IBM study tests Linux security
- Monday, January 31 - 2005 at 11:57
To test open source security products, a study was conducted over a period of three months at the IBM Linux Test Integration Center. The goal for the security study was to deploy and compare various open source security tools that were available for free in the industry, and provide solution recommendations.
Consider the string of denial of services attacks that struck high profile Web sites such as eBay and amazon.com at the beginning of 2000. They can happen anywhere.
However, there are processes to apply and products to use to help manage vulnerabilities and threats to businesses. The continual process of prevention, detection and reaction can successfully thwart many attacks; iterative testing and updating ensure the latest security fixes are applied; and integrated security products provide the depth that can help prevent different kinds of attacks without compromising too much usability.
Linux is now available on increasingly more platforms and the use of Linux has grown to hosting services and enterprise applications - now there are editions from different vendors developed for that purpose, that come with capabilities that match or surpass those of proprietary operating systems. With the on demand initiative and growing emphasis on using Linux for business, securing a Linux environment becomes extremely crucial.
The good news is with the open source solutions driven by the growing popularity of Linux, there are increasingly more reliable open source security products designed to protect the Linux environment. Open source security products range from firewalls, to intrusion detection systems, to e-mail encryption and communication protocols.
To take advantage of these open source security products, a study was conducted over a period of three months at the IBM Linux Test Integration Center. The goal for the security study was to deploy and compare various open source security tools that were available for free in the industry, and provide solution recommendations based on experiences during the study.
The study involved the installation, usage, and testing of entirely open source security tools on an already established Linux middleware test environment.
The LTIC team broke the security process down into three phases, with experimentation, iterative testing and protection done for each phase. As a result, piecemeal open source security tools were combined to form an end-to-end security solution that addressed key areas of a common security policy.
Linux generally performed very well in these tests but for a full analysis of the results readers are directed to read the full White Paper on the IBM website following the address below. However, the important point to note is that Linux security is undergoing the most vigorous scrutiny and not failing in any significant way.
The information comprised in this section is not, nor is it held out to be, a solicitation of any person to take any form of investment decision. The content of the AMEinfo.com Web site does not constitute advice or a recommendation by AME Info FZ LLC / 4C and should not be relied upon in making (or refraining from making) any decision relating to investments or any other matter. You should consult your own independent financial adviser and obtain professional advice before exercising any investment decisions or choices based on information featured in this AMEinfo.com Web site.
AME Info FZ LLC / 4C can not be held liable or responsible in any way for any opinions, suggestions, recommendations or comments made by any of the contributors to the various columns on the AMEinfo.com Web site nor do opinions of contributors necessarily reflect those of AME Info FZ LLC / 4C.
In no event shall AME Info FZ LLC / 4C be liable for any damages whatsoever, including, without limitation, direct, special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, or loss of use, arising out of or related to the AMEinfo.com Web site or the information contained in it, whether such damages arise in contract, negligence, tort, under statute, in equity, at law or otherwise.