Linux Distros: When It Absolutely, Positively Has to Be Secure
Security minded Linux users have options if they want to lock their systems down extra-tight. They can jump to a close Linux relative like OpenBSD. If they know what they're doing, they can set ultra-secure configuration options. Or they can choose from a few freely available Linux distros that make security a top priority.
08/12/11 5:00 AM PT
If you use Linux instead of Microsoft Windows, its free availability may well be a deciding factor. But the fact that virus and malware contamination are less likely to take down your Linux computers is no doubt an essential influencing factor as well.
But does using a more popular Linux distro like Canonical's Ubuntu make your system more or less vulnerable than a Linux-on-a-stick variety such as Puppy Linux? More likely than not, if you use any Linux distro, you will compute in a relatively strong security envelope.
Still, some aspects of the open source community are pushing out hybrid Linux distributions that claim to be more secure than your otherwise plain-vanilla Linux distro of choice. So if you want a more hardened Linux configuration, you have options.
One is to ensure that you have all the security-enriched configuration options selected. That could take a Linux systems expert to achieve.
The second option is to use one of a few available ultra-secure Linux distros. The newest candidate for super-secure Linux is Lightweight Portable Security, or LPS. An established alternative is Security Enhanced Linux (SELinux) from the U.S. National Security Agency.
The third choice for having a more secure computing platform is to switch to one of Linux's close family relatives. You could use OpenBSD. This is not really a Linux distro. Instead, it is a Unix derivative.
"It depends on the usage -- desktop, mobile device or server. Even generally for security, OpenBSD is probably the best choice when it comes to tight security. All standard Linux distributions are fairly equal when it comes to security, so it mainly comes down to preference," Rainer Enders, CTO of Americas at NCP Engineering, told LinuxInsider.
Linux Is Linux
From a security perspective of Linux reliability, most attacks occur at the kernel level. All Linux distros use the same kernel, so that is an advantage. But when security really counts, Unix is more secure than Linux, said Enders.
"With Linux the security posture is nearly identical in all distros. So it really doesn't matter which distro you use," he asserted.
The Linux security issue is not like the ongoing debate over which operating system is more secure. We are not comparing Linux to Mac OS and Windows 7. You can generalize about Linux security and say that all distros are secure, he said.
Even the so-called ultra-secure Linux distros are mostly just adaptations and tweaks, he explained. The ultra-secure versions of Linux harden the network connections.
"The difference among distros in Linux is found at the high end. The interface and package management are different, for example," he said.
It's the Layering
Linux is not defined by a single security feature. Instead, it is marked by a series of security layers, according to Matthias Eckermann, SUSE Linux Server Product Manager for Novell. Some distros have more layers than others.
"What makes some distros more secure than others is how those layers are applied. That is the result of a series of factors that include the product's production, its structure or architecture, how configurable it is, and how it is serviced," Eckermann told LinuxInsider.
The special security sauce that SUSE engineers add to configure the company's version of the Linux OS with a minimum set of daemons running. The more running daemons there are, the greater the security risk, said Eckermann.
"Security is a process. This provides users with an infrastructure to maintain and increase their security," he said
Novell's engineers developed SUSE's architecture to minimize the need for open access. That distro has three levels of permissions to open or close the system, noted Eckermann.
For instance, the hardening of the platform is handled by the Yost package system. That makes intrusions more difficult to achieve, he said. A minimum package load starts at 80 packages running for a more lightweight security level.
Also, security choices are integrated into the architecture of SUSE. For example, customers can configure the password aging and the number of daemons running.
"One of the really strong points with Linux is the user can custom compile a unique version to suit specific corporate needs. That is the beauty of using Linux," explained Enders.
But it is also its sticking point. To harden whatever distro you use, you really need to be a systems expert.
"You must really know what you are doing. Otherwise, you could break something in the architecture and be worse off than when you started," warned Enders.
For OSes to be secure, you need to limit the number of operations that are allowed to run. So when you hear about hardening an operating system, that generally refers to reducing the number of operations, according to Charles Kolodgy, research vice president for secure products at research firm IDC.
"Some are just turned off. The better solution is not to load them when the operating system is installed," he told LinuxInsider.
For a secure OS to work, you need to know exactly what operations are needed and which can be discarded. All OSes can be hardened or made more secure. The Unix based operating systems -- including Linux of course -- have more controls built into the OS that allow for more secure customization.
"That is why there have been different secure versions," he said.
Powerful and Complex
Linux is very complex with many touch points. The security issue cuts both ways, Enders explained.
For example, out of the box, a lot of the special network security might not work. One wrong flip of a setting switch can make any distro less secure.
"But that happens in any OS. For instance, even Windows lets you disable the firewall," he said.
Security Is as Security Does
One such ultra-secure option is Lightweight Portable Security (LPS). It boots from an external source such as a thumbdrive from an Intel-based PC or Mac computer. Once loaded, it forms a secure end node. The Software Protection Initiative created LPS under the direction of the Air Force Research Laboratory and the DoD.
It boots a thin Linux operating system but does not mount a local hard drive. It does not install anything and assigns no administrator privileges. LPS comes in three versions. LPS-Public uses Web-based applications. LPS-Public Deluxe adds OpenOffice and Adobe Reader software. LPS-Remote Access only accesses VPN connections (Virtual Private Networks).
"The Lightweight Portable Security is nothing more than a version of Linux that can be booted from a USB drive or CD. It is primarily used in an environment where you want to make sure you have total control of a machine", said Kolodgy.
Enhanced Security Linux
Security Enhanced Linux, or SELinux, is another ultra-secure Linux option. It came out of the NSA to build in Mandatory Access Controls, according to Kolodgy.
"In that way everything the OS does is controlled by policy, and if a person or applications don't have the proper access, they will not be able to get data and/or run programs. You generally wouldn't run this for a whole system, but restrict it to critical systems, like databases," he said.
He is not sure if LPS is more secure than SELinux or other Linux distros. But since LPS is being booted from a USB drive, the set of operations would be more limited as to not make booting take too long. It also avoids any conflicts with installed hardware, he added.
Using Ultra-Secure Linux
Does ultra-secure Linux really make Linux more secure? Ultimately, the question of which Linux version to use when the first priority is security may be a moot point.
"I don't think there is any one release that is better than the others. Most are based on the SELinux work," Kolodgy concluded.
If you narrow your choice to LPS or SEL, one may or may not be better than the other.
The LPS is a great project. If you need something secure, too often the inclination is to build it yourself, from scratch. The LPS folks have been very smart about taking all the excellent open source solutions that already exist, and configuring them to be used in a way that's useful for the DOD, and then sharing their work," Gunnar Hellekson, Red Hat's public sector chief technology strategist, told LinuxInsider.
SELinux is not its own distribution. It is a subsystem of plain-vanilla Linux. SELinux is included in all kinds of Linux distributions, including Red Hat Enterprise Linux, he said.
That said, SELinux provides mandatory access controls. That means that you have fine-grained control over what applications are permitted to do to the system, he explained.
"So if I have an SELinux policy that controls Apache, I can say that Apache may work with this network port, write to a log file, and read this Web content from disk. If someone compromises Apache, even if it's running as root, they'd still only be able to do what SELinux says they can do. So it's very useful -- and mandatory if you want to meet the Common Criteria requirements that the government needs," he concluded.