Originally Published: Friday, 20 July 2001 Author: Matt Michie
Published to: enchance_articles_security/Basic Security Articles Page: 1/1 - [Printable]

Number Nine, Number Nine: Linux at Defcon 9

Linux.com editorial correspondent Matt Michie went underground at this year's Defcon 9 in Las Vegas Nevada. Las Vegas burns so much power it is visible from space, check out how the Defcon folks used their energy.

   Page 1 of 1  

At Defcon, the self-described "largest underground Internet security gathering on the planet", it's sometimes said that the conference can't be described only experienced. Like many apocryphal sayings there is some truth to this. Put together 4,500 independent minded, free Unix running, security conscious geeks in Las Vegas, Nevada together with various three lettered government agents for a weekend and there is bound to be some interesting situations.

Quite a number of the attendees run Linux and there were several talks focused specifically on Linux security. During one, the Kernel Intrusion System (KIS) was released. KIS consists of a GUI client and a Linux kernel module which when used together allow a potentially malicious user to hide files, hide processes, shutdown the server, and hide network connections.

Writing kernel modules seems to be an emerging trend for root kits and other Linux cracker tools. Once the attacker gains root access, they can modify the kernel or dynamically insert a module that completely hides all their processes and network connections from the unsuspecting admin.

Jay Beale from Mandrake gave a great introduction to the Bastille Linux hardening script. Originally, the Bastille project was founded to put together a security oriented Linux distribution. Once the founders realized how much work this entailed, they decided to instead focus on a hardening script that would help secure Red Hat Linux. Since then, Jay has been hired by Mandrake to continue this work and Bastille has been ported to run to other distributions such as Mandrake and Suse. Mandrake now includes Bastille by default on its distribution.

Jay demonstrated the latest version of Bastille that has a new graphical interface, making Bastille even easier for beginning users. The early versions of Bastille would harden a clean system with very little user interaction. As feedback was given to the developers, the Bastille members realized that they needed to expand their goals to include user education. Users were surprised and angered to suddenly find that they couldn't telnet to their machines, for instance, after installing the script.

It now became important to explain how and why telnet was insecure. Once the user was informed, they could then make the right decision on whether or not they wanted to disable the telnet daemon. If a user had installed Bastille and followed its recommendations, many of the security problems that have plagued Red Hat and others may have been avoided. As Linux matures, solutions like Bastille are becoming a necessity, especially as more users blindly install a Linux server on their broadband connections without understanding the security implications. Perhaps more distributions will follow Mandrake's lead and have Bastille available by default.

Jay also mentioned that HP was helping Bastille along for a port onto HPUX. Irix and Solaris were other potential platforms that Bastille is looking at moving onto. This allows sysadmins to create a default security policy for all of their Unix machines, and perhaps tighten up areas they wouldn't have thought to tighten. Bastille Linux is available for download at Bastille-Linux.org.

Bruce Schneier, the noted cryptographer and author answered audience questions for an hour. He re-emphasized that security is a process not a product, and how mathematically good crypto gets screwed up in the implementation. He also mentioned that he is planning to write another book, which is great for the fans of Applied Cryptography and Secrets and Lies. Many questions came straight from his monthly crypto-gram newsletter.

The Cult of the Dead Cow's talk was a departure from some of their usual antics, with Dr. Patrick Ball, from the American Association for the Advancement of Science's Science and Human Rights Program talking for most of the presentation. Dr. Ball showed how important it was for technically adept computer users to support human rights issues with their knowledge and experience. Unfortunately, many human rights groups use Microsoft Word for important documents that embeds a globally unique identifier in every document. For some groups, this can be life threatening.

Tools like PGP/GPG and other free software can fix many of these problems. They also have a strong need for good database software and more importantly admins to help them run it all. Free software can solve many of these problems, but they need free software users and admins even more. The Martus Project, a tool for human rights group information storage and retrieval is being developed and released using Open Source Methodology.

Another speaker was arrested at the behest of the Adobe Corporation for describing ways to break their e-book "encryption". One of these encryption methods listed is ROT-13, which was considered advanced in the time of Julius Caesar, but can be easily broken today using pen and paper techniques. On a computer, it can be "broken" with one line of Perl. Anyone who has read Richard Stallman's The Right to Read can immediately recognize the frightening aspect of someone being arrested for helping someone read a book.

In the end, Defcon was more about meeting new people as well as first face to face meetings of IRC friends. For people living in a town of 3,000, with no broad-band and no one else using Linux, much less a user group, Defcon was a place they could talk about their issues and be immediately understood. See everyone next year!

Matt Michie exists in the New Mexican desert. Please visit his web site at http://daimyo.org.

   Page 1 of 1