[ Thanks to Michael
S. Mimoso for this link. ]
“Securing an enterprise Linux environment can be a tough
assignment for Unix or Windows veterans, says author and software
engineer Scott Mann. Linux security requires more up-front and
ongoing self-education and do-it-yourself work than other
platforms. But it will also offer more flexibility. Mann is the
author of ‘Linux System Security: The Administrator’s Guide to Open
Source Security Tools,’ from Prentice Hall PTR. He’s also a Linux
software engineer at LeftHand Networks, in Boulder, Colo. In this
interview, he covers the ups and downs of handling Linux and
open-source security.“Why is the degree of difficulty of securing an
enterprise environment increasing?“Mann: Let me tell you about one of the
interesting things that has occurred over the last four to five
years. Every year, the FBI produces a report, a statistical
analysis, on computer-related crime. About five years ago, the vast
majority of computer-related crime occurred internally. What that
means is that people who were already in a position of being
trusted and [who] could gain access to the computing environment
were the greatest risk. At that time, 75% to 80% of all
computer-related crimes were committed by internal sources. As of
the last survey, in 2002, it was a 50-50 split. The level of
sophistication of criminal activity from the outside is increasing
at a substantial rate…”