Security matters have gained more and more attention in the public over the last years. SUSE's presence in the software security field is continuously contributing to the high degree of trust and confidence that users value in Open Source Software.
The two sides of software security
Software provides security features (such as authentication methods, encryption, intrusion prevention and detection, backup and others), but it also contains errors (such as design flaws, programming errors, and even backdoors) that often turn out to be relevant for the system's security. The SUSE Security Team's task is to addresses all of these aspects of software security, in conviction that security in software is a challenge that never ends. Software security cannot be understood a state taken at some certain point in time; it is a process that must be filled with professional expertise and permanent development, both on software and on skills. The resulting evolution is what has given Open Source Software, Linux and SUSE its excellent reputation for security.
- Security Features:
- A modern Linux Operating System such as the SUSE Linux Enterprise Server for enterprise use or the openSUSE community distribution for home use feature a rich set of security programs and functions that range from access controls, intrusion prevention and detection, flexible and trustworthy authentication mechanisms, encryption for files and network connections, file integrity checking utilities, network analysis tools and monitoring/logging utilities for your system.
- To complement this, there are advanced tools that help you to securely configure and administer your system, and to securely download and install update packages from the SUSE Security Team. These utilities are standard in SUSE products. The update packages fix security bugs that have been found after your product has been made.
- The security features of your Linux system are waiting for you to explore them. Take advantage of them to further improve the level of privacy and security that is built into your system already by default!
- Security Bugs:
- Programs are (usually) written by humans, and humans make mistakes. By consequence, all software contains errors. Some of these errors appear as instabilities (the software or the entire system crashes), while others may not have any apparent, visible effect. However, some software errors may introduce a security risk. A local or a remote attacker may be able to feed specially drafted data to the software which takes advantage of the programming error (in the case of a remotely exploitable bug, the data comes from an attached network device, such as a cable or DSL modem, or a wireless network interface card). The application then either crashes, resulting in a Denial of Service (DoS) attack, or it executes code that originates from the attacker, transferring control over the execution context from what the programmer intended to what the attacker has in mind for the exploitation of the error. Depending on the software's function, the resulting security breach can impose little or high security risks for your data and your system, potentially giving an attacker the opportunity to delete, alter or even steal your data, or use the system for his own purposes.
Why Open Source software is more secure
Several studies have been published that make an attempt to quantitatively compare Open Source software to software with other development and licensing models with respect to security related error proneness. It is obvious that comparing the amount of security announcements or the amount of available security updates from closed-source and Open Source Software vendors does not give any meaningful indication about the software's security grade of quality.
However, there are studies that compare entire Linux products (the SUSE Linux Enterprise Server comes with more than 1000 software packages in the main package repository, covering nearly all kinds of applications, tools and services) with commercial operating systems with some few tools and packages installed. Comparing the complexity of software packages is not useful either, unless software for a specific purpose is compared. Consequently, the resulting numbers do not have any significance. The true strength of Open Source Software security lies in the nature of Open Source Software itself: Openness, transparency and traceability. Each package and each update package comes with its source code, along with the changes and their documentation. Users can inspect the source code and the changes that were added to it so see what the software does with your data:
- You see if statements about the nature and severity of a (security related) error have been falsified, belittled or simply concealed. A vendor's attempt to deceive the customer would be uncovered.
- Open Source Software programmers take pride in their work. They fix bugs that users report and openly communicate, cooperate and compete with each other. They write their names into programs and documentation and gain a personal reputation over the time.
- Open Source Software vendors cooperate with information about bugs (since the fixes and the descriptions of the errors are published along with the source code). This is especially true for security related errors.
- By looking at the source code, you can make sure that the software does not keep any secrets from you. All software interfaces and program options are visible, all changes from update package to update package are there for you to verify them.
- You can reproduce the vendor's work and build each package all by yourself. All needed tools and programs are contained in your product, as the Linux system has even been used to build itself. Effectively, this protects you against vendor-planted subversive code.
- Last, but not least: You can decide by yourself if something is a bug or a feature, independent from the vendor's marketing efforts that may have come with the software or the update thereof.
What does SUSE do for Security?
The SUSE Security Team:
- Responds to your emails that are directed to security@suse.de, the contact address of SUSE Security, following your demand discretion and privacy (contact details, email encryption keys).
- Helps to carefully select and configure the software used in SUSE products.
- Develops security tools and applications.
- Regularly conducts source code audits of Open Source Software. A source code audit is a detailed in-depth analysis of the program text that the programmer wrote to implement the functions of the software. Source code security audits are by no means a new invention: SUSE's and many other teams and individuals have been conducting source code audits of Open Source Software for many years.
