Linux Still has to be securedon August 27, 2008 at 8:56 pm
I sometimes get sick of my fellow Computerworld blogger Steven J. Vaughan-Nichols, A.K.A. Cyber Cynic. He is an avowed Linux-phile, which is fine with me. But he is constantly going on rants about how secure Linux is and how it’s great and wonderful and how Windows is so insecure and both sucks and blows.
But in this article he actually ends up surprising me. He talks about a bunch of Linux boxes getting attacked through compromised SSH keys. He goes on to say how the Linux admins that didn’t fix the problems are idiots and how he would have fired them if they worked for him. And he is where he surprises me. He says:
Linux really is more secure than most operating systems, but, as the security mantra goes, "security is a process, not a product."
That statement seemed so painful for Steven to get out. I think I actually felt him straining to get those words out (maybe Steven has been eating too much cheese lately). He actually had to admit that an admin actually had to work to make Linux secure. Of course, he couldn’t let that go without first saying that Linux "really is more secure than most operating systems", but at least he said it.
Seriously folks, I am not some Windows fan boy. I know I have said that a million times, but it is true. I don’t care what OS you use. You are ALWAYS going to have to secure it by patching and hardening. It is the nature of the beast. You can make a Windows box just as secure as a Linux box if you harden it correctly.
Steven is right that security is a process. You have to do your due diligence. If you love Linux and hate Windows, then use Linux for your server. But don’t let that cloud your brain when it comes time to lock that box down.