Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Inherent limitations of Linux systems network security     - C language preprocessor command (Programming)

- Docker deployment practices in Ubuntu (Server)

- Setup Qt development environment under Linux (Linux)

- Ubuntu the ARP (arptables) (Linux)

- How to configure FirewallD in RHEL / CentOS 7 and Fedora in (Linux)

- Changes in C # asynchronous programming model (Programming)

- CentOS 6.6 command-line automatic completion (Linux)

- C ++ based foundation: the difference between C and C ++ (Programming)

- Confrontation dragged Library - Web front-end encryption slow (Linux)

- Linux common network tools: ping host sweep (Linux)

- CentOS6 5 Configure SSH password Free (Linux)

- Nginx Proxy timeout Troubleshooting (Server)

- Install Oracle database error process of [INS-35172] (Database)

- Java Foundation - The relationship between abstract classes and interfaces (Programming)

- CentOS How quickly customize kernel binary RPM package (Linux)

- Linux Command study manual - GPG command (Linux)

- CentOS static IP network configuration (Linux)

- Rman Oracle database backup and recovery plan (Database)

- DRBD + Heartbeat solve NFS single point of failure (Server)

- Linux Operating System Security Study (Linux)

 
         
  Inherent limitations of Linux systems network security
     
  Add Date : 2017-04-13      
         
       
         
  Linux provides a shortcut for the independent development of the operating system to other countries outside the United States. Mainly because the Linux operating system itself is open source code, the operating system developer can freely modify the source code and recompile into binary machine code,

Linux provides a shortcut for the independent development of the operating system to other countries outside the United States. Mainly because the Linux operating system itself is open source code, the operating system developer can freely modify the source code and recompile into binary machine code, which means that users of the system and network security can be the source code according to their needs in after studies be modified so easily have their own version of the operating system. And especially in network security, Linux on firewalls and other network security protocol source code openness so that businesses can learn more about operating system security vulnerabilities and loopholes that exist, by modifying the source code to reinforce the consolidation of security. But only the source code is open and can not solve the problem of unsafe network. Because the source code compiler compiler GCC and the Linux kernel (Kernel) program itself has many weaknesses, which resulted hiding behind a firewall Linux system program continues to be extremely vulnerable to cyber attacks by hackers.

Firewall provides only basic network protection

The main purpose of a firewall is to block unnecessary ports, communications and network data transfer filter. But as long as there is an open port, network attack is inevitable. Units such as general web server port, usually port 80, the web server main task is to send users to the page must be open throughout the day. Hackers can easily port through the firewall in order to attack the server through a No. 80 by browsing the HTTP protocol. For example, he said, as if the firewall is an intensive barbed wire, though it can block attack wild beasts, but the wasp mosquito or can easily pass through.

GCC caused by the inherent vulnerability vulnerable servers

Since the GCC from the era before the Internet, so many special cases by the network derived unprepared. GCC has many inherent weaknesses, including the output of the command printf insufficient checks on the two special status check and inadequate value of the variable parameter value range, these two will lead to a breakthrough memory address vulnerable to attack. Compiled by the GCC processing from the Linux server naturally carries the GCC weaknesses. This situation is very similar to inherited genetic disease, as long as the GCC compiled programs have this genetic vulnerability. Hacker through port 80 can be composed of servers printf strange numerical sent via HTTP protocol or other parameters in the memory or input super ultra-small value, the server program for this special status will be overwhelmed casually read the memory address in the memory and content, hackers after receiving memory address can be modified so as to achieve a variety of illegal purposes from paralysis to modify web content servers.

GCC is the principal compiler Linux, Unix and BSD system source code

Repaired computer programming courses are mostly friends used GCC. GCC is a C / C ++ language and other languages compiled binary large programs. Unix family has three independent members, they are the American Telephone and Telegraph Company (AT & T) of Unix, Berkeley (UCBerkley) of the BSD and Linux. GCC is currently the main compiler tools Unix family of operating systems, existing server compiled by the GCC made countless worldwide, which means that hackers can against the object base is very large.

To cure the symptoms

GCC vulnerabilities can be protected through the source code to make modifications. Such as a network server source code, all user input parameters Parameter Value range detection of large and ultra-small input values are not passed. However, this approach makes the source code number and complexity greatly increased, both time-consuming and difficult to maintain. While improving the GCC compiler program is a better way. Linux, the unit has been for as long as the safety improvements of the new version of the existing GCC source code recompilation security level can easily be raised to a new level. The world has a number of organizations and individuals are working on research and development to improve the GCC. American Immunix (Translation: immune Unix) is the world's first company to commercialize GCC improved version of the high-tech companies. The program is part of the company GCC improved the range of the GPL, which is to improve the compiler GCC modify the source code itself is public.

Network security outlook is not optimistic

Although several major loopholes can be achieved by the GCC amendments and supplements to fill, but because GCC program is very large, potential vulnerabilities that may exist or a lot. As the saying goes: "one foot in mind that" hackers worldwide are all kinds of potential vulnerability for GCC and Linux and Microsoft operating system kernel conduct painstaking research, network security, the current situation is "easy to attack and hard defend "hackers after the discovery of new vulnerabilities can be quickly launched a massive attack, find the vulnerabilities are located and subsequent remedies is relatively slow.

I believe that China's own operating system development and is a source of independent encouraging thing, but the source code compiler is also important to learn and understand.
     
         
       
         
  More:      
 
- The difference between statement and preparedStatement of the jdbc (Database)
- To compile and install OpenCV-2.3.1 FFmpeg-2.1.2 under CentOS (Linux)
- C ++ Supplements - Virtual Function Principle (Programming)
- Ubuntu set Swap Space Tutorial (Linux)
- Nginx + ownCloud + PHP + MySQL to build personal private cloud under CentOS7 (Server)
- Quickly locate the mistakes by gdb location (Programming)
- Standardized UNIX command-line tool (Linux)
- VPS xen openvz kvm (Server)
- Linux compression and decompression command (Linux)
- CentOS 6 / Linux su: Unable to set user ID: Resource temporarily unavailable (Linux)
- View processes and threads under Linux (Linux)
- Java to achieve local fileCopy (Programming)
- Learning the Linux powerful network management capabilities (Linux)
- Linux static library generated Guide (Programming)
- Netapp storage routine inspections and information gathering (Linux)
- Dialogue UNIX:! $ # @ *% (Linux)
- to compile FFmpeg In Ubuntu (Linux)
- HTML5 postMessage cross-domain data exchange (Programming)
- Use MD5 transform algorithm to prevent exhaustive decipher passwords (Linux)
- Into the Java keyword instanceof (Programming)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.