[Koha] Linux anti-virus software and other security issues

MJ Ray mjr at phonecoop.coop
Wed Jun 29 03:04:53 NZST 2011


Buster
> He is the former head of our IT department, is a Windows guy, and dislikes
> and distrusts anything Linux. His specific concern is security. Namely, he
> is worried someone can hack into our system and steal patron information. He
> is also concerned about mal-ware in general and wants us to install
> antivirus software on it.
> 
> So I guess my questions are, how do I answer the patron information concern,
> and how do I answer the malware concern? How do the rest of you handle Linux
> security concerns? What antivirus software do you use and from whence do you
> get it?
> 
> Please explain it to me in a way even a Windows guy with zero understanding
> of Linux will understand it.

Sorry, he's going to need to get some understanding of Linux to
understand why it's different.  Here are some headlines to get you
started:

* There are millions of pieces of malware for Windows, while there's
  some debate whether Linux malware has reached the thousands even now.
  http://www.securelist.com/en/analysis?pubid=204792070

* The security model is different and the Unix-style root account is
  really discouraged.  root use is usually initiated by users, rather
  than the often-imitated Administrator password pop-ups initiated by
  programs on Windows (some recent desktop Linux versions have gained
  those pop-ups, which is a bug IMO).  There's a longer discussion of
  privileges in
  http://www.pcworld.com/businesscenter/article/202452/why_linux_is_more_secure_than_windows.html

* We do have antivirus installed on most servers (ClamAV and others)
  but most of their job is fighting Windows malware which passes
  through our servers wasting our electricity, disk and bandwidth.

* Most tools we use came with the distributions but I've written at
  least one scanner myself (for a specific piece of PHP malware that
  won't affect a typical Koha server) and configured some others.
  There are good guides like the Securing Debian Manual if you want
  to be more secure than a typical workstation.
  http://www.debian.org/doc/manuals/securing-debian-howto/ch1.en.html

* We handle most of our security concerns by setting fairly tight
  policies and then following security alert services from
  distributors at least daily.  You can automate updates, but there
  are pros and cons to that, as with any platform.

* How you handle patron information is probably subject to your local
  laws and the biggest risk will probably be staff terminals.  That's
  a matter for local IT policy: GNU/Linux will support whatever you do,
  as standard, through things like SELinux, or otherwise.  At least
  with Koha on MySQL and Linux, it's in your control, rather than
  asking you to trust a black box from another ILS provider.  Can you
  present it as a relative improvement over other options?

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for various work through http://www.software.coop/


More information about the Koha mailing list