LinuxSecurity: Managing Linux Security Effectively in 2004

[ Thanks to Benjamin D. Thomas for this link. ]

"As Linux continues to gain popularity in the business world, security issues are something that cannot be ignored. In 2003, several well known Linux distributors had servers compromised. In one particular case, the vulnerability was well known in advance, but most vendors took entirely too much time to release an update. Similarly, most security problems that users face are known well in advance. As with any system, security on Linux is a process. It requires full commitment and due diligence. The secret is determining your own vulnerabilities and fixing them before anything catastrophic happens.

"Although Linux security is entirely in the hands of system administrators, several improvements have been made at the kernel level. With the release of kernel version 2.6, users will now be able to take advantage of the Linux Security Module allowing greater levels of security customization, modularization, and ease of management. Another thing that has changed in the past several years is that today more of us are reliant on automated software update services. Rather than download and install patches manually, it is now easier to subscribe to a trusted source and let the system manage itself. As long as the integrity of the trusted source remains strong, automated management works flawlessly. As soon as something questionable happens, it is necessary to re-evaluate..."

Complete Story

Related Stories:

• Linux Journal: Stress Testing an Apache Application Server in a Real World Environment(Sep 25, 2003)
• Linux Exposed: Attacks Exposed(Jul 15, 2003)
• Information Security: Hitting the Sweet Spot(Jul 10, 2003)
• LinuxSecurity: Days of the Honeynet: Attacks, Tools, Incidents(May 05, 2003)