BUILD A SECURE SYSTEM WITH LIDS: Why LIDS.

1. Why LIDS.

With increasing popularity of Linux on Internet , more and more security holes are found in the application software of the current GNU/Linux system. Many exploits are due to the careless of the programmers, such as Buffer Over Flow, Format String Attack. After the system is compromised by the exploit and hacker get the ROOT privilege, the whole system is controlled under the Intruders.

Thanks to the open source community, We can now get many Linux application source with our wish and modified them to fit our need. So the bugs can be found easily and can also be patched quickly. But when the hole is disclose to the public, and the administrator is too lazy to patch the hole. It is very easy to break into the un-patched system and it is worse that the hacker can get the root shell. With the current GNU/Linux system, he can do whatever he want. This is the problem that LIDS want to solve.

Let's see what's wrong with the current GNU/Linux system.

File System is unprotected. There are many important files, such as /bin/login, in the system. if the hacker break in, he can upload a changed login program to replace /bin/login , so he can re-login without any login name of password. this is often call Trojan house.(?). But the files do not need to change frequently, unless you want to upgrade the system.
Process is unprotected. A process running on the system serve some function for the system, such as HTTPD is a web server to serve the web content to the remote client. As a web server system, it is very important to protect the process from illegal terminated. But we can not do anything is the intruder get the root privilege.
System administration is unprotected. Many system administration, such as modules loading/unloading, route setting up, firewall rules, can be modified if the user id is 0. It is unsafe when the intruder getting root privilege.
Superuser (root) may abuse the rights Being a root, he can do whatever he want. Even the capability existing in the current the system. As a root, he can easily change the capability.

At summary, we can see that the access control model in the current Linux system is not enough for building a secure Linux system. we must add a new model in the system to deal with these problems.

This is what LIDS do.

Next Previous Contents