Interviews

Security Expert Gives Operating Systems Poor Security Grade
Recently, Purdue University Professor Gene Spafford gained attention in the Linux community for his disparaging remarks on the Linux operating system's security. But Linux administrators and users should not take his remarks personally: Spafford believes that Linux and Windows each have poor security designs. LinuxPlanet welcomes writer Robert McMillan, who recently interviewed the security expert for his take on the state of computer security today.
Monday, October 14, 2002 10:35:31 AM EST

Opinions

.comment: A Golden Opportunity
The National Security Agency has done something unprecedented in the history of computing: the U.S. government agency has developed a secure version of Linux and given it away to the Linux community for use in future kernel and distribution versions. That the announcement of this gift was met with skepticism in the community highlights one of the biggest flaws in Linux, argues Dennis E. Powell: that those putting together Linux distributions really don't know or care about security, which in turn could squander a golden opportunity to make Linux the operating systen for people who are serious about security.
Wednesday, January 3, 2001 10:36:55 AM EST

.comment: Service Security -- Where Is It?
When most users install Linux right out of the box, they unknowingly launch a system that is riddled with security holes. Dennis E. Powell asks why distribution manufacturers don't configure Linux to be more secure from the get-go.
Wednesday, July 19, 2000 11:46:00 AM EST

Editor's Note: Action, not Reaction
When a potentially fatal flaw was found in Linux kernels last week, the Linux community responded immediately by shipping out patched kernels and new sendmail configurations. Compare that to the Microsoft heel-dragging that occurs when a problem occurs with Windows, and you have yet another reason why the Open Source model is superior. Kevin Reichard explains.
Monday, June 12, 2000 07:17:26 AM EST

Reports

Snort: IDS Done Well (and Good)
Open source IDS Snort went from a weekend hobby to a multi-million dollar best of breed industry leader.
Monday, July 2, 2007 11:31:58 AM EST

Tresys Nails 'Hardened Security' With Brickwall & Upcoming Razor
After releasing Brickwall Security Suite in January, open source security specialist Tresys Technology is forging ahead on a user symposium slated for March, plus work with IBM around Razor, its second commercial product for smoothing implementation of the SELinux "hardened security" now included in the Linux kernel.
Wednesday, February 28, 2007 09:07:36 PM EST

New Linux Security Products Glimmer On Horizon
Beyond displaying an extensive slate of existing Linux products, vendors at this week's InfoSecurity show pointed to possible future offerings ranging from a Linux client for a CD-ROM encryption system to a Linux-enabled all-in-one device for securing both physical access and video surveillance.
Friday, October 27, 2006 10:09:34 AM EST

Interop: More Net Management Products Move to Linux
Citing a rise in customer demand for Linux, companies at this week's Interop show demo'd new Linux-enabled products running the gamut from multifunctional management appliances to specialized software for combatting viruses and administering UPS power devices. Jacqueline Emigh reports.
Friday, September 22, 2006 09:49:42 AM EST

Unitrends Adds Linux Hot Snapshotting To Appliance-Based Rapid Recovery
Servers crash. Hard drives die. Users delete files they want back. OS patches don't work. It's possible to recover... if you've got the right files, the right spare hardware, enough time, and enough knowledge. Daniel P. Dern reports on one new product that uses Linux to provide rapid, bare-metal recovery in a snap.
Thursday, April 27, 2006 09:24:02 AM EST

Linux Rare at Legal Firms, Except for Security
In the increasingly Microsoft-dominated land of law firms, Linux deployments remain just about nil, but security appliances are starting to stand out as one exception, according to attorneys and IT folks attending LegalTech. Jacqueline Emigh files this report.
Friday, February 10, 2006 07:01:11 PM EST

Verano--Improving Industrial Network Security
Verano is on a mission to safeguard industrial control networks... like manufacturing plants, waterworks, or electrical grids. They use a combination of hardware, proprietary and Open Source based software to head off threats, both internal and external to the protected network. Rob Reilly reports on the company's latest technology.
Monday, December 5, 2005 12:28:46 PM EST

Kaspersky: More Adoption Could Make Linux Attractive Target
Linux needs anti-virus? As malware writing gains more of a profit motive, according to one security exec, that improbable future may yet come to pass.
Tuesday, September 6, 2005 03:38:27 PM EST

Imprivata's OneSign Simplifies Password Management
"Imagine having separate login names and passwords for your desktop machine, email account, and the main application that you use for your job. At the same time, you might have a different user name/password combination for a web application or other programs. Then imagine, that all the systems you use enforce password aging, on different time schedules. In short order, the situation gets way out of hand..."
Monday, November 15, 2004 10:13:11 AM EST

Network Intrusion Detection, Neighborhood Watch Style
Keeping an eye on the valuables stored away in your network is a tough job these days. Thugs and criminals are trying to jimmy your ports. Terrorists are lurking around your network neighborhood. And stealthy email spy-ware may already be in employee mailboxes, just waiting to silently ship secrets out to the cyber underworld.
Monday, October 11, 2004 12:35:29 PM EST

