A kernel of truth: Linux isn’t as foolproof as we may have thought

A kernel of truth: Linux isn’t as foolproof as we may have thought

By Joyal Bennison

A world without Linux is hard to imagine. Every Google search we run is accomplished on Linux-based servers. Behind the Kindle we enjoy reading, to the social media sites we spend scrolling away every day sits the Linux kernel. Would you believe your ears if I tell you the world’s top 500 supercomputers run on Linux? No wonder Linux has permeated into every aspect of the digital age, not to mention its steadily growing enterprise user base.

It may be true that Linux makes up only 9% of total enterprise operating systems, but don’t let the numbers fool you; the most high-value systems, including web servers, routers, and contingency machines are often trusted with Linux. One could see why, considering the global consensus on Linux being the most secure OS.

The age-old question: What makes Linux secure?

While there are built-in defenses packaged into the Linux OS, the inherent security of Linux is generally attributed to its open-source nature, strict user privilege model, and diverse distributions.

Being open-source gives Linux a decided advantage over Windows and Mac since the source code is constantly under scrutiny by a global community of experts. As a result, security vulnerabilities are identified constantly and fixes are released rapidly. As open-source advocate and author Eric Raymond puts it, “Given enough eyeballs, all bugs are shallow.”

Open source code also means it can be modified and distributed by any individual or organization. As a result, a wide variety of Linux distributions (distros) are available, each with unique functionalities that offer diverse options for enterprise users depending on the hardware and software they intend to deploy in their network. Besides satisfying different user requirements, this diversity also makes it difficult for threat actors to craft exploits against many Linux systems.

By default, Linux users have low automatic access rights and require additional permissions to open attachments, access files, or adjust kernel options. This makes it harder for attackers to propagate malware.

Nevertheless, the increased popularity of Linux has attracted the eyes of hackers in recent years. The Erebus ransomware and the Tsunami backdoor exploits are a testament to that.

Linux isn’t as foolproof as we may have thought

Deploying a secure OS for your business-critical machines does make a difference to your security stance, but it isn’t a sure safeguard. What if I tell you the very factors that make Linux, arguably, the most secure OS, run counter to the sys admins’ efforts to defend Linux endpoints against vulnerabilities?

The global community ensures patches are published swiftly for identified vulnerabilities. But, quick releases also mean more patches per month. To give you a perspective, SUSE Linux alone releases 300 patches a month. Now multiple it by hundreds of Linux systems that need to be patched across a distributed enterprise network. Besides, each distro comes with its own package handlers, making it even more complex to fix vulnerabilities in time.

Linux comes with certain default security settings. But in an enterprise environment characterized by constant changes, developers, and technicians often make changes to security settings, access rights, and leave them unaltered until the next vulnerability alert, leaving the system open to potential issues. These misconfigurations, if not monitored and regularly addressed, can leave Linux endpoints open to exploitation.

Without a proper vulnerability management tool in place, even the most secure systems fall apart.

ManageEngine extends vulnerability management capabilities to Linux

Vulnerability Manager Plus, the enterprise vulnerability management solution from ManageEngine, now supports all major flavors of Linux, including Ubuntu, Debian, CentOS, Red Hat, SUSE Linux, Pardus, and Oracle. No matter where your workforce is, you can secure your Linux endpoints by:

  • Detecting, assessing, and resolving vulnerabilities as and when they emerge.
  • Automating and customizing patching to all major Linux distros and over 300 third-party applications.
  • Monitoring and correcting security misconfigurations from the console.
  • Deploying security recommendations to harden identified web server flaws.
  • Implementing workarounds for zero-days before fixes arrive.
  • Uninstalling high-risk software and auditing active ports.

Download a free, 30-day trial of Vulnerability Manager Plus to start securing all your Linux distros directly from a single pane of glass.

** Optrics Inc. is an Authorized ManageEngine partner


The original article can be found here:

https://blogs.manageengine.com/desktop-mobile/vulnerability-manager-plus/2021/09/29/a-kernel-of-truth-linux-isnt-as-foolproof-as-we-may-have-thought.html

About the Author: Shannon Lewis

Leave a Reply