ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Red Hat boosts Linux security

Network World Fusion

(IDG) -- Red Hat is prepping an upgrade of Linux that lets system managers significantly tighten the security of their networks, as well as more easily install and configure the operating system.

Code-named Pinstripe and referred to in prerelease Red Hat documentation as Linux 7.0, the new version supports features that users in corporate environments have long sought. They include several easy-to-use desktop interfaces and a hardened Linux kernel that makes the operating system more stable. The upgrade is scheduled to ship by year-end.

"Pinstripe offers better support for recent hardware, a more secure base install, integration of many popular packages, and better features for mass deployment," says Alan Shutko, software engineer for In-Touch Management Systems, a paging software maker in Melville, N.Y.

"This should make it easier to deploy Linux and fit it into a company's architecture," he adds.

Three of the most important features of Red Hat Linux 7.0 are its use of the latest unreleased Linux kernel, 2.4; inclusion of more complete security features, such as a secure remote access program and Secure Sockets Layer (SSL); and a new installation program that is tailored to the Linux experience level of the user. Linus Torvalds, the creator of Linux, expects the 2.4 kernel to be available by the end of September.

"The 2.2 [Linux] kernel was a great kernel. However, it was lacking in hardware and file system support," says Jesse Noller, an enterprise engineer for a business software company in Massachusetts, adding, "general TCP/IP problems plagued it in the enterprise."

"Linux 2.4 [employed in Red Hat Linux 7.0] uses a new threading model that lets people who need speed and stability tap into the kernel and get a lightning-fast Linux server on an eight-processor Intel box that can serve up a few million pages for a fraction of the cost of Windows NT," Noller says.

  Network World Fusion home page
  Free Network World Fusion newsletters's technical development page
  Imagining life without Red Hat
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Red Hat confirms that Linux 7.0 will also have symmetrical multiprocessing support for up to eight server processors, although the company declined to discuss the upgrade details in depth.

Noller says that enhancing Lightweight Directory Access Protocol (LDAP) authentication functionality and adding SSL are also a boon for corporate networks. With LDAP and SSL exploited, "people in an enterprise environment can have multitudes of machines governed with a singular policy [model]," Noller adds. "This is an excellent step for Linux in the way of enterprise-grade security support."

Other Linux users, many of whom will gather the week of August 14 for the LinuxWorld Conference & Expo in San Jose, agree.

"Network managers need better tools to centrally administer network information, such as user IDs and passwords," says Bill McCarty, associate professor of IT at Azusa Pacific University in Azusa, Calif. "The Network Information Service {NIS] was too insecure to serve this function." NISis a service that provides information that has to be known to all machines on the network.

McCarty has at least one concern, however.

"Unless LDAP is specially configured, it currently transfers passwords across networks in clear text, which is unacceptable," he says.

Red Hat says it solved this problem by disabling LDAP; during installation it can be correctly enabled by experienced administrators.

Two other security technologies, OpenSSH and OpenSSL, which were formerly available separately because of U.S. export laws on encryption, will be included in Linux 7.0.

OpenSSH replaces Telnet, which is a utility Noller believes is problematic. "Telnet is one of the most insecure protocols on the planet," he says. "Anything is better. Why not use strong encryption [such as OpenSSH]?"

Another customer echoes that assessment.

"Secure logons are important to us," says Josip Loncaric, senior staff scientist at NASA Langley Research Center in Hampton, Va. "Remote logins require OpenSSH because otherwise important information, [such as] passwords, could be compromised. Remote users need to access our systems without this risk."

Red Hat has also improved the installation and configuration program for Linux 7.0. The firm added different installation methods for inexperienced to expert system administrators, changed the manner in which security options, such as Kerberos or LDAP, are installed, and separated workstation from server installations.

This change is significant to at least one user who understands the skill levels of people installing Linux.

The user, who asked not to be identified, says any operating system that is shipping with services turned on runs the risk of unnecessary services being used by hackers to break in. Red Hat has disabled several security options that could cause problems for inexperienced installers.

Red Hat also improved its automated Kickstart installation utility with the addition of new commands and the ability to partition previously unused disk space.

"We insert a Kickstart diskette into a new machine with a blank, unpartitioned disk, turn it on and in 10 to 15 minutes have a fully configured system," says NASA's Loncaric. "Kickstart partitions the disk, then installs from a remote file server over the network, customizes a few things, [such as] IP address and host name, installs [the Linux boot loader], then reboots the system."

Red Hat launches IA-64 Linux distribution
May 19, 2000
Two Linux standards groups combine into one
May 10, 2000
Security firm warns of Red Hat Piranha 'back door'
April 27, 2000
Linux livin' large on mainframe
April 5, 2000
Red Hat launches Version 6.1 of Linux operating system
October 6, 1999

Red Hat releases server clustering software
Red Hat launches IA-64 Linux distribution
Red Hat debuts e-commerce, Net device OSes
Ericsson inks deals with ARM, Red Hat
Dell rolls out Linux servers
(Network World Fusion)
Imagining life without Red Hat
Dell, Red Hat team up on Linux
Red Hat debuts e-commerce, Net device OSes

LinuxWorld Expo Web site
Red Hat downloads

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.