Language Selection

English French German Italian Portuguese Spanish

SCAP: computer security for the rest of us

Filed under
Security

I'm setting up a new computer. I get through the registration screens, install my software, change my wallpaper, and everything's working fine. I'm left, though, with a lingering, uneasy feeling: I don't know if this machine is secure. I'm a computer guy, so I know how to set up strong passwords and firewalls, but I'm still not sure if I've done everything right. I turn to my vendor, who has hopefully published a hardening guide. If I'm very enthusiastic, I might even follow the NSA's Security and Network Analysis Center Guides. If I do any of these things, I'm already being more diligent that 95% of users out there. And that's a problem.

Personal Responsibility and Its Sworn Enemy, "I have something better to do."

Software vendors makes users responsible for secure configurations. They have to. If Red Hat shipped with every recommended security configuration change already in place, users would mutiny. They'd resent all the additional work required to make their system useful. Choosing default configurations that are secure enough, but not so secure that they annoy users is a delicate balance, and vendors will never get it exactly right. So the responsibility falls to the users.

Unless the user is very security-conscious, they're not going to do anything with that responsibility.

rest here




More in Tux Machines

Solus Linux OS Boots in 1.2 Seconds

The Solus operating system is getting closer to a stable release and its developers are showing off some of the capabilities of the distro, including the boot time, which has got to be the most impressive result out there. Read more

GNOME's LaTeXila TeX/LaTeX Editor App Gets New Features, Prepares for GNOME 3.18

The GNOME Project has released a new development milestone for the LaTeXila software, an open-source TeX and LaTeX editor used by default in the GNOME desktop environment. Read more

Leftovers: Ubuntu Touch

Canonical Patches Two BIND Vulnerabilities in All Supported Ubuntu OSes, Update Now

On July 28, Canonical, through Marc Deslauriers, published details about the availability of a new important update for the BIND packages in the Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems. Read more