Work Ready Linux

posted onSeptember 9, 2001
by hitbsecnews

Since its debut in 1991, Linux has continued to quickly evolve as a desktop alternative
operating system, as well as an alternative network OS. We looked at four popular Linux distributions --
Caldera OpenLinux Server 3.1, Mandrake ProSuite 8.0, Red Hat Professional Server 7.1 and SuSE Linux
Professional 7.2 -- to see how they worked alongside Windows NT, the technology most likely to be used on
the same class of hardware as that used for most Linux installations.

We were particularly interested in how Linux behaved in key networking and Internet application support situations. In testing the latest versions, we found that there were significant differences, even though all of the tools are based on the same Linux core. From Red Hat's support to Caldera's installation ease and SuSE's strong security and administration, each distribution has features tailored to a particular set of needs and a company's place along the Linux adoption curve.

As a group, the programs showed tremendous polish, feature depth and maturity, though there were at least a few key areas in which Microsoft's approach proved superior.

Many people confuse an operating system with its graphical user interface. Although the GUI is not the only part of an operating system, many IT professionals and system administrators are now much more comfortable working with a GUI than with a command line. And having a graphical interface helps many people to visualize and better familiarize themselves with the system. Because of this, we based our testing and evaluation on GUI administration rather than on command-line interface tools.

We focused on how well Linux played in an existing NT environment network, what new features were provided in each distribution and how easy each package was to install, use and manage. We tested them on a Compaq ProLiant ML350, with a 933-MHz Pentium III processor, a 9-GB SCSI hard drive and 256 MB of RAM.

Caldera is ideal for secure remote administration, but it lacks some easy setup tools for firewall and local graphical managing tools.

Mandrake is probably the easiest tool for those making a transition from Windows. It provides a lot of similar administrative tools and a GUI that makes Windows users feel right at home.

Red Hat is a good overall package with good documentation, and its RPM format certainly makes installing new software easier. Because it's still one of the most widely used Linux distributions, there's better feedback on bugs, as well as quicker patches.

SuSE's Linux Professional offers the best security software. It comes with not only two software firewalls, but also a well-written system configuration manual. SuSE also has a managing tool that's similar to the Windows Control Panel.

Installation And Security
The Linux installation experience has been greatly improved, thanks to new installation scripts and programs. It was easy to set up the server by selecting from a set of choices or drop-down menus. Caldera even provides an Unattended mode for installation, requiring only a click of a button.

Remarkably, all of the Linux installations took significantly less time on the ProLiant than a standard Windows NT or Windows 2000 Server installation would take. The Linux installation time was between 15 and 25 minutes.

None of the products had any problem recognizing the hardware or automatically installing the appropriate driver. In fact, after installing Red Hat, we decided to replace the Ethernet card with a Gigabit Ethernet card.

When we rebooted Red Hat, we were ready to deal with a text-based command-line configuration tool to load the driver manually. To our surprise, a pop-up message told us that the Ethernet card had been removed. After we confirmed, another message popped up and informed us that the new Gigabit Ethernet card was now installed and that the appropriate driver would be loaded. After prompting us, Red Hat completed the task and booted into the OS. This feature will save a lot of headaches when you add new hardware or upgrade servers.

All the Linux distributions came with at least seven CDs. But does quantity equal quality? Probably not. Because some of the software included in each distribution is open-source and some is commercial, the quality and stability of the software varies.

Vendor-specific proprietary software in the package makes it difficult to choose a good software combination that would guarantee the server's stability and performance. The ultimate combination might be to pull some software from each of the distributions, which is one of the advantages open-source should offer.

In reality, you'll need to look at the features offered in each distribution in light of your staff's experience level and requirements.

Despite the improvements in installation and GUI administration tools, remember that Linux system administration calls for an approach different from the one Windows requires. It takes a steep learning curve to unleash the hidden power of this Unix clone.

Has Linux made the migration easy for Windows users? The answer is no. To our disappointment, none of the Linux apps had migration tools to port the existing NT or Windows users and profiles. In contrast, Windows 2000 Server has a tool that migrates the user profiles from a standard Unix environment. This valuable Windows tool will save many hours of repetitive data entry and phone calls.

