SlideShare una empresa de Scribd logo

UK Gov Report Summary

- Mark - Fullbright
- Mark - Fullbright

Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.

EducaciónTecnología
1 de 7
Descargar para leer sin conexión
UK Gov Security Assessment puts Ubuntu in First Place CESG, the security arm of the UK government that assesses operating systems and software, has published its findings for all ‘End User Device’ operating systems (OSs). Based at GCHQ, they included OSs for laptops and mobile devices in their assessment, and for uses designated at “OFFICIAL” level in accordance with UK Government Security Classification Policy. This is roughly equivalent to a standard set of best practice security features. Any enterprise would be interested in implementing these to make sure that information is not leaked from their organisation. The security assessment included the following categories: ● ● ● ● ● ● ● ● ● ● ● ● VPN Disk Encryption Authentication Secure Boot Platform Integrity and Application Sandboxing Application Whitelisting Malicious Code Detection and Prevention Security Policy Enforcement External Interface Protection Device Update Policy Event Collection for Enterprise Analysis Incident Response No currently available operating system can meet all of these requirements. Ubuntu however, scores the highest in a direct comparison. A summary of the assessment is shown below:
Sections that were considered as having a “Significant Risk” are marked below as a red box; sections that have some notes about risks to be aware of are marked in orange; sections that passed the assessment are marked in green. Android 4.2 [1] VPN Disk Encrypti on Authenti cation Secure Boot Platfor m Integrity & Applicati on Sandbox Samsung Devices with Android 4.2[2] Apple iOS 6[3] Apple OSX 10.8 [4] Blackber ry 10.1 (EMM Corporat e) [5] Blackber ry 10.1 (EMM Regulate d) [6] Google Chrome OS 26 [7] Ubuntu 12.04 [8] Window s 7 and 8 [9] Window s 8 RT [10] Window s Phone 8 [11]
ing Applicati on Whitelis ting Maliciou s Code Detectio n and Preventi on Security Policy Enforce ment External Interfac e Protecti on Device Update Policy Event Collectio n for Enterpri
-se Analysis Incident Respons e GREEN 5 9 7 8 5 9 8 9 8 7 7 ORANGE 6 2 4 4 6 2 3 3 4 4 3 RED 1 1 1 0 1 1 1 0 0 1 2 As you can see from the table the only OS that passes as many as 9 requirements without any “Significant Risks” as independently assessed by CESG is Ubuntu 12.04 LTS. So, what about the 3 sections that have comments: VPN, Disk Encryption and Secure Boot? VPN The comments made by CESG were that “The built-in VPN has not been independently assured to Foundation Grade.” This means that the software does meet all the technical requirements of security to pass the assessment, but that the software itself has not been independently assessed to make sure that it hasn’t been tampered with during the development process. You can also see from the comments made on each detailed assessment that nobody meets this requirement fully at this time. The best you can hope for is technical compliance with independent assessment pending, which is the case for Ubuntu 12.04 or independent assessment complete but missing technical features, like Windows 8, for example. The independent assessment work for Ubuntu is being carried out by a partner and we expect CESG to provide additional guidance for meeting this requirement fully, in due course. We expect that this will be also available in time for the upcoming release of Ubuntu
14.04 LTS and if so we expect to fully meet this requirement in this release. Disk Encryption Disk encryption is a similar case to the VPN assessment. For Ubuntu 12.04, CESG states: “LUKS and dm-crypt have not been independently assured to Foundation Grade.” LUKS and dm-crypt are used on Ubuntu to encrypt the data on the hard disk and to decrypt the data when starting up, by requesting a password from the user. Without the password, the computer cannot start the operating system or access any of the data. The technical requirements are all met, but the software has not been through an independent assessment to prove that it has not been tampered with in development. So, the independent assessment still needs to be done for LUKS and dm-crypt on Ubuntu to pass this requirement. However, every other operating system on the list has also yet to pass an independent assessment, but Ubuntu meets all the technical requirements already and we just need a sponsor to put the software through the assessment process. Secure Boot Secure boot is a Microsoft technology invented in co-operation with OEMs to ensure that software cannot be tampered with after the hardware has been shipped from the factory. It has provoked much debate in security circles, as the ability to install any software which you can control is desirable from a security perspective. The German government recently criticised secure boot [12] as preventing installation of specialised secure operating systems after sale of hardware. Ubuntu’s response, from Ubuntu 12.10 onwards is to adopt Grub2 as the default bootloader, with support for Secure Boot, but with an ability to turn off secure boot to modify the OS, if required. This is explained in John Melamut’s blog post here [13]. We believe this
gives users and enterprises the best compromise between security and ability to customise after sale. Summary All in all Ubuntu 12.04 LTS stacks up as the most secure of the current desktop and mobile operating systems. Supported by Canonical with free security updates for 5 years, and without malware problems, it’s hard to beat in official public sector applications. We are working hard to close the gap and make Ubuntu clearly stand out as the most trustworthy operating system for the future and we hope to make excellent progress before our next LTS release in April 2014, 14.04 LTS, which will be even better. Darryl Weaver Sales Engineer, EMEA, Canonical Further Reading The original CESG guidance is available to read here: https://www.gov.uk/government/collections/end-user-devices-security-guidance--2 References [1] https://www.gov.uk/government/publications/end-user-devices-security-guidance-android-42 [2] https://www.gov.uk/government/publications/end-user-devices-security-guidance-samsung-devices-with-android-42 [3] https://www.gov.uk/government/publications/end-user-devices-security-guidance-apple-ios-6 [4] https://www.gov.uk/government/publications/end-user-devices-security-guidance-apple-os-x-108 [5] https://www.gov.uk/government/publications/end-user-devices-security-guidance-blackberry-101-emm-corporate [6] https://www.gov.uk/government/publications/end-user-devices-security-guidance-blackberry-101-emm-regulated [7] https://www.gov.uk/government/publications/end-user-devices-security-guidance-google-chrome-os-26 [8] https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1204 [9] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-7-and-windows-8 [10] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-8-rt [11] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-phone-8 [12] http://www.bmi.bund.de/SharedDocs/Downloads/DE/Themen/OED_Verwaltung/Informationsgesellschaft/trusted_computing_eng.html
[13] http://blog.canonical.com/2012/09/20/quetzal-is-taking-flight-update-on-ubuntu-secure-boot-plans/

