Interview with Mohammed J. Kabir, author of the "Red Hat Linux Survival Guide"
by Mirko Zorz - Wednesday, 17 September 2003.
What's your take on the adoption of Linux in the enterprise? Do you think it will give a boost to security?

Linux is already in many large and small enterprises throughout the world. Corporate adoption to Linux is very important for the growth of Linux as a professional server OS platform.

The consulting arm of my company is dedicated to Linux and other great open source technologies. We have helped many enterprises deploy Linux in their core business functions. It is our professional experience that many CEO/CTO/CIO are more and more aware of the security risks today than ever before. They are now asking for security blue-prints as part of new development or migration, which is good news for their customers. In short, security is finally "in" and it will play an active role in design, development, and deployment of IT infrastructure of the future.

What do you think about the full disclosure of vulnerabilities?

It's a double edged sward. By having full disclosure consumers can gain information about potentially pending risks due to a breaking. This can potentially hurt a business if customers associate break-ins with negligence. Therefore, corporation will have to take a pro-active role in managing information security. IT security funding should grow, which would mean growth in security products and services -- a very good thing.

Unfortunately, full disclosure can also benefit the bad guys. But in the long-run it should do more good than harm.

What's the most careless act in system administration you've ever seen?

My company works in the email space a great deal. We often find system administrators leaving their email servers open for spam relay, which is very careless.

Another common issue we notice frequently is that often site administrators leave PHP error_reporting turned on a production site. This is very dangerous since it can often reveal important information that bad guys can abuse.

What are your plans for the future? Any exciting new projects?

I am currently involved in architecting a new email server solution that promises to improve corporate email communication. As you know, what we call email today has remained unchanged for decades. My company is working on a next-gen email platform that will bring accountability, security, and rules based routing to email in a very user-friendly manner.

On the personal side, I am giving dead-tree publishing a break and working on a few e-books that I plan to publish directly. Currently, I am writing two e-books: Job Tools for Linux and Working with LDAP.

What is your vision for Linux in the future?

Future of Linux is awesome. Linux is growing where IT is growing rapidly. I see a tremendous growth for Linux in Asia. As we all know, India and China have become the "factory" for information technology products and services because of the laws of economics and ready talent.

Interestingly, these countries are switching to Linux fast since most people in these countries cannot afford to pay hundreds of dollars in software licenses. Recently I heard that Japan, China, and Korea are considering making their own OS using Linux as the base. These are exciting changes that will have significant effect on IT worldwide.

Since Asia is learning Linux fast and major software and hardware companies are relocating their development to Asia, it is likely that many future implementation of new software will involve Linux. For example, my company, which has a development center in Dhaka, Bangladesh, plays a small role in promoting Linux in that part of the world. We offers free consultation to local universities and educational institutes that wish to embrace Linux in education.

Finally, I believe that embedded Linux also has a great future as more and more networking and consumer electronic companies will use embedded Linux to drive their products to market. Embedded Linux will help develop products faster, cheaper, and better.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th