SlideShare a Scribd company logo

UK Gov Report Summary

- Mark - Fullbright
- Mark - Fullbright

Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.

EducationTechnology
1 of 7
Download to read offline
UK Gov Security Assessment puts Ubuntu in First Place CESG, the security arm of the UK government that assesses operating systems and software, has published its findings for all ‘End User Device’ operating systems (OSs). Based at GCHQ, they included OSs for laptops and mobile devices in their assessment, and for uses designated at “OFFICIAL” level in accordance with UK Government Security Classification Policy. This is roughly equivalent to a standard set of best practice security features. Any enterprise would be interested in implementing these to make sure that information is not leaked from their organisation. The security assessment included the following categories: ● ● ● ● ● ● ● ● ● ● ● ● VPN Disk Encryption Authentication Secure Boot Platform Integrity and Application Sandboxing Application Whitelisting Malicious Code Detection and Prevention Security Policy Enforcement External Interface Protection Device Update Policy Event Collection for Enterprise Analysis Incident Response No currently available operating system can meet all of these requirements. Ubuntu however, scores the highest in a direct comparison. A summary of the assessment is shown below:
Sections that were considered as having a “Significant Risk” are marked below as a red box; sections that have some notes about risks to be aware of are marked in orange; sections that passed the assessment are marked in green. Android 4.2 [1] VPN Disk Encrypti on Authenti cation Secure Boot Platfor m Integrity & Applicati on Sandbox Samsung Devices with Android 4.2[2] Apple iOS 6[3] Apple OSX 10.8 [4] Blackber ry 10.1 (EMM Corporat e) [5] Blackber ry 10.1 (EMM Regulate d) [6] Google Chrome OS 26 [7] Ubuntu 12.04 [8] Window s 7 and 8 [9] Window s 8 RT [10] Window s Phone 8 [11]
ing Applicati on Whitelis ting Maliciou s Code Detectio n and Preventi on Security Policy Enforce ment External Interfac e Protecti on Device Update Policy Event Collectio n for Enterpri
-se Analysis Incident Respons e GREEN 5 9 7 8 5 9 8 9 8 7 7 ORANGE 6 2 4 4 6 2 3 3 4 4 3 RED 1 1 1 0 1 1 1 0 0 1 2 As you can see from the table the only OS that passes as many as 9 requirements without any “Significant Risks” as independently assessed by CESG is Ubuntu 12.04 LTS. So, what about the 3 sections that have comments: VPN, Disk Encryption and Secure Boot? VPN The comments made by CESG were that “The built-in VPN has not been independently assured to Foundation Grade.” This means that the software does meet all the technical requirements of security to pass the assessment, but that the software itself has not been independently assessed to make sure that it hasn’t been tampered with during the development process. You can also see from the comments made on each detailed assessment that nobody meets this requirement fully at this time. The best you can hope for is technical compliance with independent assessment pending, which is the case for Ubuntu 12.04 or independent assessment complete but missing technical features, like Windows 8, for example. The independent assessment work for Ubuntu is being carried out by a partner and we expect CESG to provide additional guidance for meeting this requirement fully, in due course. We expect that this will be also available in time for the upcoming release of Ubuntu
14.04 LTS and if so we expect to fully meet this requirement in this release. Disk Encryption Disk encryption is a similar case to the VPN assessment. For Ubuntu 12.04, CESG states: “LUKS and dm-crypt have not been independently assured to Foundation Grade.” LUKS and dm-crypt are used on Ubuntu to encrypt the data on the hard disk and to decrypt the data when starting up, by requesting a password from the user. Without the password, the computer cannot start the operating system or access any of the data. The technical requirements are all met, but the software has not been through an independent assessment to prove that it has not been tampered with in development. So, the independent assessment still needs to be done for LUKS and dm-crypt on Ubuntu to pass this requirement. However, every other operating system on the list has also yet to pass an independent assessment, but Ubuntu meets all the technical requirements already and we just need a sponsor to put the software through the assessment process. Secure Boot Secure boot is a Microsoft technology invented in co-operation with OEMs to ensure that software cannot be tampered with after the hardware has been shipped from the factory. It has provoked much debate in security circles, as the ability to install any software which you can control is desirable from a security perspective. The German government recently criticised secure boot [12] as preventing installation of specialised secure operating systems after sale of hardware. Ubuntu’s response, from Ubuntu 12.10 onwards is to adopt Grub2 as the default bootloader, with support for Secure Boot, but with an ability to turn off secure boot to modify the OS, if required. This is explained in John Melamut’s blog post here [13]. We believe this
gives users and enterprises the best compromise between security and ability to customise after sale. Summary All in all Ubuntu 12.04 LTS stacks up as the most secure of the current desktop and mobile operating systems. Supported by Canonical with free security updates for 5 years, and without malware problems, it’s hard to beat in official public sector applications. We are working hard to close the gap and make Ubuntu clearly stand out as the most trustworthy operating system for the future and we hope to make excellent progress before our next LTS release in April 2014, 14.04 LTS, which will be even better. Darryl Weaver Sales Engineer, EMEA, Canonical Further Reading The original CESG guidance is available to read here: https://www.gov.uk/government/collections/end-user-devices-security-guidance--2 References [1] https://www.gov.uk/government/publications/end-user-devices-security-guidance-android-42 [2] https://www.gov.uk/government/publications/end-user-devices-security-guidance-samsung-devices-with-android-42 [3] https://www.gov.uk/government/publications/end-user-devices-security-guidance-apple-ios-6 [4] https://www.gov.uk/government/publications/end-user-devices-security-guidance-apple-os-x-108 [5] https://www.gov.uk/government/publications/end-user-devices-security-guidance-blackberry-101-emm-corporate [6] https://www.gov.uk/government/publications/end-user-devices-security-guidance-blackberry-101-emm-regulated [7] https://www.gov.uk/government/publications/end-user-devices-security-guidance-google-chrome-os-26 [8] https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1204 [9] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-7-and-windows-8 [10] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-8-rt [11] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-phone-8 [12] http://www.bmi.bund.de/SharedDocs/Downloads/DE/Themen/OED_Verwaltung/Informationsgesellschaft/trusted_computing_eng.html
[13] http://blog.canonical.com/2012/09/20/quetzal-is-taking-flight-update-on-ubuntu-secure-boot-plans/