Recomendados

Windows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password resetWindows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password reset
Passreset
 
Samsung beyond basic android online 0
Samsung beyond basic android online 0Samsung beyond basic android online 0
Samsung beyond basic android online 0
Javier Gonzalez
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security Enhancements
Presentologics
 
Security Lock Down Your Computer Like the National Security Agency (NSA)
Security Lock Down Your Computer Like the National Security Agency (NSA)Security Lock Down Your Computer Like the National Security Agency (NSA)
Security Lock Down Your Computer Like the National Security Agency (NSA)
José Ferreiro
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
losalamos
 
Overview of asp .net
Overview of asp .netOverview of asp .net
Overview of asp .net
Sajan Sahu
 
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
North Star. Inc.
 
An overview of the samsung knox platform v1 14
An overview of the samsung knox platform v1 14An overview of the samsung knox platform v1 14
An overview of the samsung knox platform v1 14
Javier Gonzalez
 

Recomendados

Windows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password resetWindows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password reset
Passreset
 
Samsung beyond basic android online 0
Samsung beyond basic android online 0Samsung beyond basic android online 0
Samsung beyond basic android online 0
Javier Gonzalez
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security Enhancements
Presentologics
 
Security Lock Down Your Computer Like the National Security Agency (NSA)
Security Lock Down Your Computer Like the National Security Agency (NSA)Security Lock Down Your Computer Like the National Security Agency (NSA)
Security Lock Down Your Computer Like the National Security Agency (NSA)
José Ferreiro
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
losalamos
 
Overview of asp .net
Overview of asp .netOverview of asp .net
Overview of asp .net
Sajan Sahu
 
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
North Star. Inc.
 
