A tech expert explains why Linux has remained a bright spot in an increasingly grim IT security picture, and how businesses can ensure effective, reliable security for their own Linux-based systems.
As Linux becomes more prevalent in today’s enterprise systems, it raises questions about the best way to protect the open source technology. David Humphrey, senior technology advisor for Ekaru, a Westbrook, Mass.-based technology services company, discussed some of those issues with Security Pipeline.
Security Pipeline: How would you describe where Linux security stands today as compared to three to four years ago ?
Humphrey: Linux has never had to face the challenges that Microsoft Windows faces now (and in the past) in those areas of security that we are most familiar with today. Specifically those relating to client use of an OS.
Conversely, Unix (and the many variants of Linux that have been derived from it), has traditionally been the operating system of choice for servers throughout the Internet. This has been true since “Al Gore invented the Internet” (all right, BBN in Cambridge).
IP-based vulnerabilities were the first targets for those trying to break into these networks. This kind of exposure led to a hardening of the OS; lessons on configuring the operating system; and protocol improvements, that, over the years, have reduced this type of security attack.
Three to four years ago, Linux was pretty well nailed-down, and it is even more so now. With table-based IP rules built into the kernel that can examine network traffic for security, VPN functionality similarly migrated directly into the kernel, the Linux of today is even more
secure than yesterday.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.