Don't Take Linux Security for Granted

It's often said that Linux is a more secure OS compared to other OSs in the market. While that's not incorrect, one shouldn't be tempted to think that it Linux is bulletproof.

By looking at the way the OS was built, it can be seen that it was built with security in mind. For example, there are isolated privileges per user and no user has admin privileges by default, and this makes it harder for malware to spread themselves or access files on infected computers.

In addition, Linux is open source, which means there are hundreds of people and organizations or teams like Google’s Project Zero who check the code to find potential vulnerabilities.

One more important point is that, from a market-level perspective, Linux has not been a very popular OS, hence attackers focused on attacking (and writing exploits) for more common OS such as Windows. But this fact has changed in the last few years.

Linux Gaining Popularity

Probably because of the well-earned reputation of being a secured OS (in addition to stability, support, and cost), Linux started to increasingly spread and become more popular. In fact, it is so popular that we are using it in our everyday life without even knowing.

Take for instance Android OS, which powers more than 70% of mobile phones and tablets. It's based on Linux. The same is true for routers and even NASA’s perseverance rover. Apart from those usages, Linux gained popularity as servers that serve applications, websites, etc., especially in the cloud field.

This fact has changed the way attackers view Linux – it became a far more interesting target to attack as more and more valuable data is being stored or served with it.

But Is It Still Secure?

Well, that depends. Linux is still “loyal to the values it was built on.” However, its security depends on how well it is configured and since there are a lot of configuration options, there are a lot of places to fall.

Some of the misconfiguration topics are:

1. OS level – related to the OS configuration for example: having low ptrace level allows debugging any process, which might lead to data leak.
2. Service level – servers tend to run services on them which are used to help the server function as it was meant to.
   • Failing to configure those services right (or “flowing” with the default configuration) can expose the machine to different types of attacks.
     • For example using the default configuration for SSH service enables user/password authentication that allows attackers to initiate brute force attack. (Not to mention misconfiguration of allowing for anonymous authentication. Yikes!)
3. Updates – when a vulnerability is exposed, security updates are issued to fix it, failing to keep up with updates exposes the machine to vulnerabilities that are already known and might be used. (such as “PwnKit”, “Shellshock” etc.)

Besides the exploitation of misconfigurations, malware such as ransomware, trojan horses, and botnets that target linux systems are on the rise. This, together with misconfigurations, put enterprises on the back foot.

Managing Linux Security in the Enterprise: Remedio to the Rescue

Keeping devices up to date, fixing misconfigurations, and managing temporary changes made during daily work can be tedious and time-consuming. Remedio simplifies this by scanning your endpoints daily, detecting unusual findings, and automatically remediating them.

With full visibility across Windows, Linux, and macOS, Remedio is your one stop shop for identifying configuration issues and triggering remediation, ensuring misconfigurations are consistently resolved and your systems stay secure. Think of it as peace of mind at the push of a button.

The bottom line is that Linux is getting more and more popular. Attackers find it as a valuable target and thus, the amount of malware and exploits of Linux based machines is rising. There are a lot of misconfigurations to look after. Luckily Remedio has you covered!