An overview of the samsung knox platform v1 14
An overview of the samsung knox platform v1 14An overview of the samsung knox platform v1 14
An overview of the samsung knox platform v1 14
Javier Gonzalez
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOURPR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
Kurtis Armour
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
Ivanti
 
Android Security
Android SecurityAndroid Security
Android Security
Lars Jacobs
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 
checkpoint
checkpointcheckpoint
checkpoint
Mayank Dhingra
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck by Synopsys
 
Top 10 antiviruses
Top 10 antivirusesTop 10 antiviruses
Top 10 antiviruses
university of education,Lahore
 
Android security
Android securityAndroid security
Android security
Midhun P Gopi
 
Alimentate sanamente
Alimentate sanamenteAlimentate sanamente
Alimentate sanamente
Paulina Bustillos Arrieta
 
Power Point activitat centrada en docent.tmateo
Power Point activitat centrada en docent.tmateoPower Point activitat centrada en docent.tmateo
Power Point activitat centrada en docent.tmateo
Thaïs Díez
 
"Outsourcing Best Practices" Conference. Speaker Diploma
"Outsourcing Best Practices" Conference. Speaker Diploma "Outsourcing Best Practices" Conference. Speaker Diploma
"Outsourcing Best Practices" Conference. Speaker Diploma
Сергей Булавский
 
EXPOSICION 4
EXPOSICION 4EXPOSICION 4
EXPOSICION 4
lolvezaldivar
 
Il csm, finalmente, si incazza sul serio
Il csm, finalmente, si incazza sul serioIl csm, finalmente, si incazza sul serio
Il csm, finalmente, si incazza sul serio
Carlo Favaretti
 
PRASHANTH_M77[1]
PRASHANTH_M77[1]PRASHANTH_M77[1]
PRASHANTH_M77[1]
Prashanth Mani
 
Fit 2015 flyer.pdf
Fit 2015 flyer.pdfFit 2015 flyer.pdf
Fit 2015 flyer.pdf
Randibeth Gallant
 
Acotax Trademark Certificate
Acotax Trademark CertificateAcotax Trademark Certificate
Acotax Trademark Certificate
Сергей Булавский
 
Hojita evangelio domingo la sagrada familia c serie
Hojita evangelio domingo la sagrada familia c serieHojita evangelio domingo la sagrada familia c serie
Hojita evangelio domingo la sagrada familia c serie
Nelson Gómez
 
Typo3 Neos - Introduction - WebMardi - Lausanne
Typo3 Neos - Introduction - WebMardi - LausanneTypo3 Neos - Introduction - WebMardi - Lausanne
Typo3 Neos - Introduction - WebMardi - Lausanne
dfeyer
 
Portfolio E. Keenan
Portfolio E. KeenanPortfolio E. Keenan
Portfolio E. Keenan
Erica Keenan
 
Domingo iv to ciclo b bn
Domingo iv to ciclo b bnDomingo iv to ciclo b bn
Domingo iv to ciclo b bn
Nelson Gómez
 
cv new chris palmer elec july2015
cv new chris palmer elec july2015cv new chris palmer elec july2015
cv new chris palmer elec july2015
Chris Palmer
 

Más contenido relacionado

La actualidad más candente

Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOURPR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
Kurtis Armour
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
Ivanti
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 

La actualidad más candente (9)

Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOURPR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
 
Android Security
Android SecurityAndroid Security
Android Security
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
 
checkpoint
checkpointcheckpoint
checkpoint
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
 
Top 10 antiviruses
Top 10 antivirusesTop 10 antiviruses
Top 10 antiviruses
 
Android security
Android securityAndroid security
Android security
 

Destacado

Domingo iv to ciclo b bn
Domingo iv to ciclo b bnDomingo iv to ciclo b bn
Domingo iv to ciclo b bn
Nelson Gómez
 
cv new chris palmer elec july2015
cv new chris palmer elec july2015cv new chris palmer elec july2015
cv new chris palmer elec july2015
Chris Palmer
 
Lysistrata Poster 2015
Lysistrata Poster 2015Lysistrata Poster 2015
Lysistrata Poster 2015
Alyssa Steen
 
Moving bed biofilm reactor for denitrification corey
Moving bed biofilm reactor for denitrification coreyMoving bed biofilm reactor for denitrification corey
Moving bed biofilm reactor for denitrification corey
mayurshinde1987
 

Destacado (17)

Alimentate sanamente
Alimentate sanamenteAlimentate sanamente
Alimentate sanamente
 
