| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 |
||||
 |
|
|||
 |
||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||
 COLUMN
Make sure that those back doors stay locked by using Linux-based firewall software IT IS GETTING pretty easy to defend the choice of open-source software for corporate projects these days. It is common knowledge that the Internet runs mostly on open-source software.
Market share for the open source Apache Web server is at about 58 percent, and has been increasing steadily for more than four years. In contrast, Microsoft Internet Information Server market share was about 24 percent in 1998, saw a small favorable blip in late 1999, and is now currently in decline at about 22 percent. Also in decline, iPlanet (aka Netscape) is at a measly 8 percent. But open source got a boost last week with news that Microsoft engineers may have installed a back door into server extensions for its Web-authoring software, Front Page. A "back door" is a secret entrance that programmers create to break into customers' installations of their software. First, Microsoft officials recommended that customers remove the DLL file. Now some doubt has arisen as to whether or not this back door exists. It hardly matters. What matters is that you may never know. That's the testimony in favor of open source. Because you have no access to the source code for the Microsoft software in question, you have no choice but to choose whether you are going to trust Microsoft or its critics. This same conundrum occurred just a few months ago when someone discovered an item called NSAKEY in the cryptography API in Windows. This led to the speculation that the National Security Agency conspired with Microsoft to provide a way to unlock the information on every computer with Windows installed. Microsoft officials deny this, of course, but would they really admit it if it were true? I believe it's true; if I were with the NSA, Microsoft would be the first company with which I'd try to strike a deal to create such a key. And if I were with Microsoft, I'd take that deal. One might argue that Microsoft has more integrity than that and would pass up the deal in order to protect the privacy of its customers. In response, I'd offer them a copy of Judge Thomas Penfield Jackson's findings of fact -- that is, once I could get control of my hysterical laughter. However, the important point is that it doesn't really matter if this story is true or false. The fact is that the only way you could know for sure is if Windows were open-source software. And it isn't. Nor is it likely ever to become open source. Firewall in the pm Before I sign off for this week, I want to recommend a dandy program I discovered called pmfirewall. Pmfirewall is a free program that automatically configures a Linux system as a firewall. For the most part, it just asks a series of simple questions, such as whether or not you want people to access an FTP server inside your firewall, and then creates a firewall configuration script based on the answers. The pmfirewall setup program is text-based, which is actually quite a good thing. It is usually a waste of resources to put X11 on a machine that is only going to direct network traffic. Most people construct a firewall by using a utility called ipchains to create a set of rules for how your server should direct network traffic. Pmfirewall uses but doesn't replace ipchains. It simply relieves you of the tedious task of writing up the ipchains' firewall rules manually. And, because pmfirewall does such an excellent job of that, I used it to replace the set of ipchains' rules that I had already created the hard way. Finally, because pmfirewall is released under the GNU GPL (General Public License), you can examine the source code for yourself to be sure it doesn't create a back door opening to your network. You can get pmfirewall from www.pointman.org. Nicholas Petreley is the founding editor of LinuxWorld ( www.linuxworld.com ), is a contributing editor for InfoWorld, and works with Linux Standard Base. Reach him at nicholas_petreley@infoworld.com.  RELATED SUBJECTS  SecurityDiscuss this article in our online forums MORE > SPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
