anta Clara, Calif.Among the last words spoken at a vendor panel titled Linux and Security Standards here at Jupitermedia's Enterprise Linux Forum Conference & Expo
(June 4-6, 2003) may have been the most insightful. Panelist Bill McCarty said: "Trying to take an insecure product and somehow convert it to a secure product is generally a futile effort. In fact, adequate security has to be built in and tested at the design level on up."
The statement was a critique of using code-checking tools as a security measure and it could apply to any software product, but at a Linux trade show it seemed a clear indictment of Microsoft products. And during the hour-long discussion, which closed this three-day event, the panel of three Linux experts made clear that the abilities to drill down into the kernel level of Linux and to pick and choose which services to deploy on itwhile being completely shut out of Windows products' source codemake Linux much more accommodating for secure computing.
Joining McCarty, an Associate Professor of Web and Information Technology at Azusa Pacific University, where he directs the Azusa Pacific University Honeynet Project, were Bob Toxen, author of Real World Linux Security, Second Edition and a consultant in his own practice at Fly-By-Day Consulting, Inc., and David Truax, a pSeries Lead for IBM eServer Linux Test Drive.
Michael Hall, Managing Editor for Jupitermedia, moderated the proceedings, and the following are the highlights of the panel's responses to the topics he presented.
Fitting Linux into heterogeneous environments within a security scheme
|Linux has a role to play in protecting the more vulnerable Windows services and servers. |
: Although many people in attendance here would like to, kicking Windows off the desktop is a tough proposition. You need to find a way to cope with heterogeneity rather than hope to expel the Windows presence.
Linux has a role to play in protecting the more vulnerable Windows services and servers from the threats that are out there, particularly the desktop stuff.