Does Linux provide more innovative and better user management than Windows? The answer is still no. Although user management on Linux can be done through command line and scripting, as far as graphical interface goes, Linux offers the exact same thing as Windows. The user management tool in each of the distributions offers a point-and-click approach. This is sufficient for managing small numbers of users, but when that number grows to the hundreds or even thousands, one can easily spend hours clicking the day away.

Microsoft products have a reputation for being incompatible with competing technologies and sometimes with their own products. we found Linux to be the opposite. The Linux server we set up worked smoothly with the other Unix systems in our labs and had no problem accessing the resources on the NT network, from the printer server to the local file sharing.

Although it may seem that Linux doesn't offer advantages over Windows NT in user management, Linux is definitely superior in security. Thanks to the file system and the new 2.4 kernel, Linux systems are much more secure than any "out of the box" Windows products.

One of the previous security concerns with most Linux distributions was that most (if not all) of the OS's core services were activated by default. This usually leaves the system wide open to malicious attackers. Fortunately, the Linux publishers have begun taking security into account in their newer versions.

Mandrake, Red Hat and SuSE come with an easy-setup security option during installation; all three products offer similar choices: low (personal desktop), medium (network client), high (network server) and custom security settings.

We were pleased with most of the available settings. The default controls in the high security setting should satisfy most network servers, and the medium settings will protect the client desktops from intruders.

Caldera
Caldera forgot to send us the documentation. All we received was a small box with a thin installation manual. Fortunately, there were enough help files and documentation at the Web site.

Caldera's OpenLinux Server 3.1 offers several installation options. When we chose the standard installation, Caldera's installer, Lizard, was launched.

The Lizard's best feature is that after you choose the packages to install, the installation happens in the background while you continue to configure the network settings, mouse, printer, user name and password. If you finish before the installation is completed, you're rewarded with a game of solitaire. Lizard definitely made the Caldera installation faster than other distributions.

Lizard also shines in its network detection. After we entered the static IP number in the network configuration, it automatically detected the address of our gateway and DNS server and automatically filled in the DNS name entry for this particular IP. Automatic detection saves a lot of tedious typing and looking up the host name for each IP address, thus preventing entry errors.

Caldera comes with a preconfigured setup for Webmin, a remote administrative tool that turns any Web browser into an administrative terminal. This makes remote administration easy and secure.

Caldera has the Webmin default settings SSL turned on, keeping the entire session encrypted and secure.

Other features, such as IP Access Control and a Secure Shell (SSH) login applet, also enhance the security of Caldera remote administration.

Ironically, although Caldera provides a secure remote administration tool, it lacks an easy-setup firewall program. It was the only distribution that didn't let us configure the firewall setup during the standard installation. And after installation, we couldn't find any firewall software installed on the system by default.

For local graphical administration, Caldera uses the standard KDE2 package, featuring facilities such as KUPS for printer configuration. The downsides of this approach are KDE2's headache-causing immaturity and bugs that occur when trying to perform a certain task. We tried to use KUPS to add a network printer, only to have the application crash every time we attempted to configure the printer properties. Caldera is the only distribution that didn't have a custom control panel.

If remote administration is important in your daily operation, Caldera provides a nice bundle of features. The only tool you need is a Web browser.

Mandrake
People who are familiar with Windows will be comfortable using Mandrake's ProSuite 8.0. Not only does the K in KDE desktop correspond to the Windows key on the keyboard, it also has a Mandrake Control Center that mimics the Windows Control Panel, making it easy to add, remove and manage software and hardware.

Unfortunately, the Mandrake Control Center suffered from some minor bugs--probably rooted in KDE2--and crashed periodically.

Mandrake provided a Web interface for administrative tasks such as adding a printer or managing user groups. But each task involved connecting to a different port, which can become tedious and frustrating at times trying to remember what port corresponds to which service.

It would have been helpful if Mandrake included an overall administrative package like Webmin to manage all of the services.

