Everyone Needs Backup

ITworld.com's Linux Security newsletter has been without a regular

author for a while but that's about to change. As of this issue, I'll

be writing this column every week. I currently plan on covering a

variety of topics from specific Linux security commands, programs,

products, and configurations to non-technical ramblings about the

problems that Linux security folks face in the real world. If you have

anything specific you'd like to see covered, would like me to clarify

things, or think I'm completely off my rocker, please drop me a line at


Anyone who has watched TV has eventually watched a show about two

faithful cops, spies, or private-eye partners. Crockett had Tubs,

Starsky had Hutch, and Cagney had Lacy. When things got tough, they

always knew they had someone who could help them out of whatever mess

they'd fallen into. The world of Linux security is no different. For

me, that person is my partner-in-crime, James Lee. True, "Hatch and

Lee" doesn't have the same ring as "Steed and Peel", but it's too late

to bring in a screenwriter to make us sound glamorous.

Most folks in the computer industry consider themselves good, if not

experts, in their fields. As such, sharing responsibility doesn't come

easy. Most folks in charge of security would prefer to manage

everything themselves, rather than work with others and share the

power. While this is good for their job security, it is bad for

computer security.

Having someone else who you can call on in a pinch is a must. Times

will arise when you are unable to fix a security problem because you

are away on vacation, your home network access has gone south, or

you're waiting in line for tickets to the next Lord of the Rings movie.

Security concerns are even more time sensitive than normal

administrative hassles. Not patching the latest BIND bug because you

are on a beach can be a disaster when the next worm is developed.

Another benefit of a good backup person can be found in the tenet of

Open Source: With enough eyes, all bugs are shallow. When your trusted,

equally-paranoid partner takes a look at your iptables entries next

time something needs fixing, he may find mistakes that you didn't

intend or notice that "temporary" hole you opened up and forgot to


If you fit into the paranoid-administrator category (of which I proudly

consider myself a member), then take an introspective moment and decide

whom you would trust with your root password(s). Ideally, you should

find someone who knows as much as you do about Linux and security. Have

them check out your system's configuration. They likely have different

ways of doing things; by comparing notes, you can both learn from each


Make sure that the coverage is bi-directional. Though helping them out

in their time of need may be inconvenient, realize building up good

Karma is crucial so that they are there for you when you need them.

Never underestimate the usefulness of "you owe me one".

Finally, set up your security alerts to go to both you and your backup

so they can see what your machine looks like under normal

circumstances. Once you're sure they know your system, take an extended

trip to Hawaii and see if your trust was well founded.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon