LinuxWorld Focus Turns to Security

 
 
By Peter Galli  |  Posted 2005-08-08 Email Print this article Print
 
 
 
 
 
 
 

Updated: Red Hat and HP are giving the battle against vulnerabilities top billing at this week's show.

Looking to counter Microsoft Corp.s claims of security superiority, open-source software vendors are giving the battle against vulnerabilities top billing at this weeks LinuxWorld Conference & Expo in San Francisco.

Red Hat Inc., of Raleigh, N.C., will announce an initiative dubbed Security in a Networked World, designed to address security issues across an enterprise network environment.

Hewlett-Packard Co., meanwhile, will announce its HP Virus Throttle for Linux. Virus Throttle spots viral behavior and thwarts virus attacks in real time without the need for specific signatures, according to officials of the Palo Alto, Calif., company. The new versions will work with RHEL (Red Hat Enterprise Linux) and Novell Inc.s SuSE Linux distributions, among others, and is expected to be priced at around $79 a server, Efrain Rovira, HPs worldwide director of Linux marketing in Houston, told eWEEK.
An anomaly-based technology, Virus Throttle identifies unwanted behavior on a given network and then chokes off traffic generated by the anomaly, which could be a virus, worm or other kind of attack. This prevents the malicious traffic from reaching end-user machines.

Click here to read more about Virus Throttle. HP will also use the LinuxWorld show to announce that its Integrity NonStop servers now support 200 of the most popular open-source technologies, including Java, the Apache Web server, the Zope application server, the Jabber enterprise instant messaging platform and the Samba file server, Rovira said.
The move follows the broad hints dropped by Martin Fink, HPs vice president of Linux and NonStop, at the Red Hat Summit earlier this year that the company was considering porting Linux to its NonStop fault-tolerant server line. "Customers have been asking us to do this for some time now because they are integrating an environment that has NonStop servers with industry standard servers. They will now be able to do that," Rovira said. HP plans to add support for an additional 300 technologies by the end of the year, he said. The Red Hat initiative, meanwhile, comprises several pieces, most notably an enhanced security response capability. Although details of the response effort are still being finalized, Red Hat looks to be moving in the direction of adding more responsibilities and capabilities to its existing Red Hat Security Response Team. The team is responsible for responding to reports of vulnerabilities in Red Hat software and working to produce patches and workarounds. Microsoft, of Redmond, Wash., has had its own Security Response Center, which performs similar tasks and also works with researchers and customers on security issues, up and running for several years.

The Red Hat plan includes a key piece of technology, the Netscape Certificate Management System, that Red Hat acquired from America Online Inc.s Netscape Security Solutions division in September. Red Hat also has been developing a smart-card technology and will be discussing at LinuxWorld how the technology applies to application security and user authentication and how it is being integrated into key pieces of the companys open-source software.

The initiative would not be Red Hat-centric and would involve others in the open-source community and their partners. "We will be talking more about partnerships in and around the community to make open-source security much more well known and to address much of the FUD [fear, uncertainty and doubt] being spread about open source security," said Mike Ferris, Red Hats director of product marketing. A recent report by The SANS Institute, of Bethesda, Md., found that RHEL subscribers are less susceptible to network security holes than users of other platforms. Of the top 20 Internet security vulnerabilities identified in the report, just two affected RHEL subscribers, and patches for those have already been issued.

"Security has always been part of the open-source development model, and Linux itself was created in the age of the Internet and so open-source software is a technology and process that has security at its core," Ferris said. "This is a platform around a concept of security in the enterprise environment. The proliferation of network devices and the increase in connection points, like self-service Web portals for customers, are all creating areas where entry in a network environment must be protected, must be secure," he said. "The goal certainly is to build security into that from the start so that it is a proactive rather than reactive, inclusive set of technologies, processes and procedures and content that surrounds us from the start," Ferris said. The security plays by Linux vendors are in part designed to address ongoing claims by Microsoft, which maintains that research shows open-source software such as Linux is far less secure than Windows and other proprietary software products.

Still, an increasing number of enterprise customers, such as mFormation Technologies Inc., of Edison, N.J., a provider of mobile device management software, are looking for help developing an open-source strategy that also addresses their security needs and concerns.

"HP supported us with the port of our carrier-grade mobile device management software platform to Linux, which we were able to do quickly. Once the port was completed, we used the HP Solution Center in Houston for benchmarking and high-availability tests to prove the scalability and reliability of our solution," said Upal Basu, mFormations co-founder and vice president.

Check out eWEEK.coms for the latest open-source news, reviews and analysis.
 
 
 
 
Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at www.eweek.com.

 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel