Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Inherent limitations of Linux systems network security     - SQL Server 2008 database synchronization Notes (Database)

- Using BBED repair ORA-01190 error (Database)

- Oracle TAF Analysis (Database)

- C ++ 11 feature: decltype keywords (Programming)

- The temporary operation of the document mkstemp on Linux (Linux)

- Parameters of the extra port MySQL 5.6 (Database)

- Nginx multi-domain certificate HTTPS (Server)

- Use Linux built-in firewall to improve network access control (Linux)

- UUID in Java (Programming)

- Without Visual Studio .NET Windows application development (Programming)

- Binary tree traversal: the first sequence in order preorder recursive and non-recursive and traversal sequence (Programming)

- Fedora && Arch Linux - the most romantic thing to happen now (Linux)

- ORA-4031 error Solution (Database)

- Android webView URL redirects affect goBack () (Programming)

- C ++ handling text input (Programming)

- Firewall chapter of Linux server security configuration (Linux)

- C # get the current screenshot (Programming)

- Linux into single user mode to modify the administrator password (Linux)

- SQL MySQL query table duplicate data (Database)

- Ubuntu install perfectly handsome terminal Guake 0.8.1 (Linux)

 
         
  Inherent limitations of Linux systems network security
     
  Add Date : 2017-04-13      
         
       
         
  Linux provides a shortcut for the independent development of the operating system to other countries outside the United States. Mainly because the Linux operating system itself is open source code, the operating system developer can freely modify the source code and recompile into binary machine code,

Linux provides a shortcut for the independent development of the operating system to other countries outside the United States. Mainly because the Linux operating system itself is open source code, the operating system developer can freely modify the source code and recompile into binary machine code, which means that users of the system and network security can be the source code according to their needs in after studies be modified so easily have their own version of the operating system. And especially in network security, Linux on firewalls and other network security protocol source code openness so that businesses can learn more about operating system security vulnerabilities and loopholes that exist, by modifying the source code to reinforce the consolidation of security. But only the source code is open and can not solve the problem of unsafe network. Because the source code compiler compiler GCC and the Linux kernel (Kernel) program itself has many weaknesses, which resulted hiding behind a firewall Linux system program continues to be extremely vulnerable to cyber attacks by hackers.

Firewall provides only basic network protection

The main purpose of a firewall is to block unnecessary ports, communications and network data transfer filter. But as long as there is an open port, network attack is inevitable. Units such as general web server port, usually port 80, the web server main task is to send users to the page must be open throughout the day. Hackers can easily port through the firewall in order to attack the server through a No. 80 by browsing the HTTP protocol. For example, he said, as if the firewall is an intensive barbed wire, though it can block attack wild beasts, but the wasp mosquito or can easily pass through.

GCC caused by the inherent vulnerability vulnerable servers

Since the GCC from the era before the Internet, so many special cases by the network derived unprepared. GCC has many inherent weaknesses, including the output of the command printf insufficient checks on the two special status check and inadequate value of the variable parameter value range, these two will lead to a breakthrough memory address vulnerable to attack. Compiled by the GCC processing from the Linux server naturally carries the GCC weaknesses. This situation is very similar to inherited genetic disease, as long as the GCC compiled programs have this genetic vulnerability. Hacker through port 80 can be composed of servers printf strange numerical sent via HTTP protocol or other parameters in the memory or input super ultra-small value, the server program for this special status will be overwhelmed casually read the memory address in the memory and content, hackers after receiving memory address can be modified so as to achieve a variety of illegal purposes from paralysis to modify web content servers.

GCC is the principal compiler Linux, Unix and BSD system source code

Repaired computer programming courses are mostly friends used GCC. GCC is a C / C ++ language and other languages compiled binary large programs. Unix family has three independent members, they are the American Telephone and Telegraph Company (AT & T) of Unix, Berkeley (UCBerkley) of the BSD and Linux. GCC is currently the main compiler tools Unix family of operating systems, existing server compiled by the GCC made countless worldwide, which means that hackers can against the object base is very large.

To cure the symptoms

GCC vulnerabilities can be protected through the source code to make modifications. Such as a network server source code, all user input parameters Parameter Value range detection of large and ultra-small input values are not passed. However, this approach makes the source code number and complexity greatly increased, both time-consuming and difficult to maintain. While improving the GCC compiler program is a better way. Linux, the unit has been for as long as the safety improvements of the new version of the existing GCC source code recompilation security level can easily be raised to a new level. The world has a number of organizations and individuals are working on research and development to improve the GCC. American Immunix (Translation: immune Unix) is the world's first company to commercialize GCC improved version of the high-tech companies. The program is part of the company GCC improved the range of the GPL, which is to improve the compiler GCC modify the source code itself is public.

Network security outlook is not optimistic

Although several major loopholes can be achieved by the GCC amendments and supplements to fill, but because GCC program is very large, potential vulnerabilities that may exist or a lot. As the saying goes: "one foot in mind that" hackers worldwide are all kinds of potential vulnerability for GCC and Linux and Microsoft operating system kernel conduct painstaking research, network security, the current situation is "easy to attack and hard defend "hackers after the discovery of new vulnerabilities can be quickly launched a massive attack, find the vulnerabilities are located and subsequent remedies is relatively slow.

I believe that China's own operating system development and is a source of independent encouraging thing, but the source code compiler is also important to learn and understand.
     
         
       
         
  More:      
 
- CentOS use wget (Linux)
- Linux --- file descriptors and redirection (Linux)
- CentOS 6.4 OpenNebula installation (Linux)
- Caffe install under Ubuntu 14.04 64bit (Linux)
- Linux system started to learn: the Linux syslog (Linux)
- Preps - Print within the specified range of IP addresses (Linux)
- Three methods easy data encryption on Linux (Linux)
- C ++ pointer of the (error-prone model) (Programming)
- The default permissions for files and directories under Linux computing (Linux)
- Linux ps command (Linux)
- Compile and install Memcached can not find GCC (Programming)
- Nginx configuration support f4v video format player (Server)
- Android Unzip the ZIP / GZIP data (based on the InflaterInputStream implementation) (Programming)
- Elaborate .NET Multithreading: Using Task (Programming)
- Tomcat configuration memory and remote debug port (Server)
- Linux Security Raiders SSH tools SCP uses examples to explain in detail (Linux)
- VMware virtual machine to install CentOS 7 (Linux)
- The Gitlab migrated to Docker container (Server)
- EChart simple and practical control on chart (Programming)
- Kitematic how seamless and DockerFILE (Server)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.