Buster <storypage@gmail.com> writes:
He is the former head of our IT department, is a Windows guy, and dislikes and distrusts anything Linux. His specific concern is security. Namely, he is worried someone can hack into our system and steal patron information. He is also concerned about mal-ware in general and wants us to install antivirus software on it.
This is a FAQ. Google ought to help. Actually, there are some antivirus software for linux. < ;-P > clamav amavis < / :-P > On a serious note - these are virus filters for mail servers -- Linux does not require antivirus software. Period. If an IT guy says that it does, he does not deserve to be in IT.
So I guess my questions are, how do I answer the patron information concern, and how do I answer the malware concern? How do the rest of you handle Linux security concerns? What antivirus software do you use and from whence do you get it?
Yes - you may need to protect the software against SQL injection attacks. You need firewalls. You need security hardening. Hmmm... I had asked a question on this topic couple of days back - "what do you guys do to harden your systems?"
Please explain it to me in a way even a Windows guy with zero understanding of Linux will understand it.
Some guys will never get it. Do drop the idea of convincing him. Such people have pre-conceived notions; and no way you can change that. What you can stress on is, (a) freedom - ability to stay unfettered. If things go wrong with one service provider, you are not restricted in your choice of alternate service providers (if in-house staff is incompetent, you can always go for outside service providers; if provider XYZ Ltd is incompetent, you can choose between ABC Ltd., CDE., inc., or Mr/Ms. Joe|jane Skoder. (b) control - by the library as the user here. You guys need to be in control of the data. HW gets obsolete every few years - and s/w needs to keep pace. Other platforms will not give you (i) a clean and hiccup free transition path, (ii) the freedom to look at alternate solutions a few years down the line. Also, no chain is stronger than its weakest link. And you are going to install Koha into a VM within Windows. I doubt that unless you drop that VM idea, things will be more secure and stable, IMHO. -- Mahesh T. Pai || With freedom comes responsibility. Do not use unauthorised copies of copyrighted material.