• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Linux is secure…right?

Linux is secure…right?

  • Posted on:June 15, 2017
  • Posted in:Business, Security
  • Posted by:
    Pawan Kinger (Director, Deep Security Labs)
0

“There are no threats for Linux servers. Aren’t they built to be secure?”

“Linux servers are secure and hardened, why do we need additional security controls on those?”

“I do understand there are threats out there but I am not aware of any major attacks on Linux servers”

If you find yourself nodding as you read these statements, you’re not alone.

There is a common belief that Linux servers are more secure and less vulnerable than Windows servers.

Although there is some truth in the belief, the reality is that Linux servers need protection (and the applications they host) and by ignoring this you are putting your business at unnecessary risk.

Widespread and increasing use

There was a time not too long ago when Linux was a ‘geek’ OS, the domain of command line management and limited enterprise use. Those days are definitely gone, clearly illustrated by things like Gartner pegging the global OS growth for Linux at 13.5%[1], as well as the prevalence of Linux in the public cloud environment, as demonstrated by the fact that approximately 90% of workloads in AWS EC2 are running some variant of Linux. With such widespread use for sensitive enterprise applications, it’s no small wonder that there is an increasing focus on attacking Linux servers, as evidenced in the recent ransomware attack in South Korea that used a Linux-focused ransomware attack called Erebus that impacted the web sites, databases, and multi-media files of 3,400 businesses.

Secure, but still vulnerable

With more and more servers moving beyond the enterprise boundary and into the cloud, network protection at the host-level becomes increasingly important, as workloads need to defend themselves vs. having a perimeter around them. And remember, workloads include the applications that sit on top of Linux…it’s more than just the OS.

Having a host-based Intrusion Prevention System (IPS) will help protect against vulnerabilities in core operating system AND the application stack running on top. Great examples of network-accessible vulnerabilities with wide-spread impacts are the recent Apache Struts-2 issue, Heartbleed and Shellshock, but there are many more. And just because a vulnerability, like Heartbleed, is a couple years old doesn’t mean that applications and servers are not still vulnerable. In a recent Shodan survey, it showed that Heartbleed was still an available vulnerability on more than 180,000 servers around the world, with the majority of them in the US!

[1] Gartner, “Market Share Analysis: Server Operating Systems, Worldwide, 2016”, ID#G00318388, May 26, 2017

If you run a web server on Linux (running on at least 37 percent of the web servers out there according to W3Techs), you need protection against vulnerabilities affecting them, including Apache, Nginx, etc.

 

  Vulnerabilities Covered in and after 2014 (approx.) Before 2014 (approx.) Total
Non-Windows OS and Core Services 80 230 310
Web Servers 114 472 586
Application Servers 255 319 574
Web Console/Management Interfaces 113 453 566
Database Servers 10 218 228
DHCP, FTP, DNS servers 9 82 91

Table 1: Vulnerabilities Protected by Deep Security

 

It is very important to not confuse vulnerabilities with threats. While there may be fewer known threats for Linux, if you look at the National Vulnerability Database, there are a similar number of vulnerabilities reported for both Linux, and Windows operating systems.

Malware, designed for Linux

Contrary to popular belief, there is a lot of malware for the Linux platform. While the numbers in comparison to Microsoft Windows are not quite as high, there are still tens of thousands of pieces of malware designed for Linux, including the Erebus ransomware mentioned above.

Deploying ONLY anti-malware is inadequate for protecting servers. However, most attacks on datacenters that lead to breach involve the installation of malware as part of the attack chain.  This is why compliance and security frameworks such as PCI-DSS (Section #3), SANS CIS Critical Security Controls (Section #8), and NIST Cybersecurity Framework (Section DE.CM-4) all continue to recommend anti-malware as a best practice.

Layered security for Linux workloads

It’s clear that there is no silver bullet when it comes to server security, and that businesses should be using a layered security approach to protect vulnerable Linux workloads. Beyond anti-malware and IPS, there are a number of controls that will help to build a robust Linux strategy:

  • Application Control: helps ‘lock down’ the Linux host to prevent any unknown process or script from running. This prevents the malware from running in the first place or attackers from taking advantage of backdoors that it might have placed on the server.
  • Integrity Monitoring: A new threat is likely to make changes to the system somewhere (ports, protocol changes, files), so it’s important to watch for these. Integrity monitoring helps with monitoring the system for any changes outside of an authorized change window, which tend to be few for typical production workloads.
  • Log Inspection: Scans log files and provides a continuous monitoring process to help identify threats early in the cycle. Attacks like SQL Injection, command injection, attacks against APIs can be seen in the logs and then action taken.

The lesson we learn here is that although Linux is a more secure and reliable operating system option, it’s not your cure-all solution when it comes to security. Like any other OS, some assembly and maintenance is required, and it’s your responsibility to adopt a multi-layered security strategy, including managing regular updates and adding additional security controls to protect the servers AND the applications running on them. To learn more about Linux vulnerabilities and how to protect against them using Trend Micro Deep Security, read our short research paper here.

Related posts:

  1. Windows Server 2003: The Last 62 Days
  2. Windows Server 2008 End of Support: Are you Prepared?
  3. Patch Your Servers, Your Phones and your IoT devices?
  4. Apple, Linux SSL/TLS vulnerabilities show that security can’t be taken for granted

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.