- code—all things that are impossible with closed source software. - The most you can ever be with a closed source program is an experienced user. - with open source, you can be an innovator and creator if you want.. - The mailing lists and chat rooms for open source projects are excellent places to ask questions and make friends with people who can really mentor your career. - Getting involved with an open source project is probably the quickest way to learn about how soft- ware is developed. - After you’ve cut your teeth, gotten flamed a few times, and become a regular contributing member of an open source package, you will notice that you are now the go-to guy for all the newbies. - Building a reputation in the open source world looks great on a resume.. - Being able to say you were integrally involved in the development of an open source prod- uct speaks volumes about your dedication and organization skills, not to mention your pro- gramming skills. - Designing an open source software package makes for a great graduate research project. - And of course, once you get good enough, you may end up producing your own open source software and building quite a following. - More than a few authors of open source software have gone on to parley their user base into a real company making real money. - So whether your efforts in open source are just a hobby, as most are, or become your sole aim in life, it can be very rewarding and a lot of fun.. - When Open Source May Not Fit Your Needs. - I’ve said a lot about how great open source software is. - If you work for a company that is designing proprietary, closed source security software, then open source software is not appropriate as a base of code to start from. - This is not to say you can’t play around with open source software to get ideas and learn the art, but be very careful about including any code from an open source project. - It could violate the open source licenses and invalidate your work for your company. - If your company can work with the license that’s included with the open source software, then you may be okay. - Also, some companies are beginning to open source some part of their software.. - If you do decide to do this, you will want to make sure you clearly understand the open source license and have your legal department research it thoroughly.. - This doesn’t mean that you can’t use open source software within your company. - If you are a network administrator, you can use an open source firewall, for example. - closed source software companies do this, as hypocritical as it sounds. - Another case where open source may not fit is if your IT department is not technically capable of handling program installations, compilations, and so on. - While most open source software is fairly easy to use, it does require a certain level of expertise. - If your IT department consists of the administrative assistant who does it in his or her spare time, or you outsource your entire IT department, then it probably doesn’t make sense, unless your contractor has experience in that area.. - Finally, you may be faced with corporate standards that either require you to use specific vendors or outright forbid open source. - Ignored for a long time by the big boys, open source is coming on strong in corporate America. - Companies like IBM, once the champion of closed source and proprietary products, are embracing and even pro- moting open source. - An updated version of the proverb might be “no one ever got fired for saving the company money with a solution that worked.” Certainly, however, going out on limb with a new concept can be more risky than the status quo.. - Windows and Open Source. - It used to be that open source software was primarily developed only for UNIX-based operating systems. - Many developers consider Windows and the company behind it as being the antithesis of what open source software stands for. - in fact, Microsoft has commissioned studies that show open source in a bad light, and heavily markets against the Linux operating system, which is starting to encroach on its market share in the server arena. - However, no matter what the Microsoft attitude is towards the concept, Windows users have been busy creating programs for it and releasing them as open source. - There are ports of most of the major tools in the UNIX and Linux world for Windows. - These programs are sometimes not full versions of their UNIX brethren, but there are also open source programs that are released only on the Win- dows platform, such as the wireless sniffer NetStumbler that is reviewed in Chapter 10.. - Even if they have carte blanche, they may just not be able to dedicate the time to loading and learning one of the open source operating systems I rec- ommend in the next chapter. - is the dominant operating system on most desktops, and ignoring this would be doing a disservice to a large body of technical professionals who could benefit from open source software.. - Open Source Licenses. - Many people assume that open source means software free of all restrictions. - However, almost all open source software is covered by a license that you must agree to when using the software, just as you do when using a commercial product. - nonetheless, it does put limits on what you can do with the software. - When using open source software, make sure you are in accordance with the license. - This is the important part: If your company spends a lot of time cus- tomizing an open source program for its own use, you should be aware that you will have some responsibilities under the open source license.. - There are two main types of open source licenses: the GNU General Public License and the BSD license. - As long as you understand them thoroughly, you should be able to confidently use most open source software without fear of running afoul of any copyright issues. - There are some unusual open source licenses coming out for things like artwork created in games and so forth. - The goal of