1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Why Linuxs biggest strength is also its biggest weakness

    From TechnologyDaily@1337:1/100 to All on Fri Jul 9 17:30:04 2021
    Why Linuxs biggest strength is also its biggest weakness

    Date:
    Fri, 09 Jul 2021 16:06:29 +0000

    Description:
    The Linux patch management process offers scope for improvement.

    FULL STORY ======================================================================

    Unpatched vulnerabilities are one of the main points of entry for cyberattacks. Attacks on infrastructure are increasing, and IT teams are struggling to keep up with the swathe of new issues that are discovered.
    Patch management should therefore be a key focus for IT and security teams in the race to keep ahead of attackers.

    Linux is responsible for the vast majority of public cloud infrastructure - around 90 percent according to the 2017 Linux Kernel Development Report by
    the Linux Foundation. It also supports 82 percent of the worlds smartphones and nine of the top ten public clouds . Linux also has a good reputation for security, especially when compared to other operating systems.

    However, a recent spate of serious Linux-related vulnerabilities has shown that Linux needs to be managed just as closely as any other set of IT assets. These are the best Linux laptops currently available Here's our list of the best antivirus services And here are the best laptops for developers About
    the author

    Shailesh Athalye is SVP Product Management at Qualys

    How can we better protect our infrastructure over time? Are we overconfident in Linux and security? And how can we manage the patching process more efficiently? Understanding the patch management process

    Software is complex. Issues such as design flaws or programming errors will naturally arise, and these flaws can potentially lead to security issues. Whats important is that these vulnerabilities are spotted and dealt with quickly, prior to exploitation.

    Proprietary software companies have full control over their update processes. The most recognizable approach is the industry-wide monthly Patch Tuesday releases by the likes of Microsoft and Adobe.

    These releases highlight vulnerabilities, assign severity levels and help IT teams prioritize issues for patching based on their priorities and risk levels. This approach enables IT and security teams to plan their patching.

    For Linux, the process is very different. As Linux is open source , issues
    can be discovered by community members and updates issued at any time. The process is coordinated so that all those affected - from the largest open-source distributions run by global vendors through to smaller versions run by community teams - can add the updates to their versions.

    Companies like Red Hat and SUSE run mailing lists that alert the community to known vulnerabilities and associated patches in real-time, rather than being limited to monthly cadences. This process helps maintain the core principles of open source, which center around openness, transparency and traceability for all. The significance of Linux

    Its important not to be complacent around Linux and security. Firstly, the sheer number of distributions and variants powered by Linux means that one issue can lead to multiple sets of patches that have to be deployed, one for each distribution or asset used.

    This can become incredibly complex to keep up with. Its easy to see how teams can fall behind as a result, particularly where there is an assumption that Linux is more secure.

    Arguably the winning feature of Linux - the fact that its open source - is also its biggest challenge.

    When vulnerabilities become public knowledge, they are open for everyone to look into, and proof of concept code is often created to demonstrate the issues. While this assists those responsible for Linux communities and gives them insight into the problems, this data can also be used to work out other ways to exploit the original vulnerability.

    If organizations running Linux are not up to date with their patch
    management, it can be easier for attackers to attempt exploits based on those example exploits. Challenges of the Linux patching process

    To manage Linux patching effectively, there are three elements that have to work alongside each other.

    The first process to get right is building an accurate IT asset inventory
    that can track hardware, operating systems and software, as well as any other services. This should provide a full list of what is in place and the current status of the assets.

    Once you have this confirmed, you can look at what vulnerabilities exist and what patches have to be installed. With so many new issues getting
    discovered, it might not be possible to patch everything immediately.

    Instead, you can prioritize what issues are the most pressing to implement, either because they are the riskiest, the most widespread or the most dangerous. This will depend on your company, what is in place, and the companys appetite for risk. Too much tooling

    One of the challenges of collecting the data required to efficiently discover your assets, scan for vulnerabilities, prioritization and remediate is that
    it may require multiple tools that do not communicate between themselves.

    Some may argue that the more tools the better, and many security
    professionals were once taught to follow the approach that quantity equals quality. While the safety blanket of multiple asset tools overlapping one another may sound reassuring to ensure that no vulnerability or gap in
    defense is ever missed, it actually becomes more of a hindrance for IT and security teams to manage over time.

    In reality, every tool you adopt will have its own overhead and its own way
    of categorizing data. When you compare data across tools and teams, its difficult to get accurate information in real time.

    Teams are also likely to double up on work as they have to manually correlate data before they even get to work on patching issues the tools have found.
    The workload facing IT teams is mounting, so taking out any duplication and automating processes should immediately pay off.

    For example, organizations that use different tools for discovering assets, running vulnerability management scans, prioritizing and patching will initially face the challenge of ensuring that all the different products can agree on how to identify a device. Without this agreement, reports cannot be generated, and remediation jobs cannot be initiated.

    To complicate things even further, organizations that use multiple tools to achieve those tasks will usually have to undertake time-consuming processes
    to allow its patch teams to deploy patches based on prioritized vulnerabilities.

    This typically involves sending a report with a list of prioritized vulnerabilities to the patch team, who in turn will have to research each vulnerability, understand what patches are available, assess which of those are relevant to the environment and should therefore be deployed.

    This process can take time and requires a lot of heavy lifting from each
    team. Lengthy and complex patch management processes such as these are also likely to be the first to be de-prioritized when other, seemingly more urgent tasks arise.

    This presents a danger for organizations that may unknowingly leave
    themselves open to attack because of vulnerabilities left unpatched for
    longer than necessary. Unification contains the keys for success

    The community recognizes that this is a flawed process. As a result, more tools are now available to minimize some of the steps in this process, but most still fall short and require manual intervention somewhere along the
    way.

    Instead, if organizations can utilize one solution to scan for vulnerabilities, prioritize and remediate them within one single console, the process is dramatically more efficient, and organizations can more easily
    keep on top of their patch management.

    This would remove the need for manual research and reporting around each individual vulnerability and the associated patch for each individual system. The patch can be deployed from a single button which delivers an up-to-date report of remediated vulnerabilities to document the process and close the loop.

    Ultimately, teams need to create an efficient and effective workflow, both
    for proactive and reactive patching approaches, that runs across as many operating systems as possible.

    Rather than having separate tools for Windows and Linux, and internal cloud assets, integrating all your asset data together in one place enables greater efficiency. This provides a comprehensive overview of what you have and what to prioritize, regardless of where that asset is hosted.

    The threat landscape is constantly changing, so scheduled rounds of scanning monthly or weekly from multiple agents are no longer enough. Companies should strive for continuous, automated scanning to ensure they can detect and remediate issues in real-time.

    This ensures IT and security teams are always working with the most
    up-to-date information, and it also means that remediation approaches can be automated too. Also, check out our list of the best IT infrastructure management services



    ======================================================================
    Link to news story: https://www.techradar.com/news/why-linuxs-biggest-strength-is-also-its-biggest -weakness/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)