February 2, 2001

LinuxWorld: Pitbull Linux security -- worth the hype?

Author: JT Smith

- Julie Bresnick -

When Argus Systems Group Inc.
announced the release of security systems for Linux during LinuxWorld Thursday, the efforts to stand out were laminated invites, free lunch
attendees, which was set up in the press lounge, making for an easy
post-consumption escape. Argus Systems Group announced Pitbull LX Intrusion, and Pitbull Secure
Software, and I made it to the tail end of the conference
learning of the Linux community's rationally skeptical reception to any
attempt to
promise absolute impenetrability.

At the door I was greeted by what could only have been a PR
dressed in a bright red pant suit, lipstick to match and a permanent
bigger than my mother's when I used to return from a month away at
summer camp.
I'm not really sure what she said because the baby voice doesn't work
as well
in a whisper. There were about 25 people in the room
including the
two people on the camera, three at microphones and the Avon Lady by the

Tim Dicks of eWeek was at
podium when I entered. He looked like Kenneth Branaugh with red hair
and was
giving a report on the results of Openhack
, a two-week event in which the hacker community was invited to
the mock ISP system constructed and protected by Pitbull LX. (Here are the results of Openhack III.) In
Openhack I
penetration, defined by adding a file to the root directory, was
achieved by
the end of the first day, and in Openhack II, by the end of the first week.
Openhack III apparently ended after two weeks without ultimate

The Argus Systems Group crew gave the spin, along with an Openhack souvenir lock, boxed and
in a small velvet bag with a satin drawstring.

Afterward, a few suits swarmed the front of the room, and I rushed
out to
consult someone with longer hair and a less glossy veneer.

"A lot of the stuff is covered by the Linux Kernel package LIDS," said Jon Lasser, senior systems
administrator for SkyNetWEB, a
subsidiary of Affinity Internet,
Baltimore, Md. "The ability to compartmentalize is not standard with
LIDS but
is available with FreeBSD Jails."

Like LIDS, Pitbull offers the fine grain access control but,
according to
Lasser, LIDS is not yet ready for use on productions systems. Like
Pitbull allows administrators to implement multiple systems on
a single
box, as if there were several computers on the same server.

The back of the invitation to the press conference shows a picture
of a
pitbull which looks menacingly similar to the presa canarios that
mauled to
death a woman in San Francisco just a week before.

Pitbull may offer both features in one system but, says Lasser, one
really know without taking a closer look. "If this is as easy to
implement on a
production system as they say it is, then that is an advantage. If it
it's worthwhile and there is a market for it."

And anyway, any system that "works" is only as good as the time it
takes for
crackers to find a way around it, even if you do distract them with a

Pricing starts at $5,000 per processor and goes up from there with
for quantity. Lasser says that seems "a little bit high" for tools available for free in Linux and BSD.

NewsForge editors read and respond to comments posted on our discussion page.


  • Linux
Click Here!