SUSE/IBM, Red Hat/Oracle Tool Up On CCS Security
Backed by big name partners, SUSE Linux and Red Hat are each putting their security systems through the rigorous paces of Common Criteria Scheme (CCS) testing, with ultimate plans to reach the same security ratings already achieved by Microsoft and Unix players.
Friday, December 19, 2003 01:56:17 PM EST

Linux in the Security Crosshairs
Linux's growing popularity is attracting unwanted attention from virus writers, script kiddies and other criminal elements. In response, Linux advocates are putting a new emphasis on security measures and working to reassure companies that the OS is ready for important business networks.
Monday, December 15, 2003 10:51:44 AM EST

Spam Cleaning with the Big Boys
"You think you've got spam problems with a hundred or so spam messages a day? Try being an ISP or a business where on a good day you don't get more than a one hundred thousand spam mails a day..."
Monday, November 10, 2003 10:28:07 AM EST

Crime Checkers Adopt Linux Device to Ward Off Worms
After attacks from the Nimda and Code Red worms back in 2001, National Background Data (NDB) turned to Astaro Security Linux (ASL), a multi-faceted Linux-based network appliance. ASL will keep playing a behind-the-scenes role when the national criminal background checking service moves its Web front end from Windows 2000 to Linux later in 2003.
Thursday, October 30, 2003 03:38:08 PM EST

Linux Security: Tips from the Experts
Is Linux more secure than Windows, or vice versa? Fueled by conflicting industry reports, this controversy keeps raging. To arrive at a well-informed opinion on the subject, you need to know as much as you can about what kinds of security measures are actually available for Linux.
Thursday, October 30, 2003 10:27:40 AM EST

Astaro: A "Swiss-Army Knife" of Security Software
Astaro Security's software is becoming a strong player in a widening market as more and more clients find they need the strength of heavy-duty security, the flexibility of open source, and the pricing that won't blow the IT budget out of the water. Jacqueline Emigh reports.
Tuesday, April 30, 2002 02:42:33 PM EST

Jay Beale: Education Is Primary Defense for Secure Machines
Jay Beale, lead developer for Bastille Linux and one of the foremost experts on Linux security, has a straightforward recipe for securing your Linux Web site: make sure you have no unnecessary services running and make sure you always have the latest security patches installed. This advice seems simple --but you'd be surprised how many Linux sysadmins don't follow it. Brian Proffitt interviews.
Friday, February 16, 2001 06:41:54 PM EST

Freedom 2.0 for Linux: Masking User Identities
Want to mask your identity when cruising the Web? Then take a look at Freedom 2.0 for Linux, a nifty little add-on for your browser and e-mail client that allows you to create pseudonym identities for yourself while you are out surfing on the Web. Under the guide of one of these identities, called nyms, you can surf to your heart's content knowing that what the Web sites full of cookies and trackers are seeing is the nym, not you.
Thursday, January 11, 2001 04:37:04 PM EST

Protecting Your Linux System with FireStarter and Storm Firewall
With Linux emerging as a powerhouse on the desktop, it's more important than ever to make sure that your Linux system is secured. Michael Hall reviews two tools that automate the process of setting up a firewall on your system: FireStarter and Storm Firewall.
Friday, December 1, 2000 11:44:36 AM EST

There but for the Grace of Bill....
Linux users are feeling pretty smug about their seeming invincibility as they watch Windows users get dragged down with the latest in viruses. But Scott Courtney warns that the same techniques used to attack Windows systems can attack Linux email as well.
Friday, May 5, 2000 12:46:23 PM EST

Reviews

The Top 75 Open Source Security Apps
Without much fanfare, the open source security area is growing rapidly. Here are top contenders from anti-virus, firewalls, forensics, intrusion detection, and more.
Monday, April 28, 2008 12:04:01 PM EST

Splunk 3.1: Log-Monitoring Revisited
Splunk has been gathering accolades for as long as it has been around. The latest version adds even more polish. Learn what's new, and how to work with some of the limitations the non-enterprise version introduces.
Monday, January 28, 2008 11:32:36 AM EST

Novell Lets Bandit Loose
Managing your identity in the Internet of 2006 is a complex Web that requires multiple identities and passwords for multiple sites and services. Enter the open source Bandit project from Novell.
Friday, June 16, 2006 01:53:04 PM EST

Blue Security's Do Not Intrude Registry
Most people set up some type of filter to weed out the bad email from the good. That approach, has its limitations. One company is trying a new, open source-based approach that creates a user-enforced "Do Not Spam" list.
Thursday, February 2, 2006 09:23:03 AM EST

Safehaus Finds Open Source Business Model in OATH
Can an open source .org find happiness and success in teaming up with a multivendor consortium? It's a business model that seems to work for Safehaus, an organization now collaborating with OATH (Initiative for Open AuTHentication) on technologies for authenticating cell phone subscribers, among other things. Jacqueline Emigh reports.
Friday, January 20, 2006 12:08:05 PM EST

