ARE YOU RUNING LINUX RIGHT? Linux is widely deployed today in the modern datacenter. However, in the face of modern security threats, are you running it right?
INTRODUCTION Enterprise Linux has become the cornerstone of the modern datacenter. From running basic services to mission-critical transactional systems, Linux is capable of running the most critical of IT workloads. Today, Enterprise Linux powers the Internet including over 60% of public, private and hybrid clouds. As businesses become reliant on Linux, it is important for IT departments to pause and take a look at their own Linux Infrastructure to ensure they are doing it right from both a security and compliance perspective. We present here 4 strategies for running Linux right in the enterprise. 1. Get Support from your Linux vendor Having a Linux vendor support ensures that IT departments are not alone when they run into problems. From our experience working with IT departments on their Linux Infrastructures, we have noticed an alarming trend of running Linux unsupported for critical applications. This is a dangerous position to be in especially if your critical business applications run on Linux. However, having support from your Linux vendor is more of a common sense than a strict requirement. Application down times happen, but when they do, you are better off having your Linux vendor supporting you. For instance, for organizations running Red Hat Enterprise Linux, support is available through Red Hat, the leading Enterprise Linux vendor. Having a Linux vendor support ensures that IT departments are not alone when they run into problems. This means that whatever happens, the Linux vendor is a phone call or email away. Often times we educate customers on the fact that Enterprise Linux is not licensed like Microsoft Windows Operating System. As 2
such, there are no License fees attached. What customers pay for however, is the 24x7 all year round support that Red Hat provides with unlimited support issues. We encourage businesses to ask about their Linux support contracts with Red Hat from their IT infrastructure vendors. 2. Lock down your Linux Infrastructure There is a commonly held notion that Linux is secure out of the box. This is not entirely true. Out of the box Linux deployment is not at the highest security possible. Most default enterprise Linux deployments are alarmingly weak in security that they could actually become the weak link of your entire IT infrastructure. This opens up loopholes that data thieves, hackers and Linux malwares could exploit to cause damage. In most cases, Out of the box Linux deployment is not at the highest security possible because of limited in-house Linux security skills, many businesses have become victims of data breaches, without even realizing it. It is important that your IT team take the time out to audit your default Linux installations. This could be a difficult task, depending on the skill level of your IT staff. It is important that organizations agree on and define standard services for their entire Linux Infrastructure. This activity is easier if deployments are automated and configuration management systems are put in place. Non-intrusive vulnerability assessment should also be performed on these servers. 3
3. Get Regular updates There is no Operating System (OS) that is 100% bug free. That is why OS vendors regularly push updates throughout the lifetime of an OS. This also applies to Enterprise Linux. As Linux becomes more entrenched, the number of Linux-specific malwares will increase. Regular updates protect your infrastructure. As mentioned earlier, Enterprise Linux is not licensed like Microsoft Windows or other proprietary operating systems. Enterprise Linux is based on a subscription model where you pay an annual fee for subscriptions. This subscription entitles you to phone and email support from the Linux Vendor directly. Your Linux Infrastructure also gets regular updates, bug fixes and patches. If you have paid for Enterprise Linux but As Linux becomes more entrenched, the number of Linuxspecific malwares will increase. Regular updates protect your infrastructure not getting updates you need to call up your IT supplier. Many organizations panicked when the heartbleed bug (in OpenSSL library) was disclosed back in April 2014. If exploited, the bug could reveal private encryption keys, user name and passwords. Many services on Linux rely on this library for encryption. For organizations with Enterprise Linux subscriptions, vendors like Red Hat made updates and patches available within a few hours of the bug discovery. 4. Get your IT Staff Trained Companies that are successfully reaping the benefits of Enterprise Linux have teams of well-trained in house staff to deploy, manage and support their Linux Infrastructure. You do not want to rely solely on Google in the event of a business application on Linux going down. It is tempting to over look the skill required to maintain your 4
Linux Infrastructure in the name of saving a few bucks. In the long run, nothing boosts the confidence of your IT team more than a solid training that teaches them the bolts and nuts of Enterprise Linux. It is important that these in house engineers are trained on methods and best practices when it comes to Linux Infrastructure Management. CONCLUSION Enterprise Linux is used today as the platform of choice for running mission-critical and standard business applications. It positions enterprises to tackle present day challenges facing IT around cost, scale, security and performance. It is important to run your Linux Infrastructure in the most secure and standardized way to reap its full benefits. Nixarus is a leading Enterprise Linux Infrastructure powerhouse. We specialize in the design, implementation and support of Linux powered Infrastructures for medium to large business. We also provide advanced hands-on training on Enterprise Linux for system administrators and IT Managers. Nixarus is a Red Hat Advanced Business Partner. Contact: S48, 9 th Floor. Eleganza Plaza, Plot 634, Adeyemo Alakija Street, Victoria Island, Lagos, Nigeria. www.nixarus.com info@nixarus.com Phone: +234 1 4546474, Mobile: +234 80 3370 5949 5