Problem solve Get help with specific problems with your technologies, process and projects.

Integrating and securing Linux without a silver bullet

There is no silver bullet for dealing with dynamic Linux issues. In this tip, Peter Harrison offers sage advice for Linux security and integration.

The difficulty in integrating Linux with legacy systems and securing IT systems are two of IT managers' most common complaints about Linux, says Peter Harrison, who canvassed many IT pros while writing The Linux Quick Fix Notebook, a new book from Prentice Hall PTR. In this tip, Harrison doesn't offer a quick fix, but he does offer sage advice about security and integration. -- Editor

There is no silver bullet for security. The threats are as dynamic as the technologies upon which they prey. A systemic approach to security should always be considered.

I suggest regular security audits and the enforcement of their recommendations as the most important security tool. Software always needs to be patched; passwords need to be rotated; only pre-defined servers should be allowed to communicate with each another using specific protocols. Unauthorized wireless access points need to be detected; user access rights and controls need to be periodically reassessed. E-mail needs to be consistently scanned and intrusion detection and prevention systems need to be monitored.

Many organizations consider security to be the prevention of unauthorized access to data, but the security function should include insurance against anything that threatens access to the data. This would require audits of the electrical, plumbing and cooling systems in a building, data backups with offsite storage, network redundancy and the maintenance of physical security systems, such as video cameras and physical access logs.

A "fix" implies that something is broken, and this could mean a system is already compromised. Security administrators need to enforce preventive measures so that the fix is rarely needed.

Integration blues

After Linux has been accepted within the organization, IT managers' next intended step is to explore how Linux-based applications, interoperating with existing systems, could be used for future projects.

IT managers said that the seamless addition of Linux would provide increased vendor independence. This would create greater competition between their IT suppliers and possibly provide IT managers with better purchasing terms and a broader range of solutions for their business needs. They realized that the introduction of Linux would introduce new challenges in the areas of staff training, project management and system interoperability, but felt that the cost and operational flexibility advantages would eventually make it worthwhile.

That said, IT managers recognize that Windows isn't going to disappear and that its integration with Linux is an important issue. For example, one manager explained to me that the big question is: "I have just installed Linux on my server, it was relatively easy, but how can I integrate it with what I have already?"

Integrating Linux with other systems generally requires a pilot project to help identify the challenges such a task may impose. Depending on the intended goals, you may have to start with a proof-of-concept pilot with a small multi-disciplinary team, followed by a larger scale pilot with a few linkages to existing systems. As confidence grows with Linux, full scale integration should be considered.

In this scenario, Linux should be treated like any new technology. Questions of compatibility, supportability, implementation and conversion costs, timing, and the clear achievement of pre-defined goals should all be considered.

Linux is definitely a viable IT alternative and should be considered as an option for all new server projects. The integration of Linux with new and old proprietary systems will become a common occurrence and mastery of the task will be a vital IT skill.

  • Read Peter Harrison's tip on increasing the availability of Linux documentation within your organization.
  • Dig Deeper on Linux servers

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.