Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Building a Robust Linux Security Solution

Linux possesses a stable, robust, open-source kernel whose quality is subject to daily scrutiny by thousands of “power users” around the world. As with any other open-source system, once vulnerability is identified, it is typically published and verified within hours—with a fix typically available in days. While Linux still faces serious challenges as a Windows replacement in the office environment, its ability to perform as an enterprise server is no longer in question.

The open-source nature of Linux may require that you devote some time and effort to staying abreast of the latest security advisories and available kernel versions, but it also means you can exercise tight control over system resources, right down to the kernel layer. This is time well spent when you consider the potential consequences of a successful network attack.

Of course, while cutting-edge knowledge of Linux kernel development has its virtues, your security system is probably not the right platform to test-drive the latest and greatest that the “VolksOS” has to offer. Linux kernel versions come in two very distinct lines: the development (experimental) line, which uses odd minor version numbers (for example, 2.1.x); and the stable production line, characterized by even minor version numbers (for example, 2.2.x). New features and drivers are tested on experimental kernel versions, which makes their behavior largely unpredictable.

I strongly recommend against running experimental kernels on your Linux security device. However, I do recommend that you build and install the latest stable version as soon as it’s available. New kernels often address security vulnerabilities, and the version that you got on your distribution is likely to be outdated by the time it gets placed on the shelf.

  • 1