The Linux server market is expected to grow by 35% from last year, according to research firm IDC. Many of these Linux systems are replacing Unix in corporations looking to reduce IT costs. However, at the same time, there are more attacks on Linux than ever before. So, if you're considering a migration from your Unix systems to Linux, it's important to keep security in mind.
Common Unix/Linux vulnerabilities
Native Unix and Linux operating systems share many of the same security vulnerabilities. For example, both operating systems don't allow delegation of administrative privileges - particularly tasks that require root-level authority. As a result, many companies find that too many users have more authority than they need while also sharing the root password.
Also, both Unix and Linux provide limited logging capabilities by capturing system activity through syslog. However, security information captured in syslog is limiting and may not meet regulatory requirements such as those established by the Health Insurance Portability and Accountability Act or the Gramm-Leach-Bliley Act, nor will it help in troubleshooting and forensics.
Parting of ways
There are, however, security differences to consider when migrating from Unix to Linux. Some of these differences include:
Freeware/shareware utilities: The Linux community depends on freeware/shareware utilities for important security services such as Secure Shell, Secure Sockets Layer and even Lightweight Directory Access Protocol, which is used by some organizations for basic authentication. The shared object libraries and binaries of these services may not be compatible with Unix data resources and may require rekeying and reconfiguration.
Password storage: Both native Unix and Linux provide simple passwords for user authentication. However, administrators may not be able to simply copy passwords from their Unix system to their new Linux machines. Under Unix, passwords are stored by default in /etc/passwd. However, Linux uses the shadow file instead.
Password hashing: Although both Unix and Linux provide a password-hashing algorithm, the algorithm may not be the same. Under this scenario, users could be denied access to their Linux systems using their Unix password.
Compatibility of system services: Another consideration is that some Linux services may be incompatible with Unix services or configuration. For example, inetd (a daemon program that listens for connection requests or messages for certain ports and starts server programs) may be deployed on a Unix system, whereas on the Linux system, xinetd (a secure replacement for inetd) may be installed.
With these differences, migrating to Linux may provide you with an opportunity to strengthen security policies as well as to communicate and train employees on these new policies.
Limitations of Unix/Linux security
Although both Unix and Linux operating systems provide native services to develop and implement security policies, there are limitations. Some of the features that native services lack are granular delegation of root, administrative privileges, mixed-character passwords and log-in control. For advanced security services such as these, you need to look to outside solutions. Many third-party commercial products provide detailed logs that include the ability to track every log-in event and password activity, such as employees who reuse the same or similar passwords. The additional information captured in these logs increases the odds of meeting regulatory compliance and reduces the time required to troubleshoot systems that may have inadvertently been brought down.
Secure them all
Finally, if you're like many companies, migrating to Linux may not mean eliminating all of your Unix systems. If this is the case, you will need to secure a heterogeneous Unix and Linux environment. Third-party commercial products often support multiple versions of Unix and Linux that can address some of the differences noted earlier while providing a method to deploy uniform security policies across different operating systems. In addition, central administration tools reduce the costs to develop, implement and maintain security policies.
Although migrating from Unix to Linux is a less painful process than moving from Windows to Linux, the differences in Unix and Linux security services need to be given attention to avoid introducing security vulnerabilities or disrupting business operations.
- Suzanne Dickson is vice president of marketing at Agoura Hills, Calif.-based Symark Software Inc., a company specializing in Unix/Linux security solutions.