The aim of the project is to model malicious botnets, which are often difficult to analyze because they are geographically spread all over the world, explains Sandia’s Ron Minnich. The more kernels that can be run at once, said Minnich, the more effective cyber security professionals can be in combating the global botnet problem. “Eventually, we would like to be able to emulate the computer network of a small nation, or even one as large as the United States, in order to virtualize and monitor a cyber attack,” he said.

Running a high volume of VMs on one supercomputer — at a similar scale as a botnet — would allow researchers to see how botnets work and explore ways to stop them in their tracks. “We can get control at a level we never had before,” said Minnich.

A related use for millions to tens of millions of operating systems, Sandia’s researchers suggest, is to construct high-fidelity models of parts of the Internet.

“The sheer size of the Internet makes it very difficult to understand in even a limited way,” said Minnich. “Many phenomena occurring on the Internet are poorly understood, because we lack the ability to model it adequately. By running actual operating system instances to represent nodes on the Internet, we will be able not just to simulate the functioning of the Internet at the network level, but to emulate Internet functionality.”

To complete the project, Sandia utilized its Albuquerque-based 4,480-node Dell high-performance computer cluster, known as Thunderbird. To arrive at the one million Linux kernel figure, Sandia’s researchers ran one kernel in each of 250 VMs and coupled those with the 4,480 physical machines on Thunderbird. Dell and IBM both made key technical contributions to the experiments, as did a team at Sandia’s Albuquerque site that maintains Thunderbird and prepared it for the project.

The capability to run a high number of operating system instances inside of virtual machines on a high performance computing (HPC) cluster can also be used to model even larger HPC machines with millions to tens of millions of nodes that will be developed in the future, said Minnich. This successful demonstration, he asserts, means that development of operating systems, configuration and management tools, and even software for scientific computation can start before the hardware technology is mature.

“Development of this software will take years, and the scientific community cannot afford to wait to begin the process until the hardware is ready,” said Minnich. “Urgent problems such as modeling climate change, developing new medicines, and research into more efficient production of energy demand ever-increasing computational resources. Furthermore, virtualization will play an increasingly important role in the deployment of large-scale systems, enabling multiple operating systems on a single platform and application-specific operating systems.”

Sandia’s researchers plan to take their newfound capability to the next level.

“It has been estimated that we will need 100 million CPUs (central processing units) by 2018 in order to build a computer that will run at the speeds we want,” said Minnich. “This approach we’ve demonstrated is a good way to get us started on finding ways to program a machine with that many CPUs.” Continued research, he said, will help computer scientists to come up with ways to manage and control such vast quantities, “so that when we have a computer with 100 million CPUs we can actually use it.”

DirectAuthorize arrives as the third member of a line of products created to ease the task of managing mixed environments with Active Directory. The other two products, DirectControl and DirectAudit, perform centralized authentication and auditing.  

“Typically we serve customers who are looking to introduce Linux, Hewlett-Packard, AIX, or Unix into their environments, and also often VMware.” Centrify CEO Tom Kemp said. “In terms of access rights and password management, that ends up being a lot of sticky notes next to your screen.” DirectAuthorize replaces non-Windows systems’ authorization infrastructure with that of Active Directory, which allows admins to move all user authorization information to a central location and to manage it from that location.

In the theater of IT operations, security has moved to center stage. Attacks have become more complex, and legislative bodies have passed laws that require data protection. In just the past year, Nevada and Massachusetts introduced legislation requiring that consumer data be protected. 

 In 2006, Oracle introduced its Audit Vault, which purported to restrict access to data even from database management administrators. This kind of tool is extremely valuable in the fight against those trying to steal personal information.  

In early 2009, another player will offer a similar — and perhaps more secure — way to restrict data access As part of its yearly feature update, the PostgreSQL group plans to implement a module called SE-Postgres in the database core. This module inherits security rules and contexts from the SELinux rule set of the host OS to control access to tables, individual rows of data and even individual columns. Currently SE-Postgres is available as a patch to the Postgres 8.3 database (for those who don’t mind compiling source code). 

This inheritance of rules applies to all facets of SELinux and therefore gives you power beyond simply restricting access by role. When SE-Postgres is configured properly, a client’s SELinux context is propagated to all data it touches. For example, rows inserted by a subject with SystemHigh privileges will carry the Secret label. A query submitted by a subject with user_t privileges will not return rows that have such a label. For the most part, referential integrity is preserved; a table join will fail if one of the objects required in a table is disallowed by SELinux context. There are a few minor exceptions, but those will be closed as the project progresses.

Which tool is best for remote server administration in a Linux environment, and why?

 Jay Lyman, an open source analyst at Boulder, Colo.-based 451 Group, recommends the General Public License-licensed Virtual Network Computing (VNC) system for its user-friendly general user interface. This tool works with Open Secure Shell (OpenSSH) to perform tunneling, a method to establish secure connections between local and remote networks.  OpenSSH itself received several mentions in our IT pros’ responses .

