Security and the much needed unification of servers

Thursday, 23 October 2003, 12:17 PM EST

Today news sites repeated the monthly Microsoft execute says “Linux is insecure” articles. And while they are comparing apples with eggs (as Linux distributions ship with far more servers and network services than Microsoft offers), it’s hard to deny the fact that Linux is also insecure. Essential and security critical packages like OpenSSH, LSH and OpenSSL had exploits in the last weeks and this should have convinced the last conservatives that it is not possible to write a complex server in C without having a remote exploit per year. All these exploits were caused by manual memory management that is relatively hard to avoid in C. But that’s not even the point that I want to make, you can also have security problems in other languages. What free software (and also the proprietary competition mostly) lacks is a way to make securing your computer easy.

Let’s assume a somewhat experienced user wants to find out which TCP/UDP ports are open, reconfigure all servers to accept only local IP addresses and otherwise shut the service down. In an ideal world the user could use some administration GUI to get a list of all ports that are open, with a user friendly service name (not the path of the binary!) for each port. Then the user right-clicks each of them and selects “Configure this service", a configuration GUI for the service appears and the user does the neccessary configuration.

[ Read more ]

Related items


The price of the Internet of Things will be a vague dread of a malicious world

Regulatory practices assume untrustworthy humans living in a reliable universe. People will be tempted to lie if they think the benefits outweigh the risks, but objects won't.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Oct 8th