Language Selection

English French German Italian Portuguese Spanish

Becoming a "Linux Security Artist"

Filed under

After forty years in the commercial computing business, the one idea that has been drilled into me by security professionals is the fact that there is no such thing as a secure computer system, only levels of insecurity. Therefore the cost of keeping the information and system secure has to be balanced with the cost of losing that information or system, or having it damaged. Unfortunately the speed and availability of the Internet combined with the low cost of very powerful computers and network services have made the cost of “cracking” go down and the cost of “securing” go up.

The most important thing in a secure system is to have a good security policy. Without that, you are lost and will wander ineffectively. Therefore you have to give thought as to who will be able to do what, whether those limitations are discretionary or mandatory and how you will implement and enforce those policies. A good example of not having a good policy is the company that forces all of their employees to have long, complicated passwords that change once a week, but tolerate people writing their passwords on sticky notes and pasting it on their LCD panels “because they can not remember the passwords.”

The next most important things are a good set of security tools and people trained to deploy them and monitor their output.

More in Tux Machines

Parsix GNU/Linux 8.10 "Erik" & 8.15 "Nev" Receive Latest Debian Security Updates

After releasing the first Test build of the upcoming Parsix GNU/Linux 8.15 "Nev" operating system a couple of days ago, today, October 23, 2016, the Parsix GNU/Linux development team announced the availability of new security updates for all supported Parsix GNU/Linux releases. Parsix GNU/Linux 8.10 "Erik" is the current stable release of the Debian-based operating system, and it relies on the Debian Stable (Debian GNU/Linux 8 "Jessie") software repositories. On the other hand Parsix GNU/Linux 8.15 "Nev" is the next major version, which right now is in development, but receives the same updates as the former. Read more

Chakra GNU/Linux Users Receive KDE Plasma 5.8.2 and KDE Apps 16.08.2, Lots More

With great pleasure, Chakra GNU/Linux developers Neofytos Kolokotronis informed the community about the latest open source software projects and technologies that landed in the stable repositories of the distribution originally based on Arch Linux. Just like Arch Linux, Chakra GNU/Linux is a rolling operating system, which means that users always receive the latest updates without having to download a new ISO image and reinstall. And today, we're happy to inform our Chakra GNU/Linux users that they've received the newest KDE Plasma 5.8.2 LTS desktop environment. Read more

Linux 4.9-rc2

  • Linux 4.9-rc2
    I'm back on my usual Sunday afternoon release schedule, and 4.9-rc2 is out. My favorite new feature that I called out in the rc1 announcement (the virtually mapped stacks) is possibly implicated in some crashes that Dave Jones has been trying to figure out, so if you want to be helpful and try to see if you can give more data, please make sure to enable CONFIG_VMAP_STACK. .. and on the other hand, if you want to just not have to worry about _that_ particular issue, disable the virtually mapped stacks it for now, but please do help test. Because 4.9 is obviously shaping up to be a big release (I haven't done the actual stats yet, but I think it's the biggest in number of commits we've ever had), and I think Greg is also planning on making it an LTS release. The two may be related, with people pushing to get their stuff ready. Regardless, the more people who help test, and the earlier in the rc series those people start testing, the better off we'll be. Hint hint. Ok, enough about that. rc2 itself isn't huge, but that's a fairly common pattern: either people just take a breather after the merge window, or it simply takes a while for the fallout of new code to be found, so rc2 is usually a fairly small rc. But we have stuff pretty much all over the map: drivers dominate (gpu drivers stand out, but there's ipmi, clocksource, mmc, pinctrl, HID, scsi, nvme .. you name it). Add some architecture updates (x86 and arm64) and a few filesystems (ext4, nfs, ceph, f2fs), and some VM cleanups and one big fix, and you've covered most of it. The appended shortlog gives the details, and for even more detail you can always go to the git tree itself. Linus
  • Linus Torvalds Announces the Second Release Candidate of Linux Kernel 4.9 LTS
    It's still Sunday in the US, which means that it's time for you to take yet another RC (Release Candidate) milestone of the upcoming Linux 4.9 kernel release for a test drive. That's right, Linus Torvalds just announced the second Release Candidate for Linux kernel 4.9, which lands eight days after the first one and appears to be fairly normal development snapshot that includes lots of updated drivers, mostly for GPU, but also HID, SCSI, MMC, PINCTRL, IMPI, and clocksource, various x86 and ARM64 architecture updates, improvemnts to the EXT4, F2FS, Ceph, and NFS filesystems, and some VM cleanups.
  • Linux 4.9-rc2 Kernel Released
    Linux 4.9-rc2 is now available as the latest test release of this forthcoming kernel update. Over the past week there's been a fair number of merges of bug/regression fixes for this stage of Linux 4.9 development, one week since the closure of the merge window. We've already written a lot about Linux 4.9, including our detailed Linux 4.9 feature overview for those interested in the fun changes of this next kernel release.