Internet threats have clearly become a lot more sophisticated and malicious.
The frequency and level of attacks on corporate networks and systems around the world have forced businesses to adopt a more vigilant approach towards security, and to review review the way applications are configured, be discerning in selecting software applications and emphasise security as a top priority in business. Any operating system is prone to security vulnerabilities. Attacks originate from insecure software. Companies like to acquire extra security applications such as intrusion detection systems and firewalls and throw money at the problem, but these applications also have vulnerabilities and the real solution lies in running secure code and being strategic about configuration and assembly. For example, if an application, such as the DNS server, is compromised, but is well configured, the attacker will only have access to modify the DNS settings and will not gain sufficient control to take over the entire server. Many commercial applications are monolithic in design and everything is interlinked, so if one service is compromised, it means the entire server is left vulnerable. The only way to achieve the required level of trust is to be open source, an approach that the majority of commercial suppliers are not willing to take. In the case of open source, a key consideration to keep in mind is the fact that the technology has been reviewed many times over by some of the world’s best and brightest in the field of computer security.
The perception that a Linux environment and open source software statistically has more vulnerabilities in comparison with other operating systems is only half true. Due largely to the ‘open’ nature of this environment, source code is made available for scrutiny by many parties. This means that vulnerabilities are picked up immediately and announced . And even if nothing is done by the original developers to fix the problem, it is almost guaranteed that someone, somewhere will create a patch and release it. This is one of the key advantages of Linux environment, from a security point of view. The other is that it is flexible, modular and built from the ground up with security in mind, so the risk and consequences of a security compromise are reduced. A significant aspect of Linux is that it is not vulnerable to viruses. It is also not prone to e-mail virus attacks or spam. Linux is an extremely flexible operation system and does not just set standards – standards are at the heart of its design.
It has made significant inroads within the server domain and is progressing within the desktop space, but common challenges – such as skills, short term business benefit over security requirements and general misconception – mean a long journey ahead for the local market in terms of adoption.