Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Inherent limitations of Linux systems network security     - Git bulk delete remote tag (Linux)

- CentOS x86 64bit upgrade to 2.7 Python2.6 (Linux)

- rsync + inotify to achieve real-time synchronization (Server)

- Ubuntu 14.04 LTS next upgrade gcc to gcc-4.9, gcc-5 version (Linux)

- Getting case of Python Hello World (Programming)

- Ubuntu comes with gedit editor to add Markdown preview widget (Linux)

- SHELL script to use anti SSH brute force and vsftpd (Linux)

- XenServer Virtual Machine Installation --- first ISO image file storage expansion (Linux)

- How to Create a file can not be changed under Linux (Linux)

- Linux kernel VLAN study notes (Programming)

- PXE + Kickstart automatically install CentOS 6.5 (Linux)

- Linux log management make the system more secure (Linux)

- Spring MVC Exception Handling (Programming)

- CentOS 6.6 installation certification system based on the ftp service (Server)

- Linux process scheduling opportunity (Programming)

- Linux System Getting Started Learning: Debian download, installation and graphical interface (Linux)

- CentOS cross compiler core Raspberry Pi 2 (Linux)

- MySQL 5.6 master-slave replication configuration (Database)

- Terminal fun: 6 interesting Linux command-line tools (Linux)

- Linux installed PCRE (Linux)

  Inherent limitations of Linux systems network security
  Add Date : 2017-04-13      
  Linux provides a shortcut for the independent development of the operating system to other countries outside the United States. Mainly because the Linux operating system itself is open source code, the operating system developer can freely modify the source code and recompile into binary machine code,

Linux provides a shortcut for the independent development of the operating system to other countries outside the United States. Mainly because the Linux operating system itself is open source code, the operating system developer can freely modify the source code and recompile into binary machine code, which means that users of the system and network security can be the source code according to their needs in after studies be modified so easily have their own version of the operating system. And especially in network security, Linux on firewalls and other network security protocol source code openness so that businesses can learn more about operating system security vulnerabilities and loopholes that exist, by modifying the source code to reinforce the consolidation of security. But only the source code is open and can not solve the problem of unsafe network. Because the source code compiler compiler GCC and the Linux kernel (Kernel) program itself has many weaknesses, which resulted hiding behind a firewall Linux system program continues to be extremely vulnerable to cyber attacks by hackers.

Firewall provides only basic network protection

The main purpose of a firewall is to block unnecessary ports, communications and network data transfer filter. But as long as there is an open port, network attack is inevitable. Units such as general web server port, usually port 80, the web server main task is to send users to the page must be open throughout the day. Hackers can easily port through the firewall in order to attack the server through a No. 80 by browsing the HTTP protocol. For example, he said, as if the firewall is an intensive barbed wire, though it can block attack wild beasts, but the wasp mosquito or can easily pass through.

GCC caused by the inherent vulnerability vulnerable servers

Since the GCC from the era before the Internet, so many special cases by the network derived unprepared. GCC has many inherent weaknesses, including the output of the command printf insufficient checks on the two special status check and inadequate value of the variable parameter value range, these two will lead to a breakthrough memory address vulnerable to attack. Compiled by the GCC processing from the Linux server naturally carries the GCC weaknesses. This situation is very similar to inherited genetic disease, as long as the GCC compiled programs have this genetic vulnerability. Hacker through port 80 can be composed of servers printf strange numerical sent via HTTP protocol or other parameters in the memory or input super ultra-small value, the server program for this special status will be overwhelmed casually read the memory address in the memory and content, hackers after receiving memory address can be modified so as to achieve a variety of illegal purposes from paralysis to modify web content servers.

GCC is the principal compiler Linux, Unix and BSD system source code

Repaired computer programming courses are mostly friends used GCC. GCC is a C / C ++ language and other languages compiled binary large programs. Unix family has three independent members, they are the American Telephone and Telegraph Company (AT & T) of Unix, Berkeley (UCBerkley) of the BSD and Linux. GCC is currently the main compiler tools Unix family of operating systems, existing server compiled by the GCC made countless worldwide, which means that hackers can against the object base is very large.

To cure the symptoms

GCC vulnerabilities can be protected through the source code to make modifications. Such as a network server source code, all user input parameters Parameter Value range detection of large and ultra-small input values are not passed. However, this approach makes the source code number and complexity greatly increased, both time-consuming and difficult to maintain. While improving the GCC compiler program is a better way. Linux, the unit has been for as long as the safety improvements of the new version of the existing GCC source code recompilation security level can easily be raised to a new level. The world has a number of organizations and individuals are working on research and development to improve the GCC. American Immunix (Translation: immune Unix) is the world's first company to commercialize GCC improved version of the high-tech companies. The program is part of the company GCC improved the range of the GPL, which is to improve the compiler GCC modify the source code itself is public.

Network security outlook is not optimistic

Although several major loopholes can be achieved by the GCC amendments and supplements to fill, but because GCC program is very large, potential vulnerabilities that may exist or a lot. As the saying goes: "one foot in mind that" hackers worldwide are all kinds of potential vulnerability for GCC and Linux and Microsoft operating system kernel conduct painstaking research, network security, the current situation is "easy to attack and hard defend "hackers after the discovery of new vulnerabilities can be quickly launched a massive attack, find the vulnerabilities are located and subsequent remedies is relatively slow.

I believe that China's own operating system development and is a source of independent encouraging thing, but the source code compiler is also important to learn and understand.
- Development environment to build MEAN In Ubuntu 15.10 (Server)
- Father of Python: Why Python zero-based index (Programming)
- Linux Detailed instructions alias settings (Linux)
- LinSSID: a graphical Wi-Fi scanner under Linux (Linux)
- RedHat Performance Tuning (Server)
- Understanding Java classes (Programming)
- Linux Getting Started tutorial: hard disk partition and to deal with traps (Linux)
- using the ssh command to check the socket / Network Connections (Linux)
- Bootstrap 3.3.5 release download, Web front-end UI framework (Linux)
- RedHat command line and graphical interface switching (Linux)
- Use libcurl library download url image (Programming)
- Restore database fault encountered ORA-0600 (Database)
- PostgreSQL Source Customization: Online global read only (Database)
- Sublime Text 3 using summary (Linux)
- Installation of Ubuntu Make under Ubuntu 15.10 (Linux)
- VMware difference in three network connection (Linux)
- Teach you how to choose to install CentOS 6.5 installation package (Linux)
- ActionContext and ServletActionContext Summary (Programming)
- SQL statement to repair SQL Server database (Database)
- Do you know how to build the Linux kernel (Programming)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.