Power Point activitat centrada en docent.tmateo
Power Point activitat centrada en docent.tmateoPower Point activitat centrada en docent.tmateo
Power Point activitat centrada en docent.tmateo
 
"Outsourcing Best Practices" Conference. Speaker Diploma
"Outsourcing Best Practices" Conference. Speaker Diploma "Outsourcing Best Practices" Conference. Speaker Diploma
"Outsourcing Best Practices" Conference. Speaker Diploma
 
EXPOSICION 4
EXPOSICION 4EXPOSICION 4
EXPOSICION 4
 
Il csm, finalmente, si incazza sul serio
Il csm, finalmente, si incazza sul serioIl csm, finalmente, si incazza sul serio
Il csm, finalmente, si incazza sul serio
 
PRASHANTH_M77[1]
PRASHANTH_M77[1]PRASHANTH_M77[1]
PRASHANTH_M77[1]
 
Fit 2015 flyer.pdf
Fit 2015 flyer.pdfFit 2015 flyer.pdf
Fit 2015 flyer.pdf
 
Acotax Trademark Certificate
Acotax Trademark CertificateAcotax Trademark Certificate
Acotax Trademark Certificate
 
Hojita evangelio domingo la sagrada familia c serie
Hojita evangelio domingo la sagrada familia c serieHojita evangelio domingo la sagrada familia c serie
Hojita evangelio domingo la sagrada familia c serie
 
Typo3 Neos - Introduction - WebMardi - Lausanne
Typo3 Neos - Introduction - WebMardi - LausanneTypo3 Neos - Introduction - WebMardi - Lausanne
Typo3 Neos - Introduction - WebMardi - Lausanne
 
Portfolio E. Keenan
Portfolio E. KeenanPortfolio E. Keenan
Portfolio E. Keenan
 
Domingo iv to ciclo b bn
Domingo iv to ciclo b bnDomingo iv to ciclo b bn
Domingo iv to ciclo b bn
 
cv new chris palmer elec july2015
cv new chris palmer elec july2015cv new chris palmer elec july2015
cv new chris palmer elec july2015
 
Lysistrata Poster 2015
Lysistrata Poster 2015Lysistrata Poster 2015
Lysistrata Poster 2015
 
PMMC Certificate - Sergey Bulavsky
PMMC Certificate - Sergey BulavskyPMMC Certificate - Sergey Bulavsky
PMMC Certificate - Sergey Bulavsky
 
Ley de Contrataciones Públicas
Ley de Contrataciones PúblicasLey de Contrataciones Públicas
Ley de Contrataciones Públicas
 
Moving bed biofilm reactor for denitrification corey
Moving bed biofilm reactor for denitrification coreyMoving bed biofilm reactor for denitrification corey
Moving bed biofilm reactor for denitrification corey
 

Similar a UK Gov Report Summary

How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
BlackBerry
 
Tres formas de modernizar la TI del dispositivo y mejorar la productividad
Tres formas de modernizar la TI del dispositivo y mejorar la productividadTres formas de modernizar la TI del dispositivo y mejorar la productividad
Tres formas de modernizar la TI del dispositivo y mejorar la productividad
Cade Soluciones
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacob
Beji Jacob
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
tafinley
 
Discussing Windows® XP End of Support with Management: 5 Key Factors
Discussing Windows® XP End of Support with Management: 5 Key FactorsDiscussing Windows® XP End of Support with Management: 5 Key Factors
Discussing Windows® XP End of Support with Management: 5 Key Factors
Lenovo Business
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy Enterprise
DMIMarketing
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
bora.gungoren
 
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
LibreCon
 
Auditing the Workstation Domain for Compliance.docx
Auditing the Workstation Domain for Compliance.docxAuditing the Workstation Domain for Compliance.docx
Auditing the Workstation Domain for Compliance.docx
write12
 

Similar a UK Gov Report Summary (20)

How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
 
Android Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXAndroid Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOX
 
CodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallowsCodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallows
 
Tres formas de modernizar la TI del dispositivo y mejorar la productividad
Tres formas de modernizar la TI del dispositivo y mejorar la productividadTres formas de modernizar la TI del dispositivo y mejorar la productividad
Tres formas de modernizar la TI del dispositivo y mejorar la productividad
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacob
 
