Hacking Linux with F5’s Brian Hatch

Upcoming Events

Your browser does not support JavaScript. This media can be viewed at http://www.podtech.net/home/2113/hacking-linux-with-f5s-brian-hatch

Hacking Linux with F5's Brian Hatch

05:45 | Martin McKeay | Feb 16th, 2007 2:00pm |

Brian Hatch, F5 Networks‘ manager of IT network engineering talks with Network Security Podcaster Martin McKeay, about Linux OS security concerns, defenses and hacks. Hatch is the author of Hacking Linux Exposed, and he spoke with McKeay at the RSA 2007 Security Conference in San Francisco.

Transcript:

Host: Martin McKeay - PodTech
Guest: Brian Hatch - F5 Networks

Martin McKeay - PodTech
Hello this is Martin McKeay from the Network Security Podcast and I am here today at the F5 Networks’ booth at RSA and I am here for PodTech interviewing Brian Hatch. Brian, how are you doing today?

Brian Hatch - F5 Networks
Very well, thank you.

Martin McKeay - PodTech
Brian is an F5 employee and you are also the author of ‘Hacking Exposed Linux’ versions one and two. Correct?

Brian Hatch - F5 Networks
Yes I am.

Martin McKeay - PodTech
So what do you do for F5?

Brian Hatch - F5 Networks
At F5 I am the Manager of the IT department for network and operations so our position is to create the infrastructure that allows us to do all the standard things every company does. We are responsible for the email, responsible for the public facing, DMZs with the Websites, we are responsible for access to file servers, and everything a normal IT organization would do, we do. The one thing we do differently the most is, we use all the F5 products extensively.

For example, first of all we get them cheaper than most of them. We have big IPs, used in places that are completely unnatural and the other environments because we can. We like to use them in ways that are different because we can find out different things you might do in other customer environments and find out problems that might occur. For example, we have had them in place where routers would be that the customers would actually do whereas we also have between our remote offices, we have WANJets which are used to compress links and speed up data transfers like most companies would use. So, we have a great opportunity of trying out all the F5 dog-food before it comes out and it will be released to customers.

Martin McKeay - PodTech
Do you have a lot of problems — a lot of fun using some of these technologies in ways that weren’t necessarily meant to be originally?

Brian Hatch - F5 Networks
We find that all too often we realize the capabilities of our software that even if there might be another solution, we will take the F5 product route because it is there, it is ubiquitous for us. So, it gives us chance to find new opportunities to create bizarre best utilizations of network hurdles.

Martin McKeay - PodTech
I can imagine you can come up with some very interesting technologies or new uses for technologies when you do that on a daily basis.

Brian Hatch - F5 Networks
That is nice.

Martin McKeay - PodTech
So, tell me a little bit about Linux Exposed. What was the genesis for this idea?

Brian Hatch - F5 Networks
Well, there was obviously the first book ‘Hacking Linux Exposed’ written by number of other individuals and that was focused on all sorts of different operating systems. So, we had some section for Mac, had some section for Windows, had some section for network, had some section for UNIX. We wanted to say that “Hey, Linux and UNIX in general, really deserve its own book. It has so much discussion about it. They can fill up to some 500 pages.” We took that to talk about different protocols in much more depth with a Linux and a UNIX focus as opposed to how does it work on this particular OS independent.

Martin McKeay - PodTech
So, what was your favorite part of? Maybe I should say what was your favorite hack of the book?

Brian Hatch - F5 Networks
For me for writing it the most interesting part was describing the (Inaudible) attack against FTP. This is not Linux specific. This will be available to any different kind of OS that would run FTP. FTP is just two channels instead of just one which is what most protocols use and allows for some trick or we can take one machine and trick it into getting data another one even though it did not request it and writing it down, showing at the command line how you can use UNIX tools to actually create that without having specialized software, was really quite fun.

Martin McKeay - PodTech
A lot of those tools are now becoming usable on Windows through Cygwin and things like that and through virtual machines. Have you played with that and with those of your virtual machines as well?

Brian Hatch - F5 Networks
The first thing I do if I have a Windows box if I am not wiping it and installing Linux would be installing Cygwin, pretty much if I do not have access to a UNIX like command environment, then I feel pain.

Martin McKeay - PodTech
I understand that, do you foresee Linux taking some of the place of Windows as being a desktop client in the future?

Brian Hatch - F5 Networks
If you had asked me that five years ago, I would have said the answer is no. Five years ago, the people who were really developing things for Linux were very focused on “I am a developer, what would I want?” Nowadays there are lot more people out there and there are some companies that are developing for Linux that want to get stuff that is usable for the actual users out there and the people who do not want to write their own device drivers, who want to be able to use the mouse, click to menus, find exactly what they need without jumping down to command line, typing “find/| this”.

Martin McKeay - PodTech
What sort of differences have you seen in the last couple of years between when you originally wrote the Linux Exposed book and Security on Linux now?

Brian Hatch - F5 Networks
A lot of time has been put into making distributions easier to update so that they can either inform the user updates that are required, pre-download them make them available for installation right away. To make it easier for users to keep their systems up-to-date. A lot of those updates are not security related they might be just bug fixes. So, you have seen 25 updates available, that probably means one of them at most is a security bug.

So, that is probably just making easier for users to keep their machines up-to-date at all times. The other one is there is a growing group of people who are using more advanced Linux security protections, for example grsecurity and NSA Linux which is SE-Linux and all these other security modules and they put into the Linux kernel to give you different ways of protecting a Linux system. Those are becoming more accepted nowadays.

Martin McKeay - PodTech
So, do you have another book in the coffer yet?

Brian Hatch - F5 Networks
I do have another security book coming out soon as I finish writing it.

Martin McKeay - PodTech
As soon as you finish writing. Well Brian, thank you very much for taking some time and talking to us today.

Tags: F5 Networks, Martin McKeay, Linux, RSA 2007 Security Conference

This entry was posted on Friday, February 16th, 2007 at 2:00 pm and is filed under PodTech, F5 Networks Incorporated, Events, Corporate, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.