Linux an Internet security threat
- 14 June, 2000 12:49
A SANS Institute of America report has named Linux- and Unix-operated sites as more vulnerable to Internet attacks than Windows- and Mac-powered sites.
Compiled by US industry, government and academics, the June 1 paper, How to Eliminate the Ten Most Critical Internet Security Threats: The Experts' Consensus, names versions of Unix and Linux systems in nine out of a "top 10" list of security vulnerabilities for operating systems that engineers "need to eliminate".
Dean Stockwell, director of sales and support at NAI Asia-Pacific, dismissed SANS's report as "skewed".
"Virus peddlers target the most popular system," said Stockwell. These happen to be Unix or Linux in the enterprise space, he believes.
"Most hackers graduate from Unix and Linux platforms. They know them intimately. They don't try to exploit them," Stockwell said.
Fifteen per cent of Australian organisations use a Linux system somewhere in their network server infrastructure, according to Rolf Jester, regional director of market services at research company Gartner Asia-Pacific.
Moreover, Stockwell suggested that local "up and coming" IT administrators are being trained in Unix or Linux.
Stockwell also observed an "anti-Microsoft camp growing in Australia. They're turning to more stable platforms," he said, declining to name alternative brands.
A spokesperson from Sydney IT consultancy Working Technology begged to differ.
"Unix and Linux are the geek operating systems," he said. "Windows NT is supported by 90 to 100 per cent of developers worldwide." So how does network security health rate in Australia?"Security is not a high enough priority for IT networks here," Stockwell said.
"We're concerned about Y2K and GST problems. Security is priority two or three.
It needs to be number one."
Stockwell attributes the perceived negligence to corporate Australia's "lack of best practices" and increasingly "busy" IT departments.
"To apply a security patch to any software literally takes minutes," he said.
"I've often had to do it myself."
His advice to ensure Australian businesses are safe from network attack via the Net is to enforce a policy of mandatory systems testing, particularly for file servers and mail servers, and committing to regular upgrading.
Industry ignorance to IT security threats are dire to the economy, Stockwell warned.
He pointed to the fallout from the notorious "I Love You" virus as an example of a country unprepared for a "simple" security attack "written by a student in a matter of days".