April 24, 2019

Crime Checkers Adopt Linux Device to Ward Off Worms

Seeking a Secure Home in Linux

  • October 30, 2003
  • By Jacqueline Emigh
After attacks from the Nimda and Code Red worms back in 2001, National Background Data (NDB) turned to Astaro Security Linux (ASL), a multi-faceted Linux-based network appliance. ASL will keep playing a behind-the-scenes role when the national criminal background checking service moves its Web front end from Windows 2000 to Linux later in 2003.

"Actually, two years ago, we were mainly looking for a load balancing system," recalls Randy Lastinger, the Ocala, FL-based customer's director of network operations. "With ASL, though, we're getting an all-in-one solution: load balancing, a firewall VPN, stateful packet inspection, anti-virus, anti-spam, URL blocking, and more. As you might imagine, because of what we do, we get lots of spam."

NBD runs a Web-based service aimed at helping background screening companies to quickly find out whether job and housing applicants have undisclosed criminal convictions.

When he first arrived at NBD in May, 2001, NetScreen firewalls were already in place. Lastinger, though, wanted to add load balancing to the network's back end in some sort of cost effective way.

NBD started testing Foundry Networks' eight-port load balancing solution in October of that year. "But we had some connectivity problems," Lastinger maintains.

Then, NBD's production systems got whacked by two major worms: Nimda and Code Red. "We'd been under the impression that NetScreen included antiviral production--but very unfortunately, it did not," Lastinger notes. Drawing upon experiences at a previous job in New Orleans, he decided to give ASL a try.

NBD began testing ASL in December, and went live with the device in February, 2002.

Meanwhile, ASL's embedded anti-viral protection, licensed from Kaspersky Labs, has successfully blocked other mean malware--MS Blaster and SQL Slammer--from getting beyond the firewall.

ASL uses a hardened Linux kernel, other components licensed from third-parties include antispam software from SpamAssassin and URL blocking from Cbeyond, for instance.

Also in Ocala, Lastinger is running a Linux-based Jabber server. "Our various offices--such as sales, administration, and technical--are very spread out on the campus. So we've installed a Jabber chat server running on Red Hat 7.3 over a VPN between them."

Lastinger first turned into a Linux buff way back in college. "I built my own PC. Then, though, I didn't have enough money to pay for software. Linux was a great help to me at the time," he explains.

At his earlier job in New Orleans, Lastinger initially wrote his own firewall, and then tested ASL. When the test was over, he wanted to keep using Astaro's appliance on the network. "My old boss didn't want to buy it, though--so he made us go back to the firewall I'd written."

On December 1 of this year, NBD will release version 2.0 of its Web-based service. "The front end will be Linux. The back end will be Windows Server 2003 and SQL Server 2003. We'll use Cold Fusion in between," he says. In comparison, NBD's current release runs on Windows 2000 and SQL Server 2000.

For the future, NBD is eyeing an end-to-end Linux implementation, possibly to include a Postgres database. "We would have introduced more Linux before now, but we didn't have enough people who understand Linux." Lastinger recently hired two new people with Linux knowledge.

Meanwhile, Lastinger says he's pleased over how well Astaro keeps pace with industry needs. "I understand that version 5 will include HTTP antivirus protection. This is key for us because some of our people do a lot of data mining," he illustrates.

Data specialists at NBD's Ocala office spend their time converting data from dozens of crime databases into NBD's own format. Developers located in another building create software used in NDB's Web-based services. NBD uses a colocated facility in Atlanta, GA for data warehousing and Web hosting.

"For the current release of ASL, I suggested replacing intrusion detection with intrusion prevention," Lastinger notes. "I think other people must have given them the same suggestion, too. Anyway, Astaro made the change."

Most Popular LinuxPlanet Stories