A kernel of truth: Linux is not as foolproof as you might think



A world without Linux is hard to imagine. Every Google search we perform is performed on Linux-based servers. Behind the Kindle that we love to read, on the social media sites that we browse every day, is the Linux kernel. Would you believe your ears if I told you that the world’s top 500 supercomputers run Linux? No wonder Linux has entered every aspect of the digital age, let alone its ever-growing corporate user base.

It may be true that Linux only accounts for 9% of total enterprise operating systems, but don’t be fooled by the numbers; most valuable systems, including web servers, routers, and emergency machines, are often trusted with Linux. One could see why, given the global consensus that Linux is the most secure operating system.

The age-old question: what makes Linux secure?

While there are defenses built into the Linux operating system, Linux’s inherent security is generally attributed to its open source nature, strict user privilege model, and various distributions.

Being open-source gives Linux a decisive advantage over Windows and Mac as the source code is constantly monitored by a worldwide community of experts. As a result, security vulnerabilities are constantly identified and fixes are released quickly. As Eric Raymond, open source advocate and author, says, “With enough eyeballs, all bugs are shallow. “

Open source code also means that it can be modified and distributed by any individual or organization. As a result, a wide variety of Linux distributions (distros) are available, each with unique features that provide various options for enterprise users depending on the hardware and software they intend to deploy on their network. Besides satisfying different user requirements, this diversity also makes it difficult for threat actors to create exploits against many Linux systems.

By default, Linux users have low automatic access rights and need additional permissions to open attachments, access files, or adjust kernel options. This makes it harder for attackers to spread malware.

Nonetheless, the growing popularity of Linux has caught the attention of hackers in recent years. The Erebus ransomware and the exploits of the Tsunami backdoor are proof of this.

Linux is not as foolproof as you might think

Deploying a secure operating system for your critical machines makes a difference in your security posture, but it is not a secure guarantee. What if I told you the very factors that make Linux, arguably, the most secure operating system, defeating the efforts of system administrators to defend Linux endpoints from vulnerabilities?

The global community ensures that patches are released promptly for identified vulnerabilities. But, the quick releases also mean more fixes per month. To give you an idea, SUSE Linux alone releases 300 fixes per month. Now multiply it by hundreds of Linux systems that need to be patched on a distributed corporate network. Additionally, each distribution comes with its own package managers, making it even more difficult to patch vulnerabilities on time.

Linux comes with some default security settings. But in a business environment characterized by constant change, developers and technicians often change security settings, access rights and leave them unchanged until the next vulnerability alert, leaving the system open to potential issues. . These configuration errors, if not monitored and corrected regularly, can leave Linux endpoints open for operation.

Without the proper vulnerability management tool, even the most secure systems collapse.

ManageEngine Extends Vulnerability Management Capabilities to Linux

Vulnerability Manager Plus, ManageEngine’s enterprise vulnerability management solution, now supports all major versions of Linux, including Ubuntu, Debian, CentOS, Red Hat, SUSE Linux, Pardus, and Oracle. No matter where your workforce is located, you can secure your Linux endpoints by:

  • Automation and customization of patches for all major Linux distributions and over 300 third-party applications.

  • Monitor and correct security configuration errors from the console.

  • Deployment of security recommendations to harden identified web server vulnerabilities.

Download a free 30-day trial of Vulnerability Manager Plus to start securing all your Linux distributions straight from a single pane of glass.

The article A Kernel of Truth: Linux Is Not As Foolproof As One Thought First appeared on the ManageEngine blog.

*** This is a syndicated Security Bloggers Network blog from ManageEngine Blog written by Joyal Bennison. Read the original post at: https://blogs.manageengine.com/desktop-mobile/vulnerability-manager-plus/2021/09/29/a-kernel-of-truth-linux-isnt-as-foolproof-as- we-may-have-thought.html



About Author

Comments are closed.