Recommended

Windows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password resetWindows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password reset
Passreset
 
Samsung beyond basic android online 0
Samsung beyond basic android online 0Samsung beyond basic android online 0
Samsung beyond basic android online 0
Javier Gonzalez
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security Enhancements
Presentologics
 
Security Lock Down Your Computer Like the National Security Agency (NSA)
Security Lock Down Your Computer Like the National Security Agency (NSA)Security Lock Down Your Computer Like the National Security Agency (NSA)
Security Lock Down Your Computer Like the National Security Agency (NSA)
José Ferreiro
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
losalamos
 
Overview of asp .net
Overview of asp .netOverview of asp .net
Overview of asp .net
Sajan Sahu
 
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
North Star. Inc.
 
An overview of the samsung knox platform v1 14
An overview of the samsung knox platform v1 14An overview of the samsung knox platform v1 14
An overview of the samsung knox platform v1 14
Javier Gonzalez
 

Recommended

Windows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password resetWindows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password reset
Passreset
 
Samsung beyond basic android online 0
Samsung beyond basic android online 0Samsung beyond basic android online 0
Samsung beyond basic android online 0
Javier Gonzalez
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security Enhancements
Presentologics
 
Security Lock Down Your Computer Like the National Security Agency (NSA)
Security Lock Down Your Computer Like the National Security Agency (NSA)Security Lock Down Your Computer Like the National Security Agency (NSA)
Security Lock Down Your Computer Like the National Security Agency (NSA)
José Ferreiro
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
losalamos
 
Overview of asp .net
Overview of asp .netOverview of asp .net
Overview of asp .net
Sajan Sahu
 
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
Discover the 5 New Windows 8 Security Features You Should Know - by Denver IT...
North Star. Inc.
 
An overview of the samsung knox platform v1 14
An overview of the samsung knox platform v1 14An overview of the samsung knox platform v1 14
An overview of the samsung knox platform v1 14
Javier Gonzalez
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOURPR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
Kurtis Armour
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
Ivanti
 
Android Security
Android SecurityAndroid Security
Android Security
Lars Jacobs
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 
checkpoint
checkpointcheckpoint
checkpoint
Mayank Dhingra
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck by Synopsys
 
Top 10 antiviruses
Top 10 antivirusesTop 10 antiviruses
Top 10 antiviruses
university of education,Lahore
 
Android security
Android securityAndroid security
Android security
Midhun P Gopi
 
Alimentate sanamente
Alimentate sanamenteAlimentate sanamente
Alimentate sanamente
Paulina Bustillos Arrieta
 
Power Point activitat centrada en docent.tmateo
Power Point activitat centrada en docent.tmateoPower Point activitat centrada en docent.tmateo
Power Point activitat centrada en docent.tmateo
Thaïs Díez
 
"Outsourcing Best Practices" Conference. Speaker Diploma
"Outsourcing Best Practices" Conference. Speaker Diploma "Outsourcing Best Practices" Conference. Speaker Diploma
"Outsourcing Best Practices" Conference. Speaker Diploma
Сергей Булавский
 