As Kristian Erik Hermansen noted, the tool does more than tunnel. Hermansen’s description of OpenSSH’s capabilities: It can “forward graphical applications to remote machines, create a series of tunnels, redirect traffic over a SOCKS proxy, and perform way too many other features to mention.”  

Serge Wroclawski expected SSH to be at the top of respondents’ lists but suggested they trade it in for more automated remote administration tools. He advises managing remote server configuration with tools such as bcfg2 and Puppet. 

“Remote server management is a multidimensional problem, and managing the Linux OS is only a part of it,” said Ideas International Inc.

CEO Tony Iams Iams outlined several considerations in approaching this problem, but concluded that  “perhaps the most important factor in choosing a remote Linux management tool…is to make sure it integrates smoothly into the dominant management tools and procedures that are already in place.” 

Do you have a question you’d like to see asked and answered? Email it to editor@searchenterpriselinux.com . To see the complete responses from our IT pros, go to the feature main page.

“Ten years ago, most attacks were random,” said Ed Hammersla, the chief operating officer at TCS. “Now we are seeing attackers who have a focused knowledge of their victims. CounterStorm acts as a last line of defense in an environment in which more serious, targeted attacks … have become prevalent.”

Security Blanket first runs a security compliance profile on a system, automatically brings it into compliance with specified security standards and monitors the system for possible breaches.

CounterStorm strengthens the lockdown process with yet another measure: anomaly-based targeted threat prevention that observes a system’s typical behavior, scans for deviations and isolates and attacks these anomalies. With this approach to abnormalities, CounterStorm makes server scanning and issue resolution easier for admins. “It is much easier and less costly to fix 100 servers than it is to fix 1,000,” said Hammersla.

With the acquisition, TCS expands further into commercial applications for its security tools. Hammerla said that while government and the private sector have different security needs, an unsecured system can result in damage to either. “Government and commercial software security administrators have different concerns,” Hammersla said, “but face the same consequences.”

“Hospitals, for example, are not particularly anxious about their networks being infiltrated by China, but the government certainly is,” Hammersla said. “However, over time, I think that we will see more and more of the commercial and government compliancy standards merging.”

As attacks upon software systems become more sophisticated, it is crucial to adapt security measures to emerging threats. Virtualization is presently one of the most exciting technologies in the enterprise, but also among the most vulnerable.

At VMworld, Sourcefire, the security company that brought Snort to the market, has introduced a new product offering through its Sourcefire 3D. Most important, the release improves Real-time Network Awareness (RNA), a feature able to monitor both hardware and virtual environments.

First, RNA enables administrators to tailor the software to their compliance and policy requirements; the VM Detection feature combats the problem of VM sprawl by detecting all virtual machines and making them visible.

RNA is now supported by VMware’s support services, Technology Alliance Partner (TAP) program and VMsafe. VMsafe includes an application program interface (API), which enables other security applications to monitor for and catch intrusions that RNA cannot see.

RNA saves enterprise resources by identifying threats as they occur by continuously collecting information about virtual machine activity at the surface level of a virtual environment. Other security tools collect such data only during the day, allowing intruders greater opportunity to inflict harm on the system.

On Friday, Aug. 22, openSUSE announced that its newest version, 11.1, will support Security Enhanced Linux, or SELinux. Novell’s security tools, AppArmor and SELinux, have traditionally been considered intense rivals. In this interview, openSUSE’s Andreas Jaeger, Roman Drahtmüller and Matthias Eckermann discuss openSUSE’s support of SELinux.

OpenSUSE now has basic enablement with SELinux. That’s great for SELinux users now, but will openSUSE be able to integrate new patches for SELinux?

Andreas Jaeger : OpenSUSE is developed with a community approach; We are proud to have opened the openSUSE build service to the community, with the option to develop and package open source software cross-distribution.

As SELinux is a cross-distribution effort, we encourage members of the SELinux community to participate in the openSUSE build service: to develop, test-drive and integrate new user land patches and tools into openSUSE and other distributions using our cross-distribution service. This way, all distributions running with SELinux enabled in the Linux kernel will benefit.

Is support of SELinux indicative of a larger industry trend toward interoperability?

Roman Drahtmüller: Novell observes a tendency in the industry to increase the security value of a system by introducing additional controls beyond the scope of the application. This means the application is exposed to these controls but cannot change them.

In moving from AppArmor to SELinux, does a company sacrifice compliance benefits?

Drahtmüller: AppArmor profiles for application containment and confinement are comparatively easy to manage throughout an infrastructure. Creating them is a distinct, low-pain checkmark item. The same applies to evaluating log messages that record possible violation attempts against protected system services.

