector as we will find on Linux, I think.


© Nig's Net Written using the Bluefish HTML Editor on RedHat 9.0.

All Copyrights and Trademarks ACK'd. Not to do so would be a SYN!