Linux Security: Tips from the Experts - Page 4

By  Jacqueline Emigh | Oct 29, 2003
Page 4 of 5   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Get Rid of Deprecated Protocols

You should also swap out older and less secure "deprecated protocols" with newer alternatives, says Dennis, who suggests the following replacements:

Protocol Alternative
POP/IMAP POPS/IMAP (SSL)
telnet ssh/scp/sftp
rdist rsync -e ssh
NIS resync /etc/passwd.group) LDAP over SSL
NFS Still a question mark

No Panacea for Cryptography

Available cryptographies include FreeS/WAN, Kerberos, OpenSSH, and several more. As Dennis sees it, each still has pros and cons. For example, FreeS/WAN, a freeware edition of IPSEC VPNs, "potentially secures deprecated protocols." It is also interoperable with other IPSEC implementations. On the other hand, FreeS/WAN is "NAT hostile," he charges.

Lindstrom also doesn't detect any type of panacea out there for cryptography. "It is nice to know that there is a freeware version of IPSEC VPNs. But the problem of encryption adoption isn't the dollar cost. It's the management and performance issues," Lindstrom maintains.

Security Is Nothing Without Physical Side

Without solid physical security, even the most battened down OS can be compromised in an instant. "Physical security really depends on the situation," Lindstrom says. "Laptops should be under lock and key when not in the user's possession. Sensitive data should be locked up in data centers or other appropriately controlled areas. Access to and from these rooms should be controlled and monitored. Environmental controls should be in place to protect against disasters. Locking I/O devices such as keyboards and monitors is a good idea."

Updates and Patches (Generally) A Must — But Be Careful

"Update, update, update!" Dennis exhorts. "Keep a local repository. Test downgrades, too." Dennis warns, however, that before deciding to install a patch, you should weigh the security benefits against the risks of introducing new features.

Whether you're a Linux veteran or newbie — or even if you're not a Linux practitioner at all yet — it's important to keep up-to-speed on the latest security advancements. Progress can happen so fast in the open source world that, if you blink for a moment, you might miss a promising new Linux security project.

» See All Articles by Columnist Jacqueline Emigh

JacquelineEmigh2@aol.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >