December 4, 2006

Special Report: Linux security

Author: Joe 'Zonker' Brockmeier

Compared to some operating systems, Linux has had a very good security track record -- but it's not perfect, and there's always room for improvement. This week, we'll look at tools for users and admins to lock down their systems, and talk to some of the distribution vendors about how they deal with security updates.

We're kicking off the security series with Bruce Byfield's look at Bastille, which is at the intersection of security software and education. This is a good place to start, because real security requires software that is not only free of known vulnerabilities, but also configured by someone who understands security and what makes a system vulnerable.

We already know that almost any package may have one or two vulnerabilities; the questions are whether the vulnerabilities will be discovered, and how the vulnerabilities can be exploited. On a well-configured system, a vulnerability may be rendered harmless or at least mitigated if the system has been set up correctly.

Once a vulnerability is discovered, can a vendor get a patch pushed out to users quickly enough to keep them safe from malware? Later this week, Mayank Sharma will report on the security teams from major vendors and some of the processes and procedures they use to stay on top of vulnerabilities.

We'll also look at SELinux and AppArmor, and have interviews with Linux security experts.

This is's third special report, following our look at Exchange replacements in September, and the finance software report from November. Thanks for all the feedback so far. We're still looking for comments, as well as suggestions for topics you'd like to see us cover. If you have a suggestion for another topic that deserves a series, please let us know. Thanks for reading, and we look forward to your comments.

Click Here!