ENHANCED SOFTWARE DESIGN FOR BOOSTED CONTINUOUS SOFTWARE DELIVERY
ENHANCED SOFTWARE DESIGN FOR BOOSTED CONTINUOUS SOFTWARE DELIVERYENHANCED SOFTWARE DESIGN FOR BOOSTED CONTINUOUS SOFTWARE DELIVERY
ENHANCED SOFTWARE DESIGN FOR BOOSTED CONTINUOUS SOFTWARE DELIVERY
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
 
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEs
 
Discussing Windows® XP End of Support with Management: 5 Key Factors
Discussing Windows® XP End of Support with Management: 5 Key FactorsDiscussing Windows® XP End of Support with Management: 5 Key Factors
Discussing Windows® XP End of Support with Management: 5 Key Factors
 
Avc prot 2012b_en
Avc prot 2012b_enAvc prot 2012b_en
Avc prot 2012b_en
 
What Linux is what you should also have on your computer.
What Linux is what you should also have on your computer.What Linux is what you should also have on your computer.
What Linux is what you should also have on your computer.
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdf
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy Enterprise
 
Avc prot 2013a_en
Avc prot 2013a_enAvc prot 2013a_en
Avc prot 2013a_en
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
Arch overview
Arch overviewArch overview
Arch overview
 
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
 
Auditing the Workstation Domain for Compliance.docx
Auditing the Workstation Domain for Compliance.docxAuditing the Workstation Domain for Compliance.docx
Auditing the Workstation Domain for Compliance.docx
 

Más de - Mark - Fullbright

CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019
- Mark - Fullbright
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report
- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018
- Mark - Fullbright
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
- Mark - Fullbright
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017
- Mark - Fullbright
 

Más de - Mark - Fullbright (20)

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
Police, Protesters, Press, 2020
Police, Protesters, Press, 2020Police, Protesters, Press, 2020
Police, Protesters, Press, 2020
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
FCPA Guidance 2020
FCPA Guidance 2020FCPA Guidance 2020
FCPA Guidance 2020
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
 
2018 IC3 Report
2018 IC3 Report2018 IC3 Report
2018 IC3 Report
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018
 
Credit Score Explainer
Credit Score ExplainerCredit Score Explainer
Credit Score Explainer
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015
 

Último

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 

Último (20)

ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 

UK Gov Report Summary

  • 1. UK Gov Security Assessment puts Ubuntu in First Place CESG, the security arm of the UK government that assesses operating systems and software, has published its findings for all ‘End User Device’ operating systems (OSs). Based at GCHQ, they included OSs for laptops and mobile devices in their assessment, and for uses designated at “OFFICIAL” level in accordance with UK Government Security Classification Policy. This is roughly equivalent to a standard set of best practice security features. Any enterprise would be interested in implementing these to make sure that information is not leaked from their organisation. The security assessment included the following categories: ● ● ● ● ● ● ● ● ● ● ● ● VPN Disk Encryption Authentication Secure Boot Platform Integrity and Application Sandboxing Application Whitelisting Malicious Code Detection and Prevention Security Policy Enforcement External Interface Protection Device Update Policy Event Collection for Enterprise Analysis Incident Response No currently available operating system can meet all of these requirements. Ubuntu however, scores the highest in a direct comparison. A summary of the assessment is shown below:
  • 2. Sections that were considered as having a “Significant Risk” are marked below as a red box; sections that have some notes about risks to be aware of are marked in orange; sections that passed the assessment are marked in green. Android 4.2 [1] VPN Disk Encrypti on Authenti cation Secure Boot Platfor m Integrity & Applicati on Sandbox Samsung Devices with Android 4.2[2] Apple iOS 6[3] Apple OSX 10.8 [4] Blackber ry 10.1 (EMM Corporat e) [5] Blackber ry 10.1 (EMM Regulate d) [6] Google Chrome OS 26 [7] Ubuntu 12.04 [8] Window s 7 and 8 [9] Window s 8 RT [10] Window s Phone 8 [11]
  • 4. -se Analysis Incident Respons e GREEN 5 9 7 8 5 9 8 9 8 7 7 ORANGE 6 2 4 4 6 2 3 3 4 4 3 RED 1 1 1 0 1 1 1 0 0 1 2 As you can see from the table the only OS that passes as many as 9 requirements without any “Significant Risks” as independently assessed by CESG is Ubuntu 12.04 LTS. So, what about the 3 sections that have comments: VPN, Disk Encryption and Secure Boot? VPN The comments made by CESG were that “The built-in VPN has not been independently assured to Foundation Grade.” This means that the software does meet all the technical requirements of security to pass the assessment, but that the software itself has not been independently assessed to make sure that it hasn’t been tampered with during the development process. You can also see from the comments made on each detailed assessment that nobody meets this requirement fully at this time. The best you can hope for is technical compliance with independent assessment pending, which is the case for Ubuntu 12.04 or independent assessment complete but missing technical features, like Windows 8, for example. The independent assessment work for Ubuntu is being carried out by a partner and we expect CESG to provide additional guidance for meeting this requirement fully, in due course. We expect that this will be also available in time for the upcoming release of Ubuntu
  • 5. 14.04 LTS and if so we expect to fully meet this requirement in this release. Disk Encryption Disk encryption is a similar case to the VPN assessment. For Ubuntu 12.04, CESG states: “LUKS and dm-crypt have not been independently assured to Foundation Grade.” LUKS and dm-crypt are used on Ubuntu to encrypt the data on the hard disk and to decrypt the data when starting up, by requesting a password from the user. Without the password, the computer cannot start the operating system or access any of the data. The technical requirements are all met, but the software has not been through an independent assessment to prove that it has not been tampered with in development. So, the independent assessment still needs to be done for LUKS and dm-crypt on Ubuntu to pass this requirement. However, every other operating system on the list has also yet to pass an independent assessment, but Ubuntu meets all the technical requirements already and we just need a sponsor to put the software through the assessment process. Secure Boot Secure boot is a Microsoft technology invented in co-operation with OEMs to ensure that software cannot be tampered with after the hardware has been shipped from the factory. It has provoked much debate in security circles, as the ability to install any software which you can control is desirable from a security perspective. The German government recently criticised secure boot [12] as preventing installation of specialised secure operating systems after sale of hardware. Ubuntu’s response, from Ubuntu 12.10 onwards is to adopt Grub2 as the default bootloader, with support for Secure Boot, but with an ability to turn off secure boot to modify the OS, if required. This is explained in John Melamut’s blog post here [13]. We believe this
  • 6. gives users and enterprises the best compromise between security and ability to customise after sale. Summary All in all Ubuntu 12.04 LTS stacks up as the most secure of the current desktop and mobile operating systems. Supported by Canonical with free security updates for 5 years, and without malware problems, it’s hard to beat in official public sector applications. We are working hard to close the gap and make Ubuntu clearly stand out as the most trustworthy operating system for the future and we hope to make excellent progress before our next LTS release in April 2014, 14.04 LTS, which will be even better. Darryl Weaver Sales Engineer, EMEA, Canonical Further Reading The original CESG guidance is available to read here: https://www.gov.uk/government/collections/end-user-devices-security-guidance--2 References [1] https://www.gov.uk/government/publications/end-user-devices-security-guidance-android-42 [2] https://www.gov.uk/government/publications/end-user-devices-security-guidance-samsung-devices-with-android-42 [3] https://www.gov.uk/government/publications/end-user-devices-security-guidance-apple-ios-6 [4] https://www.gov.uk/government/publications/end-user-devices-security-guidance-apple-os-x-108 [5] https://www.gov.uk/government/publications/end-user-devices-security-guidance-blackberry-101-emm-corporate [6] https://www.gov.uk/government/publications/end-user-devices-security-guidance-blackberry-101-emm-regulated [7] https://www.gov.uk/government/publications/end-user-devices-security-guidance-google-chrome-os-26 [8] https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1204 [9] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-7-and-windows-8 [10] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-8-rt [11] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-phone-8 [12] http://www.bmi.bund.de/SharedDocs/Downloads/DE/Themen/OED_Verwaltung/Informationsgesellschaft/trusted_computing_eng.html