EXPOSICION 4
EXPOSICION 4EXPOSICION 4
EXPOSICION 4
lolvezaldivar
 
Il csm, finalmente, si incazza sul serio
Il csm, finalmente, si incazza sul serioIl csm, finalmente, si incazza sul serio
Il csm, finalmente, si incazza sul serio
Carlo Favaretti
 
PRASHANTH_M77[1]
PRASHANTH_M77[1]PRASHANTH_M77[1]
PRASHANTH_M77[1]
Prashanth Mani
 
Fit 2015 flyer.pdf
Fit 2015 flyer.pdfFit 2015 flyer.pdf
Fit 2015 flyer.pdf
Randibeth Gallant
 
Acotax Trademark Certificate
Acotax Trademark CertificateAcotax Trademark Certificate
Acotax Trademark Certificate
Сергей Булавский
 
Hojita evangelio domingo la sagrada familia c serie
Hojita evangelio domingo la sagrada familia c serieHojita evangelio domingo la sagrada familia c serie
Hojita evangelio domingo la sagrada familia c serie
Nelson Gómez
 
Typo3 Neos - Introduction - WebMardi - Lausanne
Typo3 Neos - Introduction - WebMardi - LausanneTypo3 Neos - Introduction - WebMardi - Lausanne
Typo3 Neos - Introduction - WebMardi - Lausanne
dfeyer
 
Portfolio E. Keenan
Portfolio E. KeenanPortfolio E. Keenan
Portfolio E. Keenan
Erica Keenan
 
Domingo iv to ciclo b bn
Domingo iv to ciclo b bnDomingo iv to ciclo b bn
Domingo iv to ciclo b bn
Nelson Gómez
 
cv new chris palmer elec july2015
cv new chris palmer elec july2015cv new chris palmer elec july2015
cv new chris palmer elec july2015
Chris Palmer
 

More Related Content

What's hot

Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOURPR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
Kurtis Armour
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
Ivanti
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 

What's hot (9)

Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOURPR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
PR21-Preventing-File-Based-Botnet-Growth-and-Persistence-ARMOUR
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
 
Android Security
Android SecurityAndroid Security
Android Security
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
 
checkpoint
checkpointcheckpoint
checkpoint
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
 
Top 10 antiviruses
Top 10 antivirusesTop 10 antiviruses
Top 10 antiviruses
 
Android security
Android securityAndroid security
Android security
 

Viewers also liked

Domingo iv to ciclo b bn
Domingo iv to ciclo b bnDomingo iv to ciclo b bn
Domingo iv to ciclo b bn
Nelson Gómez
 
cv new chris palmer elec july2015
cv new chris palmer elec july2015cv new chris palmer elec july2015
cv new chris palmer elec july2015
Chris Palmer
 
Lysistrata Poster 2015
Lysistrata Poster 2015Lysistrata Poster 2015
Lysistrata Poster 2015
Alyssa Steen
 
Moving bed biofilm reactor for denitrification corey
Moving bed biofilm reactor for denitrification coreyMoving bed biofilm reactor for denitrification corey
Moving bed biofilm reactor for denitrification corey
mayurshinde1987
 

Viewers also liked (17)

Alimentate sanamente
Alimentate sanamenteAlimentate sanamente
Alimentate sanamente
 
Power Point activitat centrada en docent.tmateo
Power Point activitat centrada en docent.tmateoPower Point activitat centrada en docent.tmateo
Power Point activitat centrada en docent.tmateo
 
"Outsourcing Best Practices" Conference. Speaker Diploma
"Outsourcing Best Practices" Conference. Speaker Diploma "Outsourcing Best Practices" Conference. Speaker Diploma
"Outsourcing Best Practices" Conference. Speaker Diploma
 
EXPOSICION 4
EXPOSICION 4EXPOSICION 4
EXPOSICION 4
 
Il csm, finalmente, si incazza sul serio
Il csm, finalmente, si incazza sul serioIl csm, finalmente, si incazza sul serio
Il csm, finalmente, si incazza sul serio
 
PRASHANTH_M77[1]
PRASHANTH_M77[1]PRASHANTH_M77[1]
PRASHANTH_M77[1]
 
Fit 2015 flyer.pdf
Fit 2015 flyer.pdfFit 2015 flyer.pdf
Fit 2015 flyer.pdf
 
Acotax Trademark Certificate
Acotax Trademark CertificateAcotax Trademark Certificate
Acotax Trademark Certificate
 
Hojita evangelio domingo la sagrada familia c serie
Hojita evangelio domingo la sagrada familia c serieHojita evangelio domingo la sagrada familia c serie
Hojita evangelio domingo la sagrada familia c serie
 
Typo3 Neos - Introduction - WebMardi - Lausanne
Typo3 Neos - Introduction - WebMardi - LausanneTypo3 Neos - Introduction - WebMardi - Lausanne
Typo3 Neos - Introduction - WebMardi - Lausanne
 
