Security minded Linux users have options if they want to lock their systems down extra-tight. They can jump to a close Linux relative like OpenBSD. If they know what they're doing, they can set ultra-secure configuration options. Or they can choose from a few freely available Linux distros that make security a top priority.
If you use Linux instead of Microsoft (Nasdaq: MSFT) Windows, its free availability may well be a deciding factor. But the fact that virus and malware contamination are less likely to take down your Linux computers are no doubt essential influencing factors as well.
But does using a more popular Linux distro like Cononical's Ubuntu make your system more or less vulnerable than a Linux-on-a-stick variety such as Puppy Linux? More likely than not, if you use any Linux distro, you will compute in a relatively strong security envelope.
Still, some aspects of the open source community are pushing out hybrid Linux distributions that claim to be more secure than your otherwise plain-vanilla Linux distro of choice. So if you want a more hardened Linux configuration, you have options.
One is to ensure that you have all the security-enriched configuration options selected. That could take a Linux systems expert to achieve.
The second option is to use one of a few available ultra-secure Linux distros. The newest candidate for super-secure Linux is Lightweight Portable Security, or LPS. An established alternative is Security Enhanced Linux (SELinux) from the U.S. National Security Agency.
The third choice for having a more secure computing platform is to switch to one of Linux's close family relatives. You could use OpenBSD. This is not really a Linux distro. Instead, it is a Unix derivative.
"It depends on the usage -- desktop, mobile device or server. Even generally for security, OpenBSD is probably the best choice when it comes to tight security. All standard Linux distributions are fairly equal when it comes to security, so it mainly comes down to preference," Rainer Enders, CTO of Americas at NCP Engineering, told LinuxInsider.
Linux Is Linux
From a security perspective of Linux reliability, most attacks occur at the kernel level. All Linux distros use the same kernel, so that is an advantage. But when security really counts, Unix is more secure than Linux, said Enders.
"With Linux the security posture is nearly identical in all distros. So it really doesn't matter which distro you use," he asserted.
The Linux security issue is not like the ongoing debate over which operating system is more secure. We are not comparing Linux to Mac OS and Windows 7. You can generalize about Linux security and say that all distros are secure, he said.
Even the so-called ultra-secure Linux distros are mostly just adaptations and tweaks, he explained. The ultra-secure versions of Linux harden the network connections.
"The difference among distros in Linux is found at the high end. The interface and package management are different, for example," he said.
It's the Layering
Linux is not defined by a single security feature. Instead, it is marked by a series of security layers, according to Matthias Eckermann, SUSE Linux Server Product Manager for Novell (Nasdaq: NOVL). Some distros have more layers than others.
"What makes some distros more secure than others is how those layers are applied. That is the result of a series of factors that include the product's production, its structure or architecture, how configurable it is, and how it is serviced," Eckermann told LinuxInsider.
The special security sauce that SUSE engineers add to configure the company's version of the Linux OS with a minimum set of daemons running. The more running daemons there are, the greater the security risk, said Eckermann.
"Security is a process. This provides users with an infrastructure to maintain and increase their security," he said
Security Syrup
Novell's engineers developed SUSE's architecture to minimize the need for open access. That distro has three levels of permissions to open or close the system, noted Eckermann.
For instance, the hardening of the platform is handled by the Yost package system. That makes intrusions more difficult to achieve, he said. A minimum package load starts at 80 packages running for a more lightweight security level.
Also, security choices are integrated into the architecture of SUSE. For example, customers can configure the password aging and the number of daemons running.
Caution Needed
"One of the really strong points with Linux is the user can custom compile a unique version to suit specific corporate needs. That is the beauty of using Linux," explained Enders.
But it is also its sticking point. To harden whatever distro you use, you really need to be a systems expert.
"You must really know what you are doing. Otherwise, you could break something in the architecture and be worse off than when you started," warned Enders.
Selecting Settings
For OSes to be secure, you need to limit the number of operations that are allowed to run. So when you hear about hardening an operating system, that generally refers to reducing the number of operations, according to Charles Kolodgy, research vice president for secure products at research firm IDC.
"Some are just turned off. The better solution is not to load them when the operating system is installed," he told LinuxInsider.
For a secure OS to work, you need to know exactly what operations are needed and which can be discarded. All OSes can be hardened or made more secure. The Unix based operating systems -- including Linux of course -- have more controls built into the OS that allow for more secure customization.
"That is why there have been different secure versions," he said.
Powerful and Complex
Linux is very complex with many touch points. The security issue cuts both ways, Enders explained.
For example, out of the box, a lot of the special network security might not work. One wrong flip of a setting switch can make any distro less secure.
"But that happens in any OS. For instance, even Windows lets you disable the firewall," he said.
Security Is as Security Does
One such ultra-secure option is Lightweight Portable Security (LPS). It boots from an external source such as a thumbdrive from an Intel-based PC or Mac computer. Once loaded, it forms a secure end node. The Software Protection Initiative created LPS under the direction of the Air Force Research Laboratory and the DoD.
It boots a thin Linux operating system but does not mount a local hard drive. It does not install anything and assigns no administrator privileges. LPS comes in three versions. LPS-Public uses Web-based applications. LPS-Public Deluxe adds OpenOffice and Adobe (Nasdaq: ADBE) Reader software. LPS-Remote Access only accesses VPN connections (Virtual Private Networks).
