It is a commonly held principle in many areas of business that if you can‘t measure something quantitatively, it will be difficult to raise the quality objectively. The applicability of this statement to the world of IT security is clear. Without having some form of metrics in place, it is tough, if not impossible, to judge whether security is getting better over time.


Linux is a generic term referring to the family of Unix-like computer operating systems that use the Linux kernel. Their development is one of the most prominent examples of free and open source software collaboration; typically all the underlying source code can be used, freely modified, and redistributed, both commercially and non-commercially, by anyone. Linux can be installed on a wide variety of computer hardware, ranging from embedded devices such as mobile phones, smart phones and wristwatches to mainframes and supercomputers. Linux is predominantly known for its use in servers. A Linux-based system is a modular Unix-like operating system. It derives much of its basic design from principles established in Unix during the 1970s and 1980s. Such a system uses a monolithic kernel, the Linux kernel, which handles process control, networking, and peripheral and file system access. Device drivers are either integrated directly with the kernel or added as modules loaded while the system is running.


Home Linux boxes are a prime target of computer hackers, as they are often not well secured, and once compromised they can be used as launching points for a more serious attacks. Compromised boxes can also become DDoS amplifiers, warez servers, or spam relays, to name a few potential abuses. The high bandwidth of cable/DSL connections is another attraction. Users of cable or DSL modems are particularly vulnerable, since their extended connectivity time gives hackers a longer window within which to compromise their host. It is also common for cable users to fall prey to amateur hackers known as “script kiddies” who run automated tools which scan entire subnets for a particular vulnerability. Casting such a wide net, they are invariably successful in finding a few vulnerable hosts which they then use to compromise other hosts. Your anonymity and obscurity do not ensure that your computer will not be targeted.