Saturday, January 9, 2016

SCORE has published a new Linux Security Checklist

The checklist can be found here. I did a short interview with Simeon Blatchley.

What prompted you to update the checklist, it looks like a lot of effort went into that project?

Simeon: A big problem with security is that documentation is not up to date, and documents/checklists on Linux can kind of be ignored. So we figured that if we put the time to create the document, we should maintain it. Security changes every second, so keeping documentation and instructions accurate and up to date is essential.

They used to say the single most important thing you could do to protect and operating system was keep the patches up to date. Does that apply to linux?

Simeon: I like to compare Linux and Windows systems to a regular and unlocked smartphone. On your typical locked phone [Windows], the primary thing you really can do for security is make sure it is updated/patched regularly, since security is not locally managed. But on an unlocked phone [Linux], you have control over many more aspects of the system (as does an intruder), so you must take greater measures to secure it. Therefore, while it is important to ensure you're patched and up to date, Linux systems in an enterprise environment need to take further measures to prevent exploitation. Most attacks against Linux are well crafted exploiting things normal patching won't protect.

Have you been contacted yet by users of the checklist with questions or suggestions?

Simeon: As far as I am aware, we have not been contacted by any users. However, I have been made aware that it is the main Linux checklist used by Cyberpatriot teams.
What is your favorite variant of linux and why?
Simeon: I personally use Kali, mostly...well for obvious reasons. Plus I studied the martial art so that's cool. Aside from that it looks really good! 

About Simeon: 

Simeon Blatchley is an Analyst at SAIC in Denver Colorado and a Senior at the University of Maryland University College, where he will be receiving his BSc in Cybersecurity. Simeon’s formal immersion in cybersecurity was at 16, when he participated in the AFA Cyberpatriot competition with a Civil Air Patrol team coached by Simeon’s father William Blatchley. The following year Simeon acted as an assistant Coach to the same team (Team Wolfpack), and they won the Cyberpatriot Finals in Maryland at the USAF Cyberfutures conference. Simeon and some cyber minded friends are currently working on starting their own company which will connect highly qualified college students receiving their degree in a computer related field, with jobs and with other people in their field to help facilitate the future of cyber engineering. The company, LinkX RDP, was recently endorsed by NASA and will hopefully launch officially this year. Simeon enjoys playing piano, reading, doing computer stuff, and telling jokes that really aren’t funny.

No comments:

Post a Comment