both major open source licenses is not so much to protect the existing software, but to control the uses of derivative code from that software. - The two major open source licenses and their similarities and differences are described next.. - The GNU General Public License (GPL) is probably the more commonly used open source license. - It is so common that if someone says that something is “GPL’d,” generally people understand that to mean that it has been released open source under the GPL license.. - The GPL is more complicated than the other major open source license, the BSD license. - It has a few more restrictions on the use of the code by the licensee, which makes it more appropriate for companies that are making a commercial product. - Witness the retail pack- ages of various flavors of Linux and commercial versions of the Apache Web servers and Sendmail communication package. - The real beauty of the GPL from a developer’s standpoint is that it allows the original author of the program to maintain the copyright and some rights while releasing it for free to the maximum number of people. - You must always make a version of the source code of the program available when you distribute it. - You can also distribute binaries, but you must also make the source code easily available. - This gets back to the goal of the open source concept. - This ensures that every recipient of the software will have the full benefit of being able to see the source code.. - “and release or distribute it.” If you don’t release it, then you are not obligated to release the source code. - This not only generates lots of good will with the open source community, but it will also ensure that your changes are compatible with future versions of the program and are fully tested. - competitively to release this kind of code unless that program is part of the core business of the company, in which case open source software may not make sense anyway. - Appendix A has the entire text of the GPL. - You can get it in different text formats from www.gnu.org/licenses/gpl.html.. - The BSD license is the open source license under which the original University of California at Berkley version of UNIX was released. - Either way, it spawned a whole family of UNIX versions, including FreeBSD, NetBSD, and OpenBSD, from the free side of the house, and others such as BSDi on the commercial side. - Appendix A has the full text of the BSD license. - You can also access it at www.opensource.org/licenses/bsd-license.php.. - Now that you understand the background of info-security and open source software, we are going to get into the specifics: installing, configuring, and using actual software packages. - The chapters are loosely organized into different info-security subjects, and most of the most major areas of information security are cov- ered. - Operating System Tools. - Most of the tools described in this book are application programs. - As such, they require an underlying operating system to run on. - If you think of these programs as your information security toolkit, then your operating system is your workbench. - The TCB consists of the entire list of elements that provides security, the operating system, the programs, the network hardware, the physical protections, and even procedures. - Operating system hardening. - Basic use of operating system-level tools Tools you will use:. - Many attacks on computers are directed at the operating system. - It used to be that a computer had a limited number of possible inputs—the application programs that were either designed by or approved by the computer vendor. - “straight out of the box.”. - They alter certain system files so that any data coming out of the machine can be under the control of the hacker. - Ensuring that the base operating system of your security machine is secure is the first thing you should do, before you load any tools or install additional programs. - Also, this guarantees that the base operating system is secure from any previous tampering or malicious programs. - You can also use the tools described in Chapter 5 to scan an existing system for vulnerabilities.. - Your choice of operating system for your security tool system determines how you go about securing it. - I recommend an open source operating system such as Linux or BSD, but Windows will work fine as long as you properly secure it first. - I used Mandrake Linux to install and run the Linux-based tools recommended in this book, and most Linux distri- butions and BSD or UNIX operating system can use these tools.. - There are many open source operating systems available as mentioned in Chapter 1.. - I do not advocate that one operating system is intrinsically better than the others as far as security goes. - With over 50 million users worldwide and dozens of variants, Linux has the widest variety of programs, and most of the open source security tools I mention in this book are designed specifically for it.. - There are also some basic tips on how to properly secure the Windows operating system for use as a security workstation. - Finally, you will use some tools at the operating system level. - This chapter is not intended to be a definitive guide on securing any of these operating systems, but it gives you an overview of the basics and some tools to use.. - This process involves shutting off unneeded services, tightening permissions, and generally minimizing the parts of the machine that are exposed. - The details of this vary depending on the intended uses of the machine and by operating system.. - Many books have been written on the subject of harden- ing each different operating system. - However, you don’t have to read a whole other book to do this if you are using the Linux operating system—there are now tools that will do this for you automatically on a Linux system. - This first security tool is an operating system hardening tool called Bastille Linux.. - Bastille Linux
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt