issue83:securite
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
issue83:securite [2014/08/28 15:52] – frangi | issue83:securite [2014/09/02 14:27] (Version actuelle) – andre_domenech | ||
---|---|---|---|
Ligne 6: | Ligne 6: | ||
MB: Lynis is used for auditing and hardening a system. However, it does not harden the system itself. It is up to the system administrator to pick the right tools and configure them according to the goals of the system. Whitelisting is a generic concept and usually better than blacklisting. The main reason is that you can define upfront what you want to accept, instead of deciding what is possibly bad. Several software packages support some ways of whitelisting, | MB: Lynis is used for auditing and hardening a system. However, it does not harden the system itself. It is up to the system administrator to pick the right tools and configure them according to the goals of the system. Whitelisting is a generic concept and usually better than blacklisting. The main reason is that you can define upfront what you want to accept, instead of deciding what is possibly bad. Several software packages support some ways of whitelisting, | ||
** | ** | ||
+ | |||
+ | De Thomas Brooks : Dans le cadre du processus de détermination du renforcement de la sécurité, est-ce que Lynis offrira la possibilité d' | ||
+ | MB : Lynis, dans sa forme actuelle, sera principalement dédié à vérifier les systèmes et à fournir de l'aide aux propriétaires. Renforcer automatiquement est possible, mais en raison des risques encourus, tout ne sera pas entièrement automatisé. Pour les clients de la version Lynis Entreprise, cependant, des scripts seront fournis pour aider au renforcement, | ||
+ | |||
+ | De Thomas Brooks : Les listes blanches, plus encore que les listes noires, semblent être parmi les outils les plus utiles pour empêcher un système de se connecter à un serveur compromis. Lynis offrira-t-il une telle fonctionnalité ? Avez-vous des recommandations ? | ||
+ | MB : Lynis est utilisé pour la vérification et le renforcement d'un système. Cependant, il ne renforce pas lui-même le système. C'est à l' | ||
** | ** | ||
Ligne 11: | Ligne 17: | ||
MB: Rootkits are a special case of malware (malicious software), as their main goal is to provide the attacker with a backdoor into the system, and, additionally, | MB: Rootkits are a special case of malware (malicious software), as their main goal is to provide the attacker with a backdoor into the system, and, additionally, | ||
** | ** | ||
+ | |||
+ | De Jim Barber : Comment détecter et supprimer les rootkits ? | ||
+ | MB : Les rootkits sont un cas particulier de malware (logiciel malveillant), | ||
** | ** | ||
From Jim Barber: Also, I have heard of a trojan horse that is currently in the wild for Linux. How can it be detected and dealt with? | From Jim Barber: Also, I have heard of a trojan horse that is currently in the wild for Linux. How can it be detected and dealt with? | ||
- | MB: Trojan horses and backdoors are common on most platforms. The best way is to avoid them by not using untrusted software (e.g. not using software not in repositories). Malicious binaries can be detected with common malware detection tools like ClamAV, Rootkit Hunter, Chkrootkit, OSSEC, and file integrity tools like AIDE, Samhain and Tripwire. | + | MB : Trojan horses and backdoors are common on most platforms. The best way is to avoid them by not using untrusted software (e.g. not using software not in repositories). Malicious binaries can be detected with common malware detection tools like ClamAV, Rootkit Hunter, Chkrootkit, OSSEC, and file integrity tools like AIDE, Samhain and Tripwire. |
From Wade Smart: [Regarding backdoor control of systems] How can I explain [to Linux users] the reality of what is possible compared to what is probable? | From Wade Smart: [Regarding backdoor control of systems] How can I explain [to Linux users] the reality of what is possible compared to what is probable? | ||
- | MB: The best way to explain to others what is real, is to find real malicious software and try it in a sandbox environment (e.g. a virtual machine without network connections). Surprisingly enough, there are many attacks (and samples) available, yet it takes some time to find or investigate them. Some are even hard to get them working! Backdoor control, in general, is always possible, especially if one achieved root access to the system. Can we trust the whole chain of people who worked on an operating system? Can we trust the compilers which build the binaries we are using? At some stage, we simply have to trust others. For normal Linux users, keeping their systems patched should be the number one priority. People who are still not feeling safe might switch to OpenBSD: less functionality, | + | MB : The best way to explain to others what is real, is to find real malicious software and try it in a sandbox environment (e.g. a virtual machine without network connections). Surprisingly enough, there are many attacks (and samples) available, yet it takes some time to find or investigate them. Some are even hard to get them working! Backdoor control, in general, is always possible, especially if one achieved root access to the system. Can we trust the whole chain of people who worked on an operating system? Can we trust the compilers which build the binaries we are using? At some stage, we simply have to trust others. For normal Linux users, keeping their systems patched should be the number one priority. People who are still not feeling safe might switch to OpenBSD: less functionality, |
** | ** | ||
+ | |||
+ | De Jim Barber : J'ai aussi entendu parler d'un cheval de Troie pour Linux qui se trouve actuellement dans la nature. Comment peut-il être détecté et géré ? | ||
+ | MB : Les chevaux de Troie et les portes dérobées sont communs sur la plupart des plates-formes. | ||
+ | |||
+ | De Wade Smart : [En ce qui concerne le contrôle de systèmes par porte dérobée.] Comment puis-je expliquer [aux utilisateurs de Linux] la réalité de ce qui est possible par rapport à ce qui est probable ? | ||
+ | MB : La meilleure façon d' | ||
issue83/securite.1409233921.txt.gz · Dernière modification : 2014/08/28 15:52 de frangi