For customers, the transition to SELinux may need a change in thinking and architecture, but also allows for the definition of a complete policy in a system. It helps to disallow actions that are not subject to a defined policy. There are environments that require such a functionality — regardless of the cost associated with it — for compliance reasons.

We anticipate that customers with these requirements will aim for a SUSE Linux Enterprise operating system, as it targets the special needs of customers working in compliance-bound environments.

Security tools have created a tradeoff between capability (SELinux) and usability (AppArmor). Is Novell’s approach to this tradeoff changing with its basic enablement of SELinux?

Matthias Eckermann: As in earlier releases of our product, openSUSE 11.1 reflects our belief in the value of additional security mechanisms in the operating system. The benefit of such mechanisms is maximized if the configuration and administration is as transparent, straightforward and as easy as possible for administrators.

Security needs that aim toward mandatory access control, mandatory integrity control or even multi-level security require a suitable architecture. With the basic SELinux enablement, we will allow our partners and customers to use such an architecture to implement solutions that fulfill their specific needs.

Nevertheless, we want our users to be able to choose their own priorities between administrative effort and functional benefit.

What do you think? Leave a comment below or contact chunter@techtarget.com.

Related to the Fedora intrusion, Red Hat also announced a breach into a few Open Secure Shell (SSH) security encryption packages for some versions of RHEL 4 and RHEL 5 that are not under the umbrella of a Red Hat network management system. As a precaution, Red Hat issued an updated version of the affected RHEL Open SSH security packages.

No big deal? 
Reaction to the breach is muted at best.

Joe Clabby, a principal at Falmouth, Maine-based Clabby Analytics, said that a new signing key install “could be a real hassle” for a large install base without an automated deployment system, but he didn’t think it was a huge problem. “It’s good they found it and made it public so people can fix it and life goes on,” he said.

Charles King, a principal analyst at Hayward, Calif.-based Pund-IT Inc., agreed.

A security breach is “always disquieting,” he noted, but this one is probably of lesser impact, because most data centers do not run Red Hat exclusively. In one sense, the breach could be viewed as an indicator of Red Hat’s growing success. Hackers generally target only commercially successful distros, King said.

Well-known tech blogger Jason Perlow said that the breach is “standard stuff” that will be remedied quickly because the entire open source community will become engaged in developing a remedy, versus a breach with a proprietary vendor, which could take months to solve the problem.

I suspect that most large Red Hat installs run RHEL rather than Fedora, thus reducing the probable risk to businesses. Nevertheless, as an admittedly impatient journalist wired to ask questions and expect answers, Red Hat’s failure to be more forthcoming about the extent of the breach and the potential impact is disappointing. Users aren’t well served by a limited statement and a wall of silence.

The Belmont, Calif., company, which describes its customers as smarter and better looking than those of its giant competitor in its press releases, debuted its 2501 appliance last week at LinuxWorld Conference & Expo. The 2501 has nearly twice the horsepower (1.8 GHz versus 1 GHz) and more expansion slots than its 514 predecessor, which was introduced last March.

Although Cisco has overwhelming market share, Vyatta’s pitch is its eye-popping price advantage (it’s about a tenth of Cisco’s cost). In addition, the functionality of Vyatta’s router is in software, which is easy to upgrade, versus Cisco’s proprietary hardware boxes, which can only be upgraded via replacement.

Rob Whiteley, the principal analyst at Forrester Research Inc. in Cambridge, Mass., said the new router is better and more powerful than its predecessor and would enable Vyatta to go after more than the low-hanging fruit of small companies and branch offices.

The 2501, in contrast, has the additional processing power and throughput required for medium to large networks and could function as a link to a wide area network (WAN) or a security appliance.

Vyatta will never be large enough to meet all of most companies’ needs, Whiteley said. But the growing acceptance of open source products and the current budget-shrinking economy should help Vyatta’s cause, he said. Ultimately, Vyatta’s success will depend on its ability to offer additional services along with its routers, he said.

Rootkits, a form of malware designed to take control of a system without the authorization or knowledge of an administrator, can wreak havoc on a system and compromise everything it does by infecting code, nestling within it and becoming the malevolent phantom of an OS.

If security plays second fiddle to other system administration duties, your system may be just as much at risk as if you didn’t monitor it at all. But a new crop of rootkit detection tools is designed to detect these malware breaches and, in some cases, beat malware at its own game.

Products such as F-Secure Blacklight and OSSEC help protect system information from being used against you by making it inaccessible to nonadministrators. Unlike traditional antivirus scanners, these tools examine the system at a deep level to detect active rootkits and rout them out. Tools like Blacklight also tout themselves as user-friendly and nontechnical .

The new security tool ProcL goes a step further by hiding information about which version of software a system uses. As a result, malware attempting to gain system access cannot tell whether the system has software from 2008 or 1988 and will likely move on to an easier target.

For more on ProcL, see the Scanit website. And to check out an advanced security “hiding” tactic involving virtualization, click here.