UK Cyber Security Boffins Dispense Ubuntu 18.04 Wisdom
GCHQ: Yeah, but maybe don't make it too secure, ok?
The UK’s National Cyber Security Centre (NCSC) has dispensed advice aimed at securing Ubuntu installs and followed it up with help for Dixons customers.
The NCSC, part of the UK’s Government Communications Headquarters (GCHQ) exists to make the UK a safer place to do business online and, in an unusual step for a Government agency, does a pretty good job of dispensing sensible security advice.
Dixons Carphone customers got the treatment yesterday, following the admission that, er, maybe a bit more than 1.2 million users had actually had their privates exposed in a data breach. More like 10 million records. GCHQ's infosec crew suggested Dixons users shouldn't fill in their log-in info via that link on that unsolicited email, hmm?
Last week, however, it was Ubuntu 18.04 LTS upon which the agency turned its gimlet gaze. The security wonks first stated the obvious – route data over a secure VPN to avoid prying eyes, stop users installing whatever they want and for goodness sake, cut down on the admin rights.
Once over the summary, the agency went into detail. It has a number of security principles, and soberly explains the risks associated with Ubuntu along with mitigating steps. The list should be required reading for anyone about to leap into the wonderful world of Linux, thinking all their Windows woes or Mac migraines will vanish overnight.
Of course, this isn’t to say a default installation of Ubuntu 18.04 LTS isn’t already pretty secure. As well as making recommendations, the agency highlights areas where the OS does just fine, with minimal tinkering needed (such as stopping the execution of malicious code, unless you’ve sprayed the system with root level rights like a naughty child with a water pistol.)
The agency has also provided guides for the likes of Office 365, Windows 10 (but only to 1709) and macOS (to 10.13). Ubuntu 16.04 LTS is also present, but other Linux distributions are conspicuous by their absence.
Dell recently shovelled Ubuntu 18.04 LTS onto the Developer Edition of its XPS 13 laptop and users, mindful of the operating system's presence in the vulnerability charts (number 10 in the all time list, but down to 32 in 2017) could do considerably worse than look to the NCSC for tips on keeping things secure.
- IDAM Business Analyst
- Up to £65,000 Base
A Business Analyst with strong exposure within the Identity & Access or Privileged Access Management space is required by a leading consulting firm. You will have a strong technical understanding of at least one of the following subjects; Privileged Access/ Identity management, Identity Governance and Administration. Vendor experience may include; CyberArk, Sailpoint or Ping Identity. Any of the following vendors could also be advantageous; Oracle’s Identity Manager/ Access Manager or One Identity. The role is to be based in either London or Manchester, with 3-4 days of travel required in a week, that may flex based on the influx of work. This person will have excellent client facing skills, as you will be the primary point of contact between the clientele, and the Engineering team. So prior client facing experience is a must. If this sounds like you, give me a call today on; 0208 663 4030 or email Thomas.Childs@DCLSearch.com Ref: TC7516
- ISO27001 Information Security Consultant
- Up to £60,000
Information Security Consultant with ISO27001 audit and advisory experience is needed for a client facing opportunity with a Cyber Security company in London. Experience with ISO27001 is essential. Activities of the role will include, but not be limited to providing advice to clients, Gap analysis, Risk assessment, analysis, ISO27001 Audits. Experience taking a client through to iso 27001 certification is highly desirable. This Cybersecurity consultancy, who are dedicated to improving and investing in their client's businesses and employees careers, are looking for a security consultant due to expansion. All the training and development will be provided to help them specialise into the PCI industry / Security advisory industry. Ideal certifications ISO27001 Lead Auditor, ISO 27001 Lead implementer, PCI ISA. Aspiring PCI QSA. Other certifications such as CISSP, CISM or CISA are beneficial to have but not required. The ability to SC Clearance is essential. MUST be UK based and realistically able to commute to London. Structured career path, technical training, diverse and interesting clients available. (ISO70001 Lead Auditor, ISO 27001 Lead implementer, PCI ISA. Aspiring PCI QSA, ISO27001 Information Security Consultant) Contact me on firstname.lastname@example.org or 07884666351 or 02086634030 Ref: CH7514
- Google Cloud Data Engineer
- Up to £650 Per Day
Google Cloud Data Engineer London Up to £650 Per Day Duration: 3 months (Potential to extend) We are currently working with a leading Google Cloud partner who are currently looking for a Google Cloud Data Engineer in London. The Google Cloud Data Engineer will be responsible for a new, on-site project (start to finish) designing and implementing a data cataloguing platform using Google Cloud. Current Experience Required Google Cloud Data Analytics (Data Engineering, Data Mining, Data Cataloguing etc.) Cloud PUB / SUB Ref: PG7512
- Professional Services Security Engineer
- United Kingdom
Professional Services Security Engineer with current checkpoint experience is needed for the UK focused client facing implementation/migration, configuration position. The role will be utilising the latest versions of Checkpoint, so someone accredited with either CCSA or CCSE, on at least version R80 is ideal. The Professional Services Security Engineer must have current technical implementation experience using Checkpoint, however, I would look at someone with strong firewalling experience around other vendors such as Palo Alto and Fortinet. Being a multi-vendor professional services business, there is scope for this person to receive training and experience within other vendors. This is a UK wide role, the company in question has 2 offices across the UK, however, there is scope for this person to be home based when not on client site. Vendor training and exposure actively promoted.