Professional Documents
Culture Documents
!
New ways to exploit operating systems are discovered every day. The Unix OS is no
exception to these types of weaknesses. According to the article Linux Security (2003), these
faults are not always because of the OS, but can also be caused by flaws in software running on
the host. Offenders attack specific applications, and not necessarily the OS itself.
There are two common vulnerabilities that can affect all Unix flavors. These
vulnerabilities are Buffer Overflows and Format Errors. Per Green (2003), buffer overflows
accounted for 60 percent of all CERT advisories. Either of these attack methods can be used to
inject code into Unix based systems that take over application daemons running on those
systems. An example of a buffer overflow attack is the Slapper worm, which exploited
Application flaws are commonly the root causes of security exploits. Using Linux
Auditing tools can help identify coding errors that may create these types of vulnerabilities. This
is one step in following what is known as secure programming techniques. This methodology
consists of using software tools to scan applications for buffer overflow and format errors.
Examples of these types of tolls are Rough Auditing Tool for Security (RATS), Flawfinder, and
Boon. Along with using these types of tools, having good patch management practices can also
help with securing systems. Applications and operating systems should be updated regularly,
and security strategies should also be visited frequently to help maintain system security
integrity.
Green, A. (2003). Linux Security. Faulkner Information Services. Retrieved July 4, 2010 from