Linux needs proper installation and configuration to be fully secure
Get Safe Online recently reported the following via twitter:
Linux needs proper installation and configuration to be fully secure ow.ly/bQ76y
— Get Safe Online (@GetSafeOnline) June 27, 2012
This should not be a surprise.
There has been a long running rhetorical question asked by some of the firewall and security experts I have worked with. What is better:
- A top spec firewall, poorly configured
- A low spec firewall, well configured
The correct answer should be the latter bullet (provided the low specification means you have the capabilities you need to meet the anticipated threats). If the best firewall in the world is configured to “let all traffic through”, it is not going to provide much security.
The same is true for any operating system, not just Linux. If it is poorly configured, then it runs the risk in being used in a way other than intended, often leading to a security issue.
This is a message I was keen for Nexor to embrace when we started to deliver Linux solutions, it was of little benefit to our customers if we provided great software that was deployed poorly. It is for the reason CyberShield Secure™ was developed, to make sure the solution development cycle is a full life cycle, including delivery and through life support.
This article was originally posted on the Cyber Matters blog – which gives “bite-size insight on cyber security for the not too technical”.
Author Bio - Colin Robbins
Colin Robbins is a Principal Security Consultant at Nexor. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.
Be the first to know about developments in secure information exchange