Denial of Service attacks: Linux to the rescue?

Security firm TripWire is cannonballing into the open-source waters, with a friendly push from major Linux vendors Caldera Systems, Red Hat and SGI
Written by Steven J.Vaughan Nichols, Contributor

Security mavens have long agreed that open-source security is the best security. It's a pity that their bosses usually disagree. Until now, that is. TripWire, long a free-software proponent, has decided to cannonball into the open-source waters.

TripWire won't be alone as it opens its flagship integrity-assessment program. Major Linux vendors Caldera Systems, Red Hat and SGI will accompany the security company in an open-source plunge. The three Linux powerhouses are partnering with TripWire to incorporate the open-source TripWire into their server Linux OS lines. Expect to see TripWire security in each company's fall Linux release.

The TripWire open-source program will be available in the third quarter. The main site will go live on the afternoon of 29 February. TripWire's open-source development, however, will be hosted on VA Linux Systems' SourceForge.

While other security systems, like the Kerberos secure log-in system, started as open Internet Engineering Task Force standards, TripWire is the first commercial, mainstream security product to go open source.

The company also is partnering with VA Linux Systems As a member of VA's new Linux Solutions Program for ISVs, the firm also will get development resources and co-marketing opportunities.

The latest version of TripWire, 2.2.1, is the open-source product's foundation. That program defends its systems with integrity assessment. With this technology, TripWire's first wall is intrusion detection. That is reinforced by constant monitoring for unauthorised system change. For example, TripWire tripped up distributed denial-of-service (DDoS) Trojan infections by finding the obnoxious programs hidden deep in the operating system. Once discovered, the system administrator can rip those programs out.

TripWire goes beyond just trying to prevent intrusions. It also tracks attacks, so you'll know exactly what happened. It gives you an evidence chain, allowing you to find and terminate the original attacker with extreme prejudice.

This program is already available in binary for Compaq TRU64 4.0; HP-UX, versions 10.20 and 11.00; IBM AIX, 4.2 and up; SGI Irix, version 6.5; Solaris 2.6 and 7.0; and Windows NT 4.0. A source-code version already was made available for users of Red Hat Linux 5.2 and up. Although not approved formally, that version also would run on Caldera, Debian and SuSE systems with Linux kernel 2.0.36 or higher.

TripWire has been around since 1992, when it was developed at Purdue University by leading security experts Eugene Spafford and Gene Kim, TripWire's chief technology officer. From there it rapidly became a popular academic and commercial security system. As Paul McNamara, general manager of Red Hat's Enterprise Business Unit, said, "Tripwire has been one of the best-of-breed security products since its inception... and has one of the most-well-recognised brands in security."

Although springing from academia, TripWire has not been slow in getting up to speed in the Internet economy. Besides this current deal, which promises to launch the company to new heights of recognition, TripWire obtained $9 million in venture-capital funds on Feb. 22 from Advanced Technology Ventures, Bessemer Venture Partners, Garage.com and Kyocera.

In a world where e-commerce has been rocked by recent DDoS attacks, TripWire -- and resellers that support it -- should do well. According to Ransom Love, president and CEO of Caldera Systems, secure business Linux "is mission-critical, particularly in lieu of the last few weeks and the denial-of-service attacks. TripWire and Caldera are in a unique position where together we can drive and deploy security and a sense of trust from the data centre to the desktop."

The other partners would disagree on Caldera's primacy, but not on the general concept. That is a view that's not held by just TripWire's partners. Anyone worried about securing their sites from DDoS and other assaults must agree, as well.

What do you think? Tell the Mailroom. And read what others have said.

Take me to the Linux Lounge.

Editorial standards