Learn linux from basic free online class

The host of a technology radio show in Boston recently tried to strike fear into the hearts of every systems administrator when he said, "You can't stop cyber-terrorism from attacking your network. What are you doing about it?" Although this topic has garnered a lot of national media attention, the talk show host didn't get many takers. Perhaps, he, instead, should have said, "How can you make your network more secure from the outside world?"

The bottom line is this: You can't do anything about cyber-terrorism. On the other hand, for the past three years, systems administrators have been facing four basic security challenges. So, relax, and just focus on them:

* Define your processes and educate your staff and your employees.

* Secure your systems themselves.

* Lock down the perimeters and enforce security guidelines.

* Never stop updating your security systems.

If you do these four things, you'll probably be better off than most of the organizations in the world.

The Value of Perimeter Security

The more your organization depends on electronic communications via the Internet, the more you have to lock down the perimeter or the border between your secure internal networks and any outside networks. Of course, you first want to lock down your internal networks and then think about opening them up for some services or opening up some ports to outside networks.

You also need to continuously update all of your security systems that protect your perimeter. In fact, the majority of systems that get hacked haven't been updated. For example, a year before the Slapper virus for the Windows SQL server made headlines, Microsoft had the patch available on its website. Few systems administrators took the time to get it and update their SQL server.

A good perimeter security technology strategy focuses on six areas:

* Access Control: Your different networks connect to a firewall which, in turn, acts as border control for who can access what and where.

* Authentication: This capability tells you who is coming to the firewall and verifies you are who you say you are.

* Secure Remote Access: If you have a firewall at the perimeter, remote employees can't access the internal network because it is locked down. However, secure remote access capability enables employees to dial-up the firewall over the internet, and then have the firewall authenticate their access to the internal network.

* Content Security: Without this capability, the firewall allows employees to surf the Web, but doesn't control where they go. This capability equips the firewall with an application layer which scans and checks where employees go on the Web. This application layer can also scan for viruses, protect against spare and block employees from going to filtered URL's.

* Traffic encryption: This capability secures remote traffic by encrypting the data between the remote location and the final network destination.

* Alarming or Intrusion Detection: This capability looks into your firewall to see if there are any traffic anomalies. If so, the systems administrator receives an alarm immediately.

Evaluating Perimeter Security Technologies

When it comes to evaluating perimeter security technologies, most systems administrators tend to concentrate on looking at hard parameters, such as features, performance, price, ease of use, third-party endorsement, and certification. But how many systems administrators fail to question how secure the product really is? Don't assume that all security products are really secure!

While hard parameters are important, you should place equal, if not more, emphasis on evaluating soft parameters. These include product and author integrity, ease of update, ease of setup, and all-in-one security solution. Many companies quietly go about sealing holes in the security products by putting upgrades in the next product release. So, you might not be aware there's a problem unless a virus epidemic occurs. In the meantime, if the vendor doesn't provide you an easy way to keep your product up to date, your systems can become prey to hackers. If you have systems running on different platforms, you'll need to spend time tracking updates for each platform, and then doing the maintenance work. Likewise, if you have trouble configuring a system, then expect to have questionable security.

Tight IT budgets have forced many systems administrators to think total cost-of-product acquisition, rather than total cost of ownership. This thinking can result in poor, reactive choices. Today, you need a firewall to protect your perimeter. So you opt for the most inexpensive one. You'll worry about cost of ownership later. What about the other technologies you need for airtight perimeter security? Products that handle all security functions, in the long run, provide a lower cost-of-product acquisition than the collective price of individual security solutions. An all-in product enables you to update all of your systems at the same time, thus reducing your total cost of ownership.

Proprietary Security Software vs Open Source Security Software

When it comes to selecting security software, you have your choice of either proprietary software or open source software. Commercial software vendors pay developers to write code, which is usually tested by both an internal quality assurance team and by some customers. Customers who buy the software can't damper with the code, thus the proprietary nature of the product. They wait for the company to issue updates or patches to fix problems. Often, customers do a good job of uncovering problems and telling the software vendor. To maintain profitability, most security software vendors strive to become experts in one area of security, such as firewalls, and, in torn, create brand loyalty for the product.

The other type of security software belongs to a generic software class known as open source, non-proprietary and free for the downloading from a website. About 20 years ago, the Open Source Software Foundation set up unofficial guidelines for developers who wanted to write and distribute open source software. Open source software usually begins with a project idea which an experienced Perl or C developer registers with the Open Software Foundation. The developer sets up a website and invites other developers to review the code and contribute code updates. Things get done according to a strict hierarchy of decorum regarding who can contribute, and what gets posted for release.

Professional camaraderie, not financial incentives, among developers becomes the motivation to make contributions to a project. Some projects can have thousands of developers reviewing and testing the code. Participating developers like the challenge of putting the software through it paces, and making changes that enhance the software's overall functionality. To this end, updates get made within days, not months, like with proprietary software. If you download the software for use, you can review the code; but, chances are, you don't have the expertise to change it or to understand it.

Perhaps the most widely used and accepted open source product is the Linux operating systems, the first kernel OS that worked on X.86 hardware. By using this OS, hardware vendors such as Dell don't have to issue licensing fees for Microsoft OS. Another widely used open source software application that runs on Linux includes the Apache Web server. In tact, about 60 percent of all Web servers run Apache, according to Netcraft, a technology consultancy firm.

But what about using open source software for security? In a November 19, 2002 article for Business Week Online, John Pescatore, a security analyst with Gartner Group, said that as a result of Linux, more and more businesses and government agencies are getting comfortable with using Linux. He added that this trend is bleeding over into a lot more open security tools.

You'll find hundreds of open source products in each of the six technology areas mentioned for good perimeter security. For example, when it comes to alarming or intrusion detection, millions of individuals have downloaded Snort. In the Business Week Online article, Infonetics, a networking consultancy, said that Snort is one of the better programs in the $400 million intrusion detection market.

Commercialization of Open Source Software

"You get what you pay for" can apply to using open source security software. While products might be free, you'll still need to take the time to configure it, learn to use it, and continue to update it. You might enlist the aid of a consultant.

However, security products based on open source software have started to become a viable business. A flock of emerging companies have taken the best of open source security products and added a slick user interface, technical support, and an updating service. These products usually cost less than comparable proprietary products.