Erwin, (cc PLUG) On Wed, 21 Nov 2001 at 06:34, Erwin Oliva wrote: > Here's a suggestion: I can e-mail you several questions right now and > hope you could answer it. I'm doing a special report on Internet > security here in the Philippines, and you'll be one of my resources. > Btw, what is your position at PLUG? Are you an officer of the group?
I just forwarded your email (and am CC'ing my reply) to the Philippine Linux Users' Group (PLUG) mailing list. I am not an officer of the group: I'm just an evidently very vocal member. I'm sure (or at least hope) that a lot of more authoritative figures in the IT scene will reply to your questions, helping you with your report on Internet security in the Philippines. If you think it will be correct to cite me for whatever reason in your report, my "official" status will be that of the Network Administrator of The Leather Collection, Inc. > 1. What do the series of attacks by Asian Pride Crew mean for the > level of Internet security in this country? The attacks per se of groups like Asian Pride are nothing new to the computer security scene. It is the success of such attacks as the "4 o Clock Project" that is alarming. The message is clear: security is an important issue now as it was before, and the growing laxity of administrators around the world is a trend that has to be reversed. > 2. Considering that you only tag this group as "script kiddies," are > you saying that security knowledge of local sysads are also > "amateurish?" Why or why not? Groups like Asian Pride are script kiddies because they use exploitative scripts that more often than not they know relatively little of. They are more generally crackers because they use known security exploits to get into systems to do various things from simple "internal" pride, to the defacing of public websites. System Administrators are not made equal, and admittedly with the exponential demand for servers there is a growing lot that either does not know enough to be able to prevent such entries by properly security their configurations, or do not have the resources to keep entire server farms updated with security patches given that they're spread thin and have salaris that don't scale like the need for new servers do. > 3. Why do you classify Asian Pride or even Locusts.org as script > kiddies, or crackers? Have you personally seen their activities? or > even monitored their hacking activities? I have not personally monitored all of the cracking activities of such groups, but know based on other security reports that these are not "unique" entries, in that they invarably make use of known security holes. > 4. How secure is Linux? Some of these script kiddies claim that they > are able to break into Linux systems (particularly ver. 2.2). What are > the "known security holes" in Linux systems? For one thing Linux systems are not vulnerable to worms and virii like the recently widespread ones like Nimda or Sircam. Also, Linux systems are inherently multi-user, and as such fine-grained control lists are built into the system, preventing regular users from doing administrative tasks. But this doesn't make Linux absolutely secure. There are bugs that come out, but because of the nature of open source development, these are fixed (quashed) very quickly. One needs to keep critical servers updated, though, or they will still be vulnerable to exploits taking advantage of these recently-fixed bugs. Also, not all Linux software are made equal. There are software like the Internet Software Consortium's BIND that up to some versions of the 8.x series are prone to overflows that allow remote and local exploits. There are alternatives, though. For the more conservative BINDv9 is much more secure than the previous stable tree. For those willing to venture, Dan J. Bernstein's djbdns has proven to be a very secure system, that I have found to be personally much easier to administer even. And the list goes on. As you will hopefully see, I'm pointing out that Linux is no guarantee for security. However, because of the open nature of GNU/Linux, one can pick between many alternatives to come up with a hardened system. > 5. What is PLUG doing to stop "crackers," script kiddies from breaking > into Linux systems? Education. The PLUG mailing lists are venues for a lot of discussions on not just setting up but securing Linux systems. The only tool we have against these crackers is knowledge. By beating them to the latest security updates, and by using a variety of software, we make it increasingly more difficult for crackers to break into systems we administrate. --> Jijo -- Federico Sevilla III :: [EMAIL PROTECTED] Network Administrator :: The Leather Collection, Inc. GnuPG Key: <http://jijo.leathercollection.ph/jijo.gpg> _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
