Enterprise Unix Roundup: Securing the Future of Unix

By Brian Proffitt (Send Email)
Posted Dec 20, 2006


As 2006 careens to an end, various Unix vendors are polishing and tightening their offerings. Will standards and security be watchwords for Unix in 2007?

Brian Proffitt

As 2006 careens to an end, various Unix vendors are polishing and tightening their offerings. It's safe to predict that next year will be a good one for Unix users, with standards and security becoming watchwords for Unix in 2007.

This week saw a big-deal update to Hewlett-Packard's Unix flavor, HP-UX 11i, that included new encrypted volume and file system support to store data in an encrypted format, as opposed to out in the clear. This new process will take advantage of the Itanium platform on HP's native Integrity servers to deliver this feature with lower processing overhead, according to HP.

Because the encryption is handled by the platform itself, it doesn't cut into storage. Additional disk-drive spins are not needed to handle the job. Of course, it doesn't hurt that HP is going to add Trusted Computing chips to some of its Integrity servers' processors, which will give HP-UX that much more security. A nice arrangement, but somewhat contradictory to the whole "commodity" marketing line HP is touting about the legacy storage with encryption. Still, it's there for those who want it.

HP's developers also snapped in a Bastille security management system — a question-and-answer configuration routine modeled after the Bastille Linux distribution. Finally, access control features were added to this update of 11i v2.

Curiously, this roll-out is just a few months before the planned major release of 11i v3, which promises to add HP-UX to the Unix 03 specification and standards club, along with rivals IBM's AIX 5L and Sun Microsystems' Solaris 10. This compliance, which Roundup examined two weeks ago, will make it easier for software vendors to write applications able to run on any of these Unix 03-certified operating systems.

If such compliance is maintained, it could give Unix a leg up on its cousin and rival, Linux, as compliance across the various commercial Linux distributions, particularly through the Linux Standard Base, is not as tightly maintained as it could be.

As tight as HP-UX is though, this week also saw a stark reminder that no matter how locked down a system is, there's always someone out there who will try to get past its defenses.

When Franklin Lakes, N.J. based Medco spun off from pharmaceutical giant Merck & Co. in 2003, a disgruntled systems administrator, fearing a layoff, allegedly planted a logic bomb in more than 70 of the company's HP-UX servers. Even after Yung-Hsun Lin remained unaffected by his company's new status, he supposedly left the logic bomb in place to go off on his birthday in April 2004.

A programming error fizzled the bomb out in 2004, which was a good thing, since the servers held critical patient and drug interaction databases. Incredibly, even after keeping his job, Lin apparently went back in and tried to reset the bomb to go off on his next birthday, in 2005. The company eventually clued in to what was going on, and this week, Lin found himself facing federal charges of fraud related to activity in connection with computers.

In all, 2006 was a pretty steady year for Unix. It's still losing deployment ground to Linux and Windows, but the Unix vendors aren't even close to giving up. As long as Unix is tied to non-commodity boxes, there will always be a reason for vendors to try to keep Unix alive.

So, by all means, let's keep those security features coming.

Last week, Solaris 10 beefed up its security mojo. The features of the once-separate Trusted Solaris operating system were merged into the mainline Solaris 10 OS as Trusted Extentions, which is part of Update 2.

In addition, Update 2's installation routine was changed. Now, features are turned off by default when Solaris 10 is installed. The only thing that you can do by default is boot the system and login. If you want anything on, you have to click the switch yourself. This is a simple change, but you wouldn't believe how many times default-opened ports bite users on the you-know-what.

Sun is probably feeling good about Solaris 10, beyond the positive feedback it's getting in the IT community for this latest update. That's because another analyst firm, the Gabriel Consulting Group, released the results of its Unix Vendor Preference Survey last week. In that survey report, Solaris was way behind AIX and HP-UX in 2005. In 2006, though, Solaris was in the number two spot, not far from number-one AIX.

According to Gabriel's report, IBM got top marks in several categories as the favored vendor. It also speculated that one of the reasons HP dropped so low is because the survey was conducted this fall, when HP was in the midst of its boardroom scandal, so survey participants may have been unwilling to put "HP" and "trust" in the same sentence.

In all, 2006 was a pretty steady year for Unix. It's still losing deployment ground to Linux and Windows, but the Unix vendors aren't even close to giving up. As long as Unix is tied to non-commodity boxes, there will always be a reason for vendors to try to keep Unix alive.

Brian Proffitt is managing editor of JupiterWeb's Linux/Open Source channel, which includes Linux Today, LinuxPlanet, and AllLinuxDevices.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.