Why I love Linux
by Michael Smith, Full Metal Tux
Tue, 2007-04-03 00:22
Topic(s): |

This is easy: I love Linux. I’m the new Linux blogger for CSOonline, and I just want to get that out up front. 
 
I taught myself Linux while I was stationed in Germany with nobody around to teach me how to do it, and it took me 6 months of digging through the Linux Documentation Project files included with the Red Hat 4.2 CDs before I found out that “resolv.conf” only has one “e” in it.
 
Technology and personal preference aside, though, there are some reasons why the security geek in me loves Linux, and these are the key ones:
 
Flexibility and Modularity = Availability
Linux is fun. I found that out when I lived in Eugene, OR, and we had a clinic every Thursday night to build and repair Linux installs. Part of that fun was the flexibility that you can have with typical Linux software. Everything is modular, so if you don’t like, say for instance, the command line interface or the desktop environment, or even the kernel version, you can swap it for another.

That same flexibility lets you do “unnatural things” with the software and still walk away virtually unscathed. For example, software raid for your root partition means that you can take the hard drives out of one server, drop them into another, and recover data without having to worry about what raid controller you’re using.
 
Open = Assessability of Risk
It’s been said probably a thousand times already, but with open source, I can assess the code or I can pay somebody to assess the code without a Non-Disclosure Agreement. I can’t do that with a closed-source system—I have to rely on how responsive the vendor is to vulnerability disclosure, development, testing, and patching.
 
Licensing != availability
Licensing is designed to keep you from doing some things with the software. These usually become a problem in an operational environment when you absolutely need to do more “unnatural things” to revive systems, like cross-connect servers to different LAN segments and have them serve as temporary firewall, web, and database servers.
 
Simplicity = Easy to Harden
It’s a basic principle for security engineering: less to secure is easier to secure. If you don’t need it, don’t run it, and don’t install it.
 
Unix = Reliable Security Model
It’s all the security models you learned in school. Network-centric design? Check. Principle of Least privilege? Check. Role-based access control? Check. Access Control Lists? Check. Thirty years of improvement and refinement? Check. Yes, the Unix model has had some problems over the years, but it doesn’t do “dumb unnatural acts” for the most part like letting userland programs have direct kernel-level privilege (yes, yes, Vista fixes this with LUA).

» read more from Michael Smith | post a comment
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast