Although Linux is still a fraction of the market share of Microsoft Windows and Mac OS X, its growth continues to accelerate. Linux will continue to grow at compounded annual growth rate (CAGR) of 19.2% through 2027. Some of the primary factors for this growth include:
- Cloud computing infrastructure,
- Containerization of applications, and
- Microsoft’s support for a Linux kernel
With all of this positive news and momentum for Linux, it has also put Linux in the spotlight, and thus the attention of attackers. No longer are attacks just focused on Windows or OS X. Linux has seen its fair share of vulnerabilities over the past few years, including the recent sudo vulnerability and other Linux kernel vulnerabilities. So how do we defend Linux from attacks?
We recently interviewed Brandon Edwards, Co-founder and Chief Scientist at Capsule8, on Application Security Weekly to discuss targeting, exploiting, and defending Linux. Brandon discusses some of the biggest challenges with Linux, including:
- The Linux Attack Surface, including the recent sudo vulnerability, distributions, binary dependencies, and other kernel vulnerabilities
- Linux Exploitation Attacks, including kernel fuzzing and privilege escalation
- Defending Linux, including static analysis of binaries/libraries, creating custom distributions, and continuous monitoring of Linux in runtime
Containerization also adds a few more interesting twists to Linux, including segmentation, root access, and container break out. Brandon also discusses some of the things they are seeing with their honeypots, including no sudo vulnerabilities lately or the desire to break out of the container. The orchestration layer of containers (i.e., Kubernetes) is where he sees the attack surface shifting, but it’s all about monitoring.
To see how Capsule8 can help defend your Linux infrastructure, watch the interview on Application Security Weekly here, register for the upcoming webcast, Preparing Linux Hosts for Unexpected Threats, here, or visit securityweekly.com/capsule8 for more information.