[Koha] Linux anti-virus software and other security issues
Mahesh T Pai
paivakil at gmail.com
Tue Jun 28 17:24:51 NZST 2011
Buster <storypage at gmail.com> writes:
> He is the former head of our IT department, is a Windows guy, and
> dislikes and distrusts anything Linux. His specific concern is
> security. Namely, he is worried someone can hack into our system and
> steal patron information. He is also concerned about mal-ware in
> general and wants us to install antivirus software on it.
This is a FAQ. Google ought to help.
Actually, there are some antivirus software for linux.
< ;-P >
< / :-P >
On a serious note - these are virus filters for mail servers -- Linux
does not require antivirus software. Period.
If an IT guy says that it does, he does not deserve to be in IT.
> So I guess my questions are, how do I answer the patron information
> concern, and how do I answer the malware concern? How do the rest of
> you handle Linux security concerns? What antivirus software do you
> use and from whence do you get it?
Yes - you may need to protect the software against SQL injection
attacks. You need firewalls. You need security hardening.
Hmmm... I had asked a question on this topic couple of days back - "what
do you guys do to harden your systems?"
> Please explain it to me in a way even a Windows guy with zero
> understanding of Linux will understand it.
Some guys will never get it. Do drop the idea of convincing him. Such
people have pre-conceived notions; and no way you can change that.
What you can stress on is,
(a) freedom - ability to stay unfettered. If things go wrong with one
service provider, you are not restricted in your choice of alternate
service providers (if in-house staff is incompetent, you can always go
for outside service providers; if provider XYZ Ltd is incompetent, you
can choose between ABC Ltd., CDE., inc., or Mr/Ms. Joe|jane Skoder.
(b) control - by the library as the user here. You guys need to be in
control of the data. HW gets obsolete every few years - and s/w needs to
keep pace. Other platforms will not give you (i) a clean and hiccup free
transition path, (ii) the freedom to look at alternate solutions a few
years down the line.
Also, no chain is stronger than its weakest link. And you are going to
install Koha into a VM within Windows. I doubt that unless you drop that
VM idea, things will be more secure and stable, IMHO.
Mahesh T. Pai ||
With freedom comes responsibility.
Do not use unauthorised copies of copyrighted material.
More information about the Koha