Novell moves to secure Linux apps

Not everything Novell does is designed (or so it seems) to make the choice about moving to SuSE as hard as possible for you. This week I want to mention two major efforts by the company that could, perhaps, make your decision easier. One was actually announced a few months ago (but got very little press attention) while the second surfaced just last week. I’ll start with the most recent announcement.

Many longtime NetWare network managers quite rightly look askance at the dearth of security in the Linux world. Novell sought to address this need when it acquired Portland, Ore., security vendor Immunix last May. The fruit of that acquisition, AppArmor, is a technology to secure Web servers, e-mail and instant-messaging systems against network-based attacks from hackers, Trojans and viruses. It has since been incorporate into SuSE Linux 10.0 and SuSE Linux Enterprise Server 9 Service Pack 3.

Last week’s significant event was the creation of the AppArmor project, an open source initiative to promote the use of AppArmor in other non-SuSE Linux distributions, as well as with as many services and applications as possible. The major reason for this release, though, can be seen in this quote from Novell’s press release about the initiative:

“According to a recent report by the SANS Institute, applications have become the primary target of attackers trying to break into business and government networks. AppArmor protects critical data on Linux by making sure application flaws can’t be exploited by attackers, easily protecting applications from intrusions and threats without forcing IT staff to rely on emergency patching. Novell’s project provides security that is simple enough to achieve widespread adoption, instead of being switched off and ignored as often happens with complex access control systems like SELinux.”

SELinux (Security Enhanced Linux) is the preferred security method used by Red Hat, Novell’s biggest competitor in the Linux arena. It’s been cited by some as difficult to implement.

NetWare networks which are converted to Open Enterprise Server-on-SuSE networks get the benefit of AppArmor without this recent move, but anything that can raise the profile of SuSE – and increase its installed base – has to be good for those using OES since it should mean more, and better, available applications and services.

This move should help you without you having to actually do anything. That’s really nice. The other move by Novell, though, will require that you take action. And commit a fair amount of time and effort. More about that next time.