On the security front end, Mandrake comes with tinyFirewall, which can be configured during installation by simply choosing low, medium or high security. Unfortunately, tinyFirewall wasn't as easy to configure, either for blocking specific ports or setting more sophisticated rules, as the firewalls included with other distributions.

Given the strategy of most organizations, it's unlikely that you're considering replacing Windows on the desktop with Linux. But if you're considering changing your client operating system to Linux, Mandrake is your best bet because of its similarity to Windows.

Red Hat
Red Hat is the Linux distribution that has the largest installed base. This translates into faster bug reports and patches and a larger knowledge support base. Red Hat Network also provides excellent online system support, including software management, updates and security alerts.

Red Hat Professional Server 7.1 comes with a free 10-system Red Hat Network subscription. Every additional system subscription costs $19.95 a month.

Red Hat also comes with a wide range of language support, from the common European languages (French, German) to Asian languages including Traditional Chinese and Korean.

It ships with an impressive nine CDs and five manuals. The customization guide was unique among the products we tested and well-written.

Red Hat's firewall was the easiest to set up. It was simple to choose to disable the firewall, medium or high security level. Custom settings let users specify what services to accept (SSH, Telnet) and what ports to block or to enable. Even beginners will find this firewall utility easy to configure and administer.

The Red Hat distribution includes a custom control panel that looks similar to the Windows control panel. Combined with the linuxconf tool and Red Hat's Package Manager (RPM), managing the system is easy.

Good documentation, a large knowledge base and the new Red Hat Network program make Red Hat a good overall package. If you want a safe product that has a good support policy and is well-documented, or you aren't sure what Linux distribution to use, Red Hat is the best choice.

SuSE
SuSE's Linux Professional comes with YaST (Yet another Setup Tool), perhaps the best installer among any of the tested products for choosing individual packages. YaST provides a convenient listing of all packages, their sizes, their description and even their path. SuSE 7.2 comes with two firewalls: SuSEfirewall and personal firewall. Both are installed by default.

In addition to the two firewalls, SuSE provides yet another layer of security at the file system level. The file system security, like the firewalls, comes with three simple-to-understand settings: easy, secure and paranoid. SuSE also provides in-depth documentation on how to configure both the two firewalls and your system to achieve maximum security.

SuSE provides a YaST2 tool, similar to Windows' control panel, for easy graphical administration and management. YaST is one of the smartest management tools we've ever used. When adding a new network printer, YaST automatically lists all the servers found on the current network, with their names. All we had to do was locate and then click on the name of our print server.

SuSE also has some of the best documentation we've encountered, complete with five manuals covering applications, configurations, installation, network and references.

The application manual walks you through getting around CD burning, sound configuration and scanning. The network manual has a chapter on network security and how to configure the two firewalls and related networking software.

Different tech support options are also offered. Professional Services provide event-oriented help, while Business and Advanced Support is a per-hour service.

With the lowest price tag in this comparison--less than $100--two firewalls and the YaST smart-management tool, SuSE is a great buy for small businesses on tight budgets, or larger businesses looking for an operating system that can hide on most expense accounts.

Wider Scope
Advocates preach about how Linux empowers users with freedom of choice. Indeed, now users have a wide choice of Linux products, and thanks to the ever-evolving fast-paced Linux community, Linux is more user-friendly and easier to manage than ever before.

The most important comparison, though, is not between Linux then and now, but between Linux and its closest commercial competitor, Windows NT.

Is Linux right for your business? If your business requires working with multiple platforms, and customization, stability and security, and your organization is willing to take on the potentially steep learning curve, then Linux has evolved as a useful alternative to commercial operating systems.

If your organization and its needs don't fit this description, then you're probably safer staying with Windows NT products...for now.

Joshua Kuo is a network specialist in the Advanced Network Computing Laboratory at the University of Hawaii at Manoa. He can be reached at joshkuo@hotmail.com

Internet Week.

Source

Tags

Red Hat

You May Also Like

Other Articles In This Section

Recent News

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts