Linux needs proper installation and configuration to be fully secure

August 2012

Get Safe Online recently reported the following via twitter:

Linux needs proper installation and configuration to be fully secure ow.ly/bQ76y

— Get Safe Online (@GetSafeOnline) June 27, 2012

This should not be a surprise.

There has been a long running rhetorical question asked by some of the firewall and security experts I have worked with. What is better:

A top spec firewall, poorly configured
A low spec firewall, well configured

The correct answer should be the latter bullet (provided the low specification means you have the capabilities you need to meet the anticipated threats). If the best firewall in the world is configured to “let all traffic through”, it is not going to provide much security.

The same is true for any operating system, not just Linux. If it is poorly configured, then it runs the risk in being used in a way other than intended, often leading to a security issue.

This is a message I was keen for Nexor to embrace when we started to deliver Linux solutions, it was of little benefit to our customers if we provided great software that was deployed poorly. It is for the reason CyberShield Secure™ was developed, to make sure the solution development cycle is a full life cycle, including delivery and through life support.

Author Bio – Colin Robbins

Colin Robbins is Nexor’s Managing Security Consultant. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP) and Security Auditor (Senior CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.