Old Linux Servers: The Slum Houses of the Internet

[CommanderFrank]

The title sounds a little harsh towards Linux, but everyone has been picking on Windows XP pretty heavily for its upcoming unpatchability in the near future, its only right to spread the love to the Linux side of the house for a change. Thanks to forum member Railhaus for the link.

"Systems that are unmaintained or unsupported are no longer patched with security updates. When attackers discover a vulnerability in the system, they can exploit it at their whim without fear of it being remedied."

 

[SuperSubZero]

But but.. Linux doesn't get viruses.

 

[westrock2000]

Linux and UNIX if not properly setup are incredibly insecure by nature.

That being said, for what they do they don't really need to be supported from the vendor. Most of these things are being ran by command lines and until the hardware physically can't keep up with the load then they really do not need much in terms of upgrades.

We have computers at work that are 15 years old (Sun SPARC's) that have bee running 24/7. They couldn't do anything graphical to save their life, but they can serve data and run scripts till the cows come home.

 

[Saist]

Real quick note: The Ars Article referenced for their bit a blog post from Cisco. Slight problem; both the Ars report and Cisco's research was busted within hours: http://www.whitefirdesign.com/blog/...de-another-example-of-bad-security-reporting/

MajorDomo: you either need to run a new post retracting the original one made here; or you need to edit the existing post to indicate to your readers that the Ars/Cisco reports were not accurate.

 

[dyzophoria]

be it linux or windows, if you don't update it when needed you are going to have a bad time , It is actually a growing issue with Linux stereotypes (well in the case of a lot of people I know), its been a common notion that if you slap linux even if you configure it horribly wrong, you are ultra secure and free from viruses.

back to the article, lol@Cisco regarding security

 

[Twisted Kidney]

That article is kind of misleading.

Well, not so much "kind of misleading" and more... Complete horse shit click bait.

Nevertheless, one day abandoned, connected equipment will form Skynet. Only it will be millions of cell phones and all Skynet will do is embarrass people by posting terrible selfies everywhere.

Remember, children, friends don't let friends selfie.

 

[Wierdo]

I think the "slum" is referring to these Linux boxes not receiving any patches or updates since 2007.

 

[Red Squirrel]

Even a fully patched box can become a bot net pretty quick if SSH does not have brute force protection such as fail2ban. It's not a matter of if but a matter of when. It's full of bots out there that brute force common services like SSH, probably FTP and stuff too. This goes for anything else that requires a password.

Always use brute force protection measures, so IPs can be blocked after so many tries.

 

[jimmyb]

Even a fully patched box can become a bot net pretty quick if SSH does not have brute force protection such as fail2ban. It's not a matter of if but a matter of when. It's full of bots out there that brute force common services like SSH, probably FTP and stuff too. This goes for anything else that requires a password.

Always use brute force protection measures, so IPs can be blocked after so many tries.

A strong username/password can't be brute forced.

Also I'm not a web admin but I doubt you would have ssh even listening for external connections.

 

[JosiahBradley]

Big difference is you can always update the machine. In windows XP case there won't be anymore free updates and limited paid ones.

 

[hpglow]

Real quick note: The Ars Article referenced for their bit a blog post from Cisco. Slight problem; both the Ars report and Cisco's research was busted within hours: http://www.whitefirdesign.com/blog/...de-another-example-of-bad-security-reporting/

MajorDomo: you either need to run a new post retracting the original one made here; or you need to edit the existing post to indicate to your readers that the Ars/Cisco reports were not accurate.

He doesn't need to do anything. Its a matter of weather he wants to or not. There isn't a mob waiting at Linus Torvalds house with pitchforks and torches because of this article.

Back on topic... I had a network security professor in college about 5 years back that would have us scan the internet for various stuff just to show people how bad administration was the biggest vulnerability. There were so many servers out there with default usernames and passwords on the MS and Linux side it was retarded so clearly there are plenty of piss poor admins out there.

 

[FLECOM]

Also I'm not a web admin but I doubt you would have ssh even listening for external connections.

thats called admin suicide lol

 

[Jagger100]

How safe is a WIndows machine that hasn't been updated since 2007?

 

[PornoSatan]

thats called admin suicide lol

Not really. Have it listen on a non-standard port, disable root login and you're golden.

 

[CreepyUncleGoogle]

...and you're golden.

Like a shower?

 

[Zarathustra[H]]

But but.. Linux doesn't get viruses.

Every system can be compromised if you are dedicated enough, and there are old versions of everything.

If a system admin Doesn't do their job and keep up with updates on any system there are going to be problems.

That being said, default installations of server Linux distributions tend to be pretty damned secure out of the box. I've been pretty horrified by how many open ports there are by default on most desktop Linux distributions though. Many of them have taken the route of convenience (services enabled by default) over security which is disappointing, but I guess it is in an effort to drive desktop Linux popularity (because people like convenience...)

Either way, from a security perspective, I'd take any up to date Linux distribution over any other current operating system.

 

[Zarathustra[H]]

He doesn't need to do anything. Its a matter of weather he wants to or not. There isn't a mob waiting at Linus Torvalds house with pitchforks and torches because of this article.

...and that is too bad. Linus Thorvalds is an asshole. Unprofessional arrogant and insulting. His attitude is a large reason why Linux isn't growing faster that it is. Yes, he is owed a lot of his early kernel work, but at this point he needs to calm the fuck down and become more professional, or get the fuck out.

 

[Mohonri]

A strong username/password can't be brute forced.

Also I'm not a web admin but I doubt you would have ssh even listening for external connections.

As a server admin, I *need* ssh listening for external connections. A good chunk of my time is spent in an SSH shell.
In general, though, the rule is true: don't have anything listening that you don't HAVE to have listening, and make sure you secure it as much as you can.

 

[jimmyb]

His attitude is a large reason why Linux isn't growing faster that it is.

Linux has the largest market share of the mobile, server, and embedded markets. Growth really isn't a problem.

 

[Red Machine D]

Linux has the largest market share of the mobile ... markets

Thanks to Google.