Get Safe Online recently reported the following via twitter:
Linux needs proper installation and configuration to be fully secure ow.ly/bQ76y
— Get Safe Online (@GetSafeOnline) June 27, 2012
This should not be a surprise.
There has been a long running rhetorical question asked by some of the firewall and security experts I have worked with. What is better:
- A top spec firewall, poorly configured
- A low spec firewall, well configured
The correct answer should be the latter bullet (provided the low specification means you have the capabilities you need to meet the anticipated threats). If the best firewall in the world is configured to “let all traffic through”, it is not going to provide much security.
The same is true for any operating system, not just Linux. If it is poorly configured, then it runs the risk in being used in a way other than intended, often leading to a security issue.
This is a message I was keen for Nexor to embrace when we started to deliver Linux solutions, it was of little benefit to our customers if we provided great software that was deployed poorly. It is for the reason CyberShield Secure™ was developed, to make sure the solution development cycle is a full life cycle, including delivery and through life support.