Linux Security

GNU/Linux for servers and desk-top is well suited for sensitive computer systems. Its security mechanisms are challenged on a daily basis from script kiddies and 'professional' hackers. Although this is not a very pleasant way of getting your system tested, it is a very efficient way. A system that is deployed in a few hundred to maybe a thousand devices will hardly be tested as extensively as the GNU/Linux system. This means that an embedded Linux or realtime Linux system is relying on the same mechanisms that are being used in servers and desk-top systems. This high degree of testing and, at the same time, the full transparence of the mechanisms in use, due to source code availability, make a GNU/Linux system well-suited for systems with high security demands. Standard services that a Linux system can provide:

• Firewalling and network filtering capabilities
• kernel based and user-space intrusion detection
• kernel level fine grain capabilities allowing for precise access control to system resources
• user level permissions and strong password protection
• secure network services
• well configurable system logging facilities

These possibilities taken together allow not only monitoring systems with respect to current actions taking place and intervening if theses are inappropriate, but also for detection of system tendencies and response to developments far before failure occurs. This tendency monitoring covers hardware (e.g. temperature detection or system RAM testing) as well as monitoring system parameters like free RAM, free disc-space or timing parameters within the system (e.g. network response time to ICMP package). A vast majority of the hardware related failures are not abrupt, but develop slowly and are on principle detectable - having an embedded OS/RTOS that can provide this service can improve the system reliability as well as the systems security.