- Monitors security mailing lists for security related errors in software.
- Maintains contact to software authors, individuals that specialize in software security and software security organizations (such as the CERT) to communicate and coordinate technical and organizational details about security related malfunctions in software.
- Provides solutions for software security breaches in the form of security updates.
- Communicates the error and the availability of security updates (update packages) in the form of SUSE Security Announcements.
What can I do for better security in my system?
Your SUSE System comes with a large variety of security functions in place, and with software that is installed and configured securely by default. However, there is always room for improvement, and there are things that you can do to help:
- Regularly run Yast Online Update (short: YOU). This program makes it easy for you and your SUSE system to be up-to-date with all available security update packages. These update packages have been made specifically for your system to seamlessly interoperate with all subsystems of your Linux installation. In a step-by-step manner, YOU selects all available update packages that are necessary for your system, it cryptographically verifies the package's integrity and authenticity (that it was was not altered by an external entity and that it originates from SUSE) after download and installs the package on your system, all with a few clicks. To use it, click on the "Online Update" item in the Yast2 Main Menu, or run the command "yast2 online_update" from a root shell.
- YOU (Yast Online Update) Privacy:
- YOU has been designed to protect and enhance the privacy and security aspects of your SUSE product. In order to achieve this goal with the best reliability, convenience and performance, YOU transmits data about your openSUSE installation to the SUSE webserver; the data is not passed on to any third party. The following list of data transmitted is complete:
- The exact product identification, such as "SLES-DVD-x86_64-11-0 x86_64" (the release number, the architecture and the processor type).
- The timezone that is used by your system (this helps to chose the mirror closest to you).
- YOU (or zypper, respectively) transmits a hash over gathered data from the system's hardware configuration in its cookie payload. This sequence of numbers and letters is specific to the system that runs YOU, but without the possibility of recovering information about the hardware in use. This allows for a statistical evaluation about whether a new installation on the same hardware has been performed, as opposed to the "System Update" function of the installer has been selected.
- YOU has been designed to protect and enhance the privacy and security aspects of your SUSE product. In order to achieve this goal with the best reliability, convenience and performance, YOU transmits data about your openSUSE installation to the SUSE webserver; the data is not passed on to any third party. The following list of data transmitted is complete:
- YOU does not transmit any of the following data:
- Information about the package list that is installed on your system.
- Information about the processes running on your system
- Any information whatsoever about the identity of a user who has a user account on your system or who may be logged on to your system.
- Usage data about files, programs and/or packages of your system.
- The data collected from requests to the SUSE servers serves purely statistical purposes to improve the functionality, quality and acceptance of the online update and systems management utilities. The processing of the data gathered by YOU requests is done in full compliance with the SUSE Security mission statement below. More concretely: We do not track user identities in the internet, the data is not combined with information from other sources, the data is discarded as soon as not needed any more, and the data is not transferred to any third party.
- Use the functionality that Yast2 provides to change the settings of your system. In particular the Security module helps you to configure security-relevant system settings with all possible ease of use.
- Deactivate all services that you do not need. By default, the freshly installed system comes with all network services disabled, except for the ssh (secure shell) daemon that listens on port 22 to enable remote logins after the installation. Also, remove software that you do not need on servers.
- Subscribe on SUSE's mailing list sle-security-updates@lists.suse.com and carefully read all SUSE Security Update Notices. Of course, your email address is subject to discretion and will not be passed on to third parties.
- Use the principle of the least necessary privilege. Never work as root or another privileged user on your system unless it is necessary.
- Do not put more trust in content or software than your minimum of trust into the origin, the author and/or the communication paths in between. In particular:
- Think twice when installing software from repositories that you do not trust, or from authors or packagers that you do not know.
- Content that arrives via email is automatically untrusted, unless you have substantial reasons to assume something else.
- Encryption on websites and elsewhere is practically not trustworthy if the certificate is not issued by an authority that you trust.
- If you find a security related bug or another security related problem, make way for improvement and do not keep silent. Get loud, and you will be heard. Contact the SUSE Security Team, and if in doubt, contact other vendors as well.
SUSE Security mission statement
SUSE Security is committed to delivering best effort security to its customers and to the Open Source community.
The primary objectives are to treat software security as a process that never ends. This implies to:
- promptly react to security incidents and deliver premium quality security updates.
- continuously improve the security related functionality in SUSE products.
- continuously contribute to the rapidly growing maturity of Open Source Software.
- respect the Open Source Software security principles of openness, transparency and traceability.
The trust in Open Source Software security in general and the user's privacy in particular are indispensable and indefeasible.