On the Web - Creating Your Own Security
Although it may be tempting to blame faulty software, incomplete patches or inadequate monitoring when security is breached on the Internet, a network or a personal computer, we must remember the part we ourselves play in computer security.
Internet security is the focus of this month's issue; back in the April 2004 issue, we looked at application and intranet security. More articles discussing these and other aspects of security can be found on the Linux Journal Web site. For an overview of how Linux and open-source software are meeting the security requirements of government agencies, read “Open Source Innovation within the DoD” (www.linuxjournal.com/article/7644) and “GNU/Linux Clears Procurement Hurdles” (www.linuxjournal.com/article/7678). Both articles are part of Tom Adelstein's Web column, Linux in Government. Keeping track of government's standing on Linux and open source is important, especially considering the warning issued this past summer by one government agency—the United States Computer Emergency Readiness Team—“advising people to use a different Web browser”.
If you are looking to enhance security on your home or small office network, putting a firewall in place is a good start. But, you knew that and you probably already have one. How about something a little more interesting—something that could turn into a nice little DIY project? In “Building a Diskless 2.6 Firewall” (www.linuxjournal.com/article/7383), author Christian Herzog explains how you can salvage some minimal hardware, replace the hard drive with a CompactFlash (CF) card and employ BusyBox to build a machine with an “iptables firewall, SSH dæmon, DHCP server and DNS server”. Christian's tutorial walks you through choosing the right software, selecting the best filesystem for the CF card, compiling the 2.6 kernel, filling the filesystem and booting with GRUB.
We all know that one important component of computer security is being prepared and able to recover when something goes wrong, as it always does on some level. A large part of one's ability to recover depends on the quality of the data backups, yet backups don't always rank high on people's to-do list. In fact, Phil Moses, author of “Open-Source Backups Using Amanda” (www.linuxjournal.com/article/7422), notes, “Data probably is the most important element in computing, but in too many cases I see data backups overlooked or approached in such a carefree manner that I shiver.” To this end, Phil focuses his article on Amanda, explaining how its ability to take on multiple configurations and multiple backup tape devices, “while requiring a minimum amount of time and resources” makes it an ideal backup solution.
Finally, for something a little different, check out Marco Tabini's article “PHP as a General-Purpose Language” (www.linuxjournal.com/article/6627). Using a PHP-based news aggregator script as an example, Marco demonstrates how the command-line version of PHP can “perform complex shell operations, such as manipulating data files, reading and parsing remote XML documents and scheduling important tasks through cron.”
Have you found a better way to monitor the traffic coming in and going out of your network? Discover a new use for your old 386? Send me an article proposal at heather@ssc.com.
Heather Mead is senior editor of Linux Journal.