porn - javhd - hentai

An open source approach to security

By   |  July 13, 2005

Internet threats have clearly become a lot more sophisticated and malicious. The frequency and level of attacks on corporate networks and systems around the world have forced businesses to adopt a more vigilant approach towards security, and to review review the way applications are configured, be discerning in selecting software applications and emphasise security as a top priority in business.

Any operating system is prone to security vulnerabilities. Attacks originate from insecure software. Companies like to acquire extra security applications such as intrusion detection systems and firewalls and throw money at the problem, but these applications also have vulnerabilities and the real solution lies in running secure code and being strategic about configuration and assembly.

For example, if an application, such as the DNS server, is compromised, but is well configured, the attacker will only have access to modify the DNS settings and will not gain sufficient control to take over the entire server. Many commercial applications are monolithic in design and everything is interlinked, so if one service is compromised, it means the entire server is left vulnerable.

The only way to achieve the required level of trust is to be open source, an approach that the majority of commercial suppliers are not willing to take. In the case of open source, a key consideration to keep in mind is the fact that the technology has been reviewed many times over by some of the world\’s best and brightest in the field of computer security.

The perception that a Linux environment and open source software statistically has more vulnerabilities in comparison with other operating systems is only half true.

Due largely to the ‘open’ nature of this environment, source code is made available for scrutiny by many parties. This means that vulnerabilities are picked up immediately and announced . And even if nothing is done by the original developers to fix the problem, it is almost guaranteed that someone, somewhere will create a patch and release it.

This is one of the key advantages of Linux environment, from a security point of view. The other is that it is flexible, modular and built from the ground up with security in mind, so the risk and consequences of a security compromise are reduced.

A significant aspect of Linux is that it is not vulnerable to viruses. It is also not prone to e-mail virus attacks or spam.

Linux is an extremely flexible operation system and does not just set standards – standards are at the heart of its design.

It has made significant inroads within the server domain and is progressing within the desktop space, but common challenges – such as skills, short term business benefit over security requirements and general misconception – mean a long journey ahead for the local market in terms of adoption.

David Jacobson is technical director at Synaq.

Comments

2 Responses to “An open source approach to security”

  1. Ethem Azun
    July 20th, 2005 @ 12:00 am

    \”A significant aspect of Linux is that it is not vulnerable to viruses. It is also not prone to e-mail virus attacks or spam.\”

    This sentence is very misleading (and with my appologies; smells \”dirty marketing\” to me) and definitely wrong.

    OF COURSE linux is also vulnerable to virus attacks AND spam just like any other operating system. You cannot conclude
    such as \”there are not many virus written for Linux thus Linux is safer.\” That\’s false logic, and I\’m sure the writer knows that also.

    \”Linux is an extremely flexible operation system and does not just set standards – standards are at the heart of its design.\”

    Wouldn\’t it make sense to praise Unix here for that?

  2. james wright
    July 22nd, 2005 @ 12:00 am

    \”A significant aspect of Linux is that it is not vulnerable to viruses. It is also not prone to e-mail virus attacks or spam.\”

    There is nothing implicit in Linux that prevents it from being susceptible to viruses and spam and as it becomes more popular on the desktop, more viruseses will be written for it.

    \”The other is that it is flexible, modular and built from the ground up with security in mind, so the risk and consequences of a security compromise are reduced.\”
    Linux was not built with security in mind, and neither is the majority of open source audited in the way this author imagines. Linux code is not automatically more secure because it is open source. Security needs to be a primary focus of any software project.

Comments are closed