"The Lightweight Portable Security is nothing more than a version of Linux that can be booted from a USB drive or CD. It is primarily used in an environment where you want to make sure you have total control of a machine", said Kolodgy.
Enhanced Security Linux
Security Enhanced Linux, or SELinux, is another ultra-secure Linux option. It came out of the NSA to build in Mandatory Access Controls, according to Kolodgy.
"In that way everything the OS does is controlled by policy, and if a person or applications don't have the proper access, they will not be able to get data and/or run programs. You generally wouldn't run this for a whole system, but restrict it to critical systems, like databases," he said.
He is not sure if LPS is more secure than SELinux or other Linux distros. But since LPS is being booted from a USB drive, the set of operations would be more limited as to not make booting take too long. It also avoids any conflicts with installed hardware, he added.
Using Ultra-Secure Linux
Does ultra-secure Linux really make Linux more secure? Ultimately, the question of which Linux version to use when the first priority is security may be a moot point.
"I don't think there is any one release that is better than the others. Most are based on the SELinux work," Kolodgy concluded.
If you narrow your choice to LPS or SEL, one may or may not be better than the other.
The Rundown
The LPS is a great project. If you need something secure, too often the inclination is to build it yourself, from scratch. The LPS folks have been very smart about taking all the excellent open source solutions that already exist, and configuring them to be used in a way that's useful for the DOD, and then sharing their work," Gunnar Hellekson, Red Hat's (NYSE: RHT) public sector chief technology strategist, told LinuxInsider.
SELinux is not its own distribution. It is a subsystem of plain-vanilla Linux. SELinux is included in all kinds of Linux distributions, including Red Hat Enterprise Linux, he said.
That said, SELinux provides mandatory access controls. That means that you have fine-grained control over what applications are permitted to do to the system, he explained.
"So if I have an SELinux policy that controls Apache, I can say that Apache may work with this network port, write to a log file, and read this Web content from disk. If someone compromises Apache, even if it's running as root, they'd still only be able to do what SELinux says they can do. So it's very useful -- and mandatory if you want to meet the Common Criteria requirements that the government needs," he concluded.
"If this doesn't show Mozilla has lost their way, frankly I don't know what does," said Slashdot blogger hairyfeet. "Remember when Firefox was supposed to be the 'fast, light' browser? What happened? I'll tell ya: They got a bad case of Chrome envy and have been shooting themselves in the foot ever since."
HowStuffWorks for iPad is a seemingly endless supply of information and explanation about anything from movie stunts to quantum physics. It surrounds you with information in a variety of media forms, and it just makes you want to learn more and more, bit by bit, about everything. It seems more like an entertainment app than a practical how-to guide, but it sure is 
What's the more? More information about less-mechanical things, like how lying works, how makeup works, the top five most poisonous plants, and communicating with animals. HowStuffWorks is like a giant cornucopia spilled out over your desk, the floor, and when you want more, you just tap away on your iPad to dislodge a few new explanations, like signals from black holes or how to fix a small drywall hole.
This is like watching divorce court, in that neither side is being reasonable, both come across as a bit nuts, neither wants to admit they are equally to blame, or to pay for the mess they created. This has been great for Twitter, which now seems to be fomenting the kind of revolution that was such a big hit in Egypt. It is kind of gutsy for politicians to create demand for a party that might have barbecued lawmakers as appetizers.
GSA and EPA will establish multi-stakeholder groups -- including IT equipment vendors -- to address key research questions and design challenges, and accelerate the development of and investments in green electronics design standards. GSA will "more effectively direct federal government spending on electronics toward green products through procurement changes," according to a benchmark document it released.
When a child goes missing, parents and other caregivers must immediately give relevant identifying information to the police -- height, weight, hair color, eye color, birthmarks, etc. In the panic that often surrounds such moments, that information may not come together as quickly as it needs to. The FBI's latest contribution to the App Store is intended to address that.
The premise for the app is this: When a child goes missing, precious time is wasted while frantic parents, grandparents or caregivers gather relevant information for the authorities to aid their search. It seems like simple things like hair color and eye color and photos would be in their minds ready to share, but I imagine they could be difficult to say when your child has disappeared. This app not only aims to help keep those details handy, but it compiles additional key details like height, weight, and any other identifying characteristics, like birthmarks.
Socially engineered attacks are a highly effective vector for cybercriminals. Using highly versatile social engineering techniques, attackers can exploit an online professional network to target employees who are not likely to be data security experts, but who may have access to various essential data resources stored within the organization's network.
I'm starting to wonder -- especially if corporate recruiters ultimately come to favor Facebook over LinkedIn -- if we're quickly approaching the day when it will be impossible to maintain distinct professional and personal personas. ... While LinkedIn is widely recognized as the premier social network for professionals, it hasn't inspired the type of emotional connection that users seem to have with Facebook.
"I see Linux going into a smaller, simpler OS, with a good base of apps integrated to the web," predicted Mobile Raptor blogger Roberto Lim. "The standard for ease of use won't be how close it is to MS Windows and Office, but how similar it is to the iPhone or Android." The home desktop is "soon to be extinct," Lim concluded. "So, Linux in a decade: 'Android' on a laptop. Somewhere between Chrome OS and Windows."
Scientists have found a way to force ions into a state of quantum entanglement by using microwaves rather than the typical lasers. The development could point the way not only toward the creation of quantum computers, but also the miniaturization of quantum computers. This research marks the first time that microwave sources were positioned close enough to the ions to enable entanglement.
