[Koha] Linux anti-virus software and other security issues
MJ Ray
mjr at phonecoop.coop
Wed Jun 29 03:04:53 NZST 2011
Buster
> He is the former head of our IT department, is a Windows guy, and dislikes
> and distrusts anything Linux. His specific concern is security. Namely, he
> is worried someone can hack into our system and steal patron information. He
> is also concerned about mal-ware in general and wants us to install
> antivirus software on it.
>
> So I guess my questions are, how do I answer the patron information concern,
> and how do I answer the malware concern? How do the rest of you handle Linux
> security concerns? What antivirus software do you use and from whence do you
> get it?
>
> Please explain it to me in a way even a Windows guy with zero understanding
> of Linux will understand it.
Sorry, he's going to need to get some understanding of Linux to
understand why it's different. Here are some headlines to get you
started:
* There are millions of pieces of malware for Windows, while there's
some debate whether Linux malware has reached the thousands even now.
http://www.securelist.com/en/analysis?pubid=204792070
* The security model is different and the Unix-style root account is
really discouraged. root use is usually initiated by users, rather
than the often-imitated Administrator password pop-ups initiated by
programs on Windows (some recent desktop Linux versions have gained
those pop-ups, which is a bug IMO). There's a longer discussion of
privileges in
http://www.pcworld.com/businesscenter/article/202452/why_linux_is_more_secure_than_windows.html
* We do have antivirus installed on most servers (ClamAV and others)
but most of their job is fighting Windows malware which passes
through our servers wasting our electricity, disk and bandwidth.
* Most tools we use came with the distributions but I've written at
least one scanner myself (for a specific piece of PHP malware that
won't affect a typical Koha server) and configured some others.
There are good guides like the Securing Debian Manual if you want
to be more secure than a typical workstation.
http://www.debian.org/doc/manuals/securing-debian-howto/ch1.en.html
* We handle most of our security concerns by setting fairly tight
policies and then following security alert services from
distributors at least daily. You can automate updates, but there
are pros and cons to that, as with any platform.
* How you handle patron information is probably subject to your local
laws and the biggest risk will probably be staff terminals. That's
a matter for local IT policy: GNU/Linux will support whatever you do,
as standard, through things like SELinux, or otherwise. At least
with Koha on MySQL and Linux, it's in your control, rather than
asking you to trust a black box from another ILS provider. Can you
present it as a relative improvement over other options?
Hope that helps,
--
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for various work through http://www.software.coop/
More information about the Koha
mailing list