Linux Makes Automation, Infrastructure Strides
The daunting task of managing large utility companies' physical assets and automating complex manufacturing was one the domain of commercial UNIX. Now one company is switching over their supervisory and control software to the Linux platform--and the customers are benefiting right from the get go.
Tuesday, January 21, 2003 08:32:20 AM EST

Tips

Network security basics
Two "must do" points: install ssh and shut off services in inetd.conf.
Wednesday, November 3, 1999 03:11:39 PM EST

See what network services are really running
netstat -vat
Wednesday, October 27, 1999 12:11:39 AM EST

Distribute /etc/passwd among several machines securely
Use rsync, ssh and cron.
Tuesday, October 26, 1999 06:37:28 AM EST

Disable external X11 for greater security
Turn off this often overlooked service
Sunday, October 24, 1999 05:35:35 AM EST

Tutorials

Keeping a Lid on Linux Logins
When asked about security on a multi-user Linux system, a wise man once said "everyone is root if you allow them to login as a user." There is plenty of truth in that, but embracing imminent compromise isn't always acceptable. Charlie Schluting takes a look at how you can limit your exposure while letting unknown and untrusted users login with a shell.
Monday, February 12, 2007 10:27:07 AM EST

Foil Wireless Poachers and Have Fun Doing It (Part 2)
Last week, we learned some fun ways to mess with the minds of wireless freeloaders, and introduced ourselves to some methods for finding out who is on our networks. Today we're going to learn some different ways to kick unwanted visitors off networks, and how to see exactly who is lurking on our airwaves.
Wednesday, January 31, 2007 01:35:35 PM EST

Foil Wireless Poachers and Have Fun Doing It (Part 1)
Looking to provide an extra measure of security for your WLAN? Or just torment freeloaders? Guru Carla Schroder has a few recipes...
Monday, January 22, 2007 11:10:45 AM EST

Bad-Guy Tools for Good Guys
Sure, plenty of the "security tools" your neighborhood script kiddy uses aren't built with your best interests at heart. That doesn't mean they aren't useful, as Paul Rubens reveals.
Monday, January 8, 2007 11:51:37 AM EST

Synchronizing your Linux Laptop and Desktop
If your laptop computer is a complement to your desktop machine, you're probably well aware of the need to synchronize data between the two. This article from Jem Matzan will show you two ways to accomplish this on GNU/Linux-based machines.
Monday, April 17, 2006 10:45:26 AM EST

Preventing Buffer Overflow Exploits Using the Linux Distributed Security Module, Part 2
Buffer overflow exploits are one of the most interesting security vulnerabilities and are used in a majority of security attacks against Linux and UNIX-like operating systems. In Part 2, readers will see how DSM guards against such exploits and it is implemented as a Linux module, using an exploit example.
Thursday, January 12, 2006 09:42:33 AM EST

Tuneups and Tweaks for the Better Spam-Trap
Building an Anti-Virus/Anti-Spam Gateway Part 3: When you build a strong anti-spam solution, you have to count on a few false positives. Here's how to tune your Linux anti-spam gateway to let the good guys through without opening the doors to spammers.
Thursday, October 7, 2004 10:32:11 AM EST

Sawing Linux Logs with Simple Tools
"Even if your servers are running at the peak of perfection, you still need to keep an eye on the logs. This month's scripting clinic covers the basics you need to make sense out of all those miles of digital chatter..."
Monday, September 20, 2004 11:22:15 AM EST

SpamAssassin and Amavisd: Go Ninja On Your UBE Woes
Building an Anti-Virus/Anti-Spam Gateway (Part 1): With SpamAssassin, Amavisd-new, and ClamAV, you've got all you need to build a Linux-based SMTP gateway that stops spam and viruses cold.
Thursday, September 9, 2004 11:38:36 AM EST

Remote Administration of Linux Systems
One of the best advantages of using Linux is the ability to quickly and (if done correctly) safely logon to and administer another machine from across the room or across the planet. All you need are the right tools, a little paranoia, and just a little time, as Alexander Prohorenko details in this tutorial.
Tuesday, August 27, 2002 11:00:32 AM EST

Linux Networking, Part 6: Securing Your Network
Now that you've mastered the basics of setting up a small-office/home-office Linux network, it's time to tackle an incredibly important issue: securing your network. In this installment, William Wong describes the steps you can take to secure your Linux network.
Wednesday, November 8, 2000 09:28:42 AM EST

Security and Apache: An Essential Primer
With Web security becoming a paramount concern in the face of several DoS attacks in prior weeks, securing your Apache/Linux installation should be the highest priority on your to-do list. Apache expert Ken Coar explains how Apache enforces security mechanisms and what you can do to enforce a secure system.
Monday, February 21, 2000 10:50:08 PM EST