Security Applications

One of David's pet peeves is security, or rather the lack of it.

One of my pet peeves is security or, should I say, the lack of it. It's a near-universal phenomena. Out of the box, most Linux distributions are about as wide open and easy to subvert as the standard Windows box. And this shouldn't be (though fortunately, it is changing). Anyone who connects to a public network (the Internet) should be responsible for that system and its use. We hold gun owners accountable for how their guns are used. The same should hold true for computer owners. But distribution makers should also help their customers in this regard, and a poorly secured system is child's play to break into. As evidence, a large number of script kiddies are teenagers. These children commit DDoS (distributed denial of service) attacks using IRC bots. They won't be punished even as minors, but they can put an internet commerce site out of business on a whim. All it would take is a properly configured Linux firewall in most homes to prevent this problem. And with the new Netfilter, it would be easy to put something together. The biggest roadblock seems to be educating users that they need this, lest their system be used for nefarious purposes.

Free Practice Management:

http://www.freepm.org/

I must say, up front, I am not a fan of Zope, and I was unable to get FreePM running via Apache with the provided instructions. Personally, I would have used Perl, PostgreSQL and Apache. But people tend to program using tools they know, I guess. That said, FreePM is more than worth a look for a medical practice. It is extremely well done even if Zope overly complicates its setup. It has support for everything a medical practice needs, including a prescription database, accounting, patient records and more, all well-tied together. Requires: Zope, Python.

Bugtrack:

www.agstools.com/products/bt.html

Extremely easy to install and administer, this utility is very lightweight. If you need a simple bug-tracking solution for Linux or just about any platform, you might want to take a look at this one. It is simple and easily customizable, and I always choose simplicity. Who wants to read documents for days to get something running? For that much effort, I could write the program myself. Requires: a database (MySQL, PostgreSQL, others with ODBC), Perl, DBI module for the database, web server, web browser.

nPULSE:

http://www.horsburgh.com/

Another easy-to-install and use utility, this one allows you to monitor your network through a web browser. nPULSE relies on nmap to scan your network for open ports to tell you if services are still running. This means nPULSE doesn't rely on SNMP, but it also means you'll have to adjust PortSentry or similar programs to account for the “scanning” activity. However, you may want to modify the HTML sources on this slightly. I find the black background with white writing a bit difficult to read (but that may just be my monitor resolution: 1280 × 1024, 16-bit color on a 19" screen). Requires: nmap, Perl, Perl modules Net::SSLeay and Mail::Mailer, OpenSSL (optional), Java (optional).

SendIP:

www.earth.li/projectpurple/progs/sendip.html

This tool is a must-have for all firewall administrators. Until the new iptables includes a check function, you'll need some way to test your firewall. The SendIP utility will allow you to do exactly that. You can send an IP packet (TCP, UDP) or an ICMP packet spoofing the source address to see what happens on your firewall. Works with IPv4 and IPv6, so you can test the iptables IPv6 rules as well. Requires: glibc.

Sentry Firewall CD:

http://www.sentryfirewall.com/

Now this is some CD. You boot from this CD, and with a few preconfigured files on a floppy (on which you've flipped the write-protect switch to read-only) you have a running firewall. Everything is either burned onto the CD or is in memory. If by some quirk, someone actually does manage to break in to this firewall, all you need is a reboot. All files deposited by the attacker are gone when the RAM re-initializes. This particular CD is based on Slackware. So if you have an old system with two NICs that will boot from the CD-ROM, you've got a firewall. Requires: system capable of booting from a CD-ROM, a way to burn a CD-ROM ISO image.

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState