http://www.computerworld.com/securitytopics/security/story/0,10801,100535,00.html
By Neil McAllister
MARCH 21, 2005
INFOWORLD
If you're an IT manager, introducing Linux into your enterprise is a
tough decision. Choosing to take the plunge at all is one thing, but
facing the myriad choices is another.
At last count, the database at DistroWatch.com racked some 345
actively maintained Linux and BSD distributions. Although most
enterprises are likely to consider only a fraction of that catalog,
the number of decision points it represents is potentially much
larger.
Each Linux distribution is configured differently. Each ships with its
own kernel, modules and associated tools. Some use the Gnome desktop
environment, others KDE, and still others ship as bare-bones
command-line systems. Some provide lots of applications and services
for maximum flexibility, whereas others have been pared to the minimum
and locked down for security.
In the past, taking any of these distributions for a test-drive could
be a tedious process. It meant cleaning out drive space on a spare
machine, going through a potentially irksome installation process
(depending on the distribution), creating accounts, and then
experimenting with the operating system before deciding whether it was
worth a full-blown install.
Today's answer? LiveCDs -- complete, functional, binary Linux
distributions booted from a CD, DVD, USB keychain drive or other
portable media. Want to know if Mepis ships with the right libraries
to support your applications, or if the Ubuntu desktop is just the
right shade of chocolate brown to suit you? Burn a copy of the LiveCD
version, boot it up, and take it for a spin -- no need to install it
to a hard drive.
Macintosh fans are probably slapping their foreheads and saying,
"Duh." As far back as Mac OS 7 it was easy for Mac users to include a
working System Folder in a disk image to create a fully bootable
CD-ROM. But it wasn't always so easy with Linux (or Mac OS X, for that
matter).
Since those days, however, open-source operating systems have
developed the most sophisticated LiveCDs around. Compressed
filesystems pack as much as 2GB onto a single CD-ROM image, and some
distributions -- such as Puppy Linux -- even ship LiveCDs that use
multisession burning to allow users to save data back to the same CD
they booted from.
Whereas many LiveCDs are trial versions of full-blown distributions,
others have been designed with more specific purposes in mind. For
example, Knoppix comes packed with data-recovery and security tools.
Hikarunix on the other hand, is a complete, bootable, Linux-based OS
dedicated solely to the ancient game of Go and is small enough to fit
on a pocket-size mini CD.
These last examples bring up an important point that I'd be remiss to
neglect. A PC booted from a Linux LiveCD is transformed. It no longer
has any of the user accounts, logging and security controls of its
original host operating system. It has become a Linux system,
completely under the control of the end-user and loaded with an
arbitrary selection of open source software -- yet it still has access
to the same hard drives, network, servers and other resources as
before.
The security threat this poses is obvious. Choosing a Linux
distribution for your enterprise environment is a difficult decision,
but it should be IT's decision. If your corporate desktops and
notebooks are distributed with the ability to boot from CD-ROM enabled
in the BIOS, ask yourself this: Do you know what your users' favorite
Linux distributions are?
_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
