TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD

Quake help not fast enough, says Indian PM

U.S.

Bush: No help from Washington for California power crunch

POLITICS

Bush signs order opening 'faith-based' charity office for business

LAW

Prosecutor says witnesses saw rap star shoot gun in club

ENTERTAINMENT

Can the second 'Survivor' live up to the first?

HEALTH

Heart doctors debate ethics of testing super-aspirin

TRAVEL

Nurses to aid ailing airline passengers

FOOD

Texas cattle quarantined after violation of mad-cow feed ban

ARTS & STYLE

Ceramist Adler adds furniture to his creations

(MORE HEADLINES)

MAINPAGE WORLD U.S. WEATHER BUSINESS SPORTS

TECHNOLOGY

computing personal technology

SPACE HEALTH ENTERTAINMENT POLITICS LAW CAREER TRAVEL FOOD ARTS & STYLE BOOKS NATURE IN-DEPTH ANALYSIS LOCAL
EDITIONS:
CNN.com Europe change default edition
MULTIMEDIA:
video video archive audio multimedia showcase more services

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

Red Hat boosts Linux security

From...

by Deni Connor

(IDG) -- Red Hat is prepping an upgrade of Linux that lets system managers significantly tighten the security of their networks, as well as more easily install and configure the operating system.

Code-named Pinstripe and referred to in prerelease Red Hat documentation as Linux 7.0, the new version supports features that users in corporate environments have long sought. They include several easy-to-use desktop interfaces and a hardened Linux kernel that makes the operating system more stable. The upgrade is scheduled to ship by year-end.

"Pinstripe offers better support for recent hardware, a more secure base install, integration of many popular packages, and better features for mass deployment," says Alan Shutko, software engineer for In-Touch Management Systems, a paging software maker in Melville, N.Y.

"This should make it easier to deploy Linux and fit it into a company's architecture," he adds.

Three of the most important features of Red Hat Linux 7.0 are its use of the latest unreleased Linux kernel, 2.4; inclusion of more complete security features, such as a secure remote access program and Secure Sockets Layer (SSL); and a new installation program that is tailored to the Linux experience level of the user. Linus Torvalds, the creator of Linux, expects the 2.4 kernel to be available by the end of September.

"The 2.2 [Linux] kernel was a great kernel. However, it was lacking in hardware and file system support," says Jesse Noller, an enterprise engineer for a business software company in Massachusetts, adding, "general TCP/IP problems plagued it in the enterprise."

"Linux 2.4 [employed in Red Hat Linux 7.0] uses a new threading model that lets people who need speed and stability tap into the kernel and get a lightning-fast Linux server on an eight-processor Intel box that can serve up a few million pages for a fraction of the cost of Windows NT," Noller says.

MORE COMPUTING INTELLIGENCE

IDG.net home page

Network World Fusion home page

Free Network World Fusion newsletters

IDG.net's technical development page

Imagining life without Red Hat

Reviews & in-depth info at IDG.net

E-BusinessWorld

TechInformer

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for network experts

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

Red Hat confirms that Linux 7.0 will also have symmetrical multiprocessing support for up to eight server processors, although the company declined to discuss the upgrade details in depth.

Noller says that enhancing Lightweight Directory Access Protocol (LDAP) authentication functionality and adding SSL are also a boon for corporate networks. With LDAP and SSL exploited, "people in an enterprise environment can have multitudes of machines governed with a singular policy [model]," Noller adds. "This is an excellent step for Linux in the way of enterprise-grade security support."

Other Linux users, many of whom will gather the week of August 14 for the LinuxWorld Conference & Expo in San Jose, agree.

"Network managers need better tools to centrally administer network information, such as user IDs and passwords," says Bill McCarty, associate professor of IT at Azusa Pacific University in Azusa, Calif. "The Network Information Service {NIS] was too insecure to serve this function." NISis a service that provides information that has to be known to all machines on the network.

McCarty has at least one concern, however.

"Unless LDAP is specially configured, it currently transfers passwords across networks in clear text, which is unacceptable," he says.

Red Hat says it solved this problem by disabling LDAP; during installation it can be correctly enabled by experienced administrators.

Two other security technologies, OpenSSH and OpenSSL, which were formerly available separately because of U.S. export laws on encryption, will be included in Linux 7.0.

OpenSSH replaces Telnet, which is a utility Noller believes is problematic. "Telnet is one of the most insecure protocols on the planet," he says. "Anything is better. Why not use strong encryption [such as OpenSSH]?"

Another customer echoes that assessment.

"Secure logons are important to us," says Josip Loncaric, senior staff scientist at NASA Langley Research Center in Hampton, Va. "Remote logins require OpenSSH because otherwise important information, [such as] passwords, could be compromised. Remote users need to access our systems without this risk."

Red Hat has also improved the installation and configuration program for Linux 7.0. The firm added different installation methods for inexperienced to expert system administrators, changed the manner in which security options, such as Kerberos or LDAP, are installed, and separated workstation from server installations.

This change is significant to at least one user who understands the skill levels of people installing Linux.

The user, who asked not to be identified, says any operating system that is shipping with services turned on runs the risk of unnecessary services being used by hackers to break in. Red Hat has disabled several security options that could cause problems for inexperienced installers.

Red Hat also improved its automated Kickstart installation utility with the addition of new commands and the ability to partition previously unused disk space.

"We insert a Kickstart diskette into a new machine with a blank, unpartitioned disk, turn it on and in 10 to 15 minutes have a fully configured system," says NASA's Loncaric. "Kickstart partitions the disk, then installs from a remote file server over the network, customizes a few things, [such as] IP address and host name, installs [the Linux boot loader], then reboots the system."