Linux Is More Secure:
It is often said that Linux is a more secure OS compared to other OS in the market, and that is not wrong, however, one should not be tempted to think that it is also bulletproof. By looking at the way the OS was built, it can be seen that it was built with security in mind, for example there are isolated privileges per user and no user has admin privileges by default – these make it harder for malware to spread themselves or access files on infected computers.
In addition, Linux is open source, which means there are hundreds of people And organizations or teams like Google’s Project Zero who check the code to find potential vulnerabilities.
One more important point is that Linux was not a very popular OS, hence attackers focused on attacking (and writing exploits) for more common OS such as Windows. But this fact has changed in the last few years.
Linux Getting Popular:
Probably because of the well earned reputation of a secured OS (in addition to stability, support and cost) Linux started to increasingly spread and become more popular. In fact, it is so popular that we are using it in our everyday life without even knowing. For example: Android OS (that powers more than 70% of mobile phones / tablets) is based on Linux. The same is true for routers and even NASA’s perseverance rover. Apart from those usages, Linux gained popularity as servers that serve applications, websites etc, especially in the cloud field.
This fact has changed the way attackers view Linux – it became a far more interesting target to attack as more and more valuable data is being stored or served with it.
But, It Is Still Secured, Right?
Well, that depends. Linux is still “loyal to the values it was built on” (LOL, don’t know a good phrase for that), however, its security depends on how well it is configured and since there are a lot of configuration options, there are a lot of places to fall at.
Some of the misconfiguration topics are:
- OS level – related to the OS configuration for example: having low ptrace level allows debugging any process, which might lead to data leak.
- Service level – servers tend to run services on them which are used to help the server function as it was meant to. Failing to configure those services right (or “flowing” with the default configuration) can expose the machine to different types of attacks. For example using the default configuration for SSH service, enable user/password authentication, that allows attackers to initiate brute force attack (not to mention misconfiguration of allowing for anonymous authentication, yikes!)
- Updates – when a vulnerability is exposed, security updates are issued to fix it, failing to keep up with updates exposes the machine to vulnerabilities that are already known and might be used. (such as “PwnKit”, “Shellshock” etc..)
Besides the exploit of misconfiguration, more malware such as ransomware, trojan, botnets, that target linux systems are arising, which, with the combination of misconfiguration, creates an entry point for those attacks to take place and lead to enterprise shut down.
No Worry, use Gytpol!
Making sure updates applied, misconfiguration and temporary changes during daily work are fixed in each machine in the network, and that state is saved can be a tedious mission. Luckily, Gytpol offers a tool to scan your endpoints on a daily basis for those tasks, report on any unusual findings and even remediate them!
Gytpol is a one stop shop for getting a picture of endpoints in your network (Windows, Linux and macOS), issue remediation tasks on problematic events and having peace of mind, knowing that all of those misconfigurations are taken care of.
Linux is getting more and more popular, attackers find it as a valuable target and thus, the amount of malware and exploits of Linux based machines is rising. There are a lot of misconfigurations to look after and it is very hard to keep track of them and their state – luckily Gytpol got you covered!