UK Cyber Security Boffins Dispense Ubuntu 18.04 Wisdom
GCHQ: Yeah, but maybe don't make it too secure, ok?
The UK’s National Cyber Security Centre (NCSC) has dispensed advice aimed at securing Ubuntu installs and followed it up with help for Dixons customers.
The NCSC, part of the UK’s Government Communications Headquarters (GCHQ) exists to make the UK a safer place to do business online and, in an unusual step for a Government agency, does a pretty good job of dispensing sensible security advice.
Dixons Carphone customers got the treatment yesterday, following the admission that, er, maybe a bit more than 1.2 million users had actually had their privates exposed in a data breach. More like 10 million records. GCHQ's infosec crew suggested Dixons users shouldn't fill in their log-in info via that link on that unsolicited email, hmm?
Last week, however, it was Ubuntu 18.04 LTS upon which the agency turned its gimlet gaze. The security wonks first stated the obvious – route data over a secure VPN to avoid prying eyes, stop users installing whatever they want and for goodness sake, cut down on the admin rights.
Once over the summary, the agency went into detail. It has a number of security principles, and soberly explains the risks associated with Ubuntu along with mitigating steps. The list should be required reading for anyone about to leap into the wonderful world of Linux, thinking all their Windows woes or Mac migraines will vanish overnight.
Of course, this isn’t to say a default installation of Ubuntu 18.04 LTS isn’t already pretty secure. As well as making recommendations, the agency highlights areas where the OS does just fine, with minimal tinkering needed (such as stopping the execution of malicious code, unless you’ve sprayed the system with root level rights like a naughty child with a water pistol.)
The agency has also provided guides for the likes of Office 365, Windows 10 (but only to 1709) and macOS (to 10.13). Ubuntu 16.04 LTS is also present, but other Linux distributions are conspicuous by their absence.
Dell recently shovelled Ubuntu 18.04 LTS onto the Developer Edition of its XPS 13 laptop and users, mindful of the operating system's presence in the vulnerability charts (number 10 in the all time list, but down to 32 in 2017) could do considerably worse than look to the NCSC for tips on keeping things secure.
Source: theregister
Latest Jobs
-
- Cyber Incident Response Consultant, Italy
- Italy
- Up to €60,000
-
Cyber Incident Response Consultant, Italy Up to €60,000 Cyber Incident Response Consultant is needed to join a global consultancy whose cyber business unit are continuing to their investment in the growth of their team. The Cyber Incident Response Consultant role is client facing that will join an award-winning team that deliver varied, interesting and often challenging work to a wide range of prestigious clients. The Cyber Incident Response Consultant MUST have current experience taking a client through the complete IR / triage process and have a blend of both technical and commercial (identifying and developing new business opportunities within a client) Proactive Incident response, forensics and eDiscovery experience is a MUST. The Cyber Incident Response Consultant must be happy to travel. Key attributes should also include; stakeholder engagement, mentoring of team members, a collaborative working style. Technical experience must include; demonstrable experience within an cyber incident response, Forensic, cyber etc. Additional certifications could / should include GIAC certified (Intrusion analyst, incident handler, forensic handler) Any of the following are very desirable also CREST Certified Network Intrusion Analyst (CCNIA) CREST Certified Host Intrusion Analyst (CCHIA) CREST Certified Malware Reverse Engineer (CCMRE) CREST Practitioner Intrusion Analyst (CPIA) Career development and the opportunity to influence, apply today for more information.
-
- Data Consultant
- London
- Up to £90,000 Base
-
Data Consultant Location: London Salary: Up to £90,000 basic DD7692 A leading Google Cloud Platform (GCP) Provider who is looking for a Data Consultant, based in London. Experience with GCP or other similar platforms (AWS, AZURE etc), experience with GCP technologies as well as experience with Machine Learning, Data Mining and Data Analytics. The Data Consultant will be responsible for design solutions for customers and providing technical knowledge in customer meetings. Ideally, the Data Consultant will have experience transforming the way companies work by building company-centric solutions on the Google Cloud Platform or similar cloud platforms. Our client is a Premier Google Cloud Partner, offering an exciting opportunity to work with innovative technology whilst giving you the chance to grow and develop your career. You will have the opportunity to benefit from a number of training courses at several Google locations.
-
- Senior Delivery Consultant Emerging Technologies
- Beckenham
- N/A
-
Senior Delivery Consultant Emerging Technologies The Senior Delivery Consultant will work on pure retained executive search mandates in the emerging technology sector. The Senior Delivery Consultant will work closely with the practice lead to complete research and deliver the assignment to completion. This is a senior role with both client and candidate contact, although you will not have a fee generation target. A generous commission structure will exist linked to the successful delivery of assignments. Come and work for a business where the client is retained and you can focus 100% of your time and efforts headhunting the best talent out there in the market! Ref: AMSDC Salary: Dependant on Experience Location: Beckenham
-
- SOC Manager / Threat Hunting Service Lead, Cyber
- Bracknell
- £85,000 +
-
REFCH7713 SOC Manager / Threat Hunting Service Lead, Cyber £85,000 + Bracknell SOC Manager / Threat Hunting service Lead needed- must be commutable to the Reading / Bracknell area. We are looking for a SOC Manager / Threat Hunting Service Lead to aid in building out a new SOC / Threat hunting (IR) service offering. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; Establishing the technical process, building operational capability, managing and hiring team, creation of policy/playbooks, fine turning of the go-to-market collateral etc. Apply today for more information or contact me directly on Chris.Holt@dclsearch.com or 07884666351 Cyber Security Jobs, Information Security Jobs, SOC Manager Jobs, SOC Jobs