Portfolio E. Keenan
Portfolio E. KeenanPortfolio E. Keenan
Portfolio E. Keenan
 
Domingo iv to ciclo b bn
Domingo iv to ciclo b bnDomingo iv to ciclo b bn
Domingo iv to ciclo b bn
 
cv new chris palmer elec july2015
cv new chris palmer elec july2015cv new chris palmer elec july2015
cv new chris palmer elec july2015
 
Lysistrata Poster 2015
Lysistrata Poster 2015Lysistrata Poster 2015
Lysistrata Poster 2015
 
PMMC Certificate - Sergey Bulavsky
PMMC Certificate - Sergey BulavskyPMMC Certificate - Sergey Bulavsky
PMMC Certificate - Sergey Bulavsky
 
Ley de Contrataciones Públicas
Ley de Contrataciones PúblicasLey de Contrataciones Públicas
Ley de Contrataciones Públicas
 
Moving bed biofilm reactor for denitrification corey
Moving bed biofilm reactor for denitrification coreyMoving bed biofilm reactor for denitrification corey
Moving bed biofilm reactor for denitrification corey
 

Similar to UK Gov Report Summary

How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
BlackBerry
 
Tres formas de modernizar la TI del dispositivo y mejorar la productividad
Tres formas de modernizar la TI del dispositivo y mejorar la productividadTres formas de modernizar la TI del dispositivo y mejorar la productividad
Tres formas de modernizar la TI del dispositivo y mejorar la productividad
Cade Soluciones
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacob
Beji Jacob
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
tafinley
 
Discussing Windows® XP End of Support with Management: 5 Key Factors
Discussing Windows® XP End of Support with Management: 5 Key FactorsDiscussing Windows® XP End of Support with Management: 5 Key Factors
Discussing Windows® XP End of Support with Management: 5 Key Factors
Lenovo Business
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy Enterprise
DMIMarketing
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
bora.gungoren
 
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
LibreCon
 
Auditing the Workstation Domain for Compliance.docx
Auditing the Workstation Domain for Compliance.docxAuditing the Workstation Domain for Compliance.docx
Auditing the Workstation Domain for Compliance.docx
write12
 

Similar to UK Gov Report Summary (20)

How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
 
Android Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXAndroid Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOX
 
CodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallowsCodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallows
 
Tres formas de modernizar la TI del dispositivo y mejorar la productividad
Tres formas de modernizar la TI del dispositivo y mejorar la productividadTres formas de modernizar la TI del dispositivo y mejorar la productividad
Tres formas de modernizar la TI del dispositivo y mejorar la productividad
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacob
 
ENHANCED SOFTWARE DESIGN FOR BOOSTED CONTINUOUS SOFTWARE DELIVERY
ENHANCED SOFTWARE DESIGN FOR BOOSTED CONTINUOUS SOFTWARE DELIVERYENHANCED SOFTWARE DESIGN FOR BOOSTED CONTINUOUS SOFTWARE DELIVERY
ENHANCED SOFTWARE DESIGN FOR BOOSTED CONTINUOUS SOFTWARE DELIVERY
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
 
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEs
 
Discussing Windows® XP End of Support with Management: 5 Key Factors
Discussing Windows® XP End of Support with Management: 5 Key FactorsDiscussing Windows® XP End of Support with Management: 5 Key Factors
Discussing Windows® XP End of Support with Management: 5 Key Factors
 
Avc prot 2012b_en
Avc prot 2012b_enAvc prot 2012b_en
Avc prot 2012b_en
 
What Linux is what you should also have on your computer.
What Linux is what you should also have on your computer.What Linux is what you should also have on your computer.
What Linux is what you should also have on your computer.
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdf
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy Enterprise
 
Avc prot 2013a_en
Avc prot 2013a_enAvc prot 2013a_en
Avc prot 2013a_en
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
Arch overview
Arch overviewArch overview
Arch overview
 
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...Implementing a Security strategy in IoT, Practical example Automotive Grade L...
Implementing a Security strategy in IoT, Practical example Automotive Grade L...
 
Auditing the Workstation Domain for Compliance.docx
Auditing the Workstation Domain for Compliance.docxAuditing the Workstation Domain for Compliance.docx
Auditing the Workstation Domain for Compliance.docx
 

More from - Mark - Fullbright

CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019
- Mark - Fullbright
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report
- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018
- Mark - Fullbright
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
- Mark - Fullbright
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017
- Mark - Fullbright
 

More from - Mark - Fullbright (20)

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
Police, Protesters, Press, 2020
Police, Protesters, Press, 2020Police, Protesters, Press, 2020
Police, Protesters, Press, 2020
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
FCPA Guidance 2020
FCPA Guidance 2020FCPA Guidance 2020
FCPA Guidance 2020
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
 
2018 IC3 Report
2018 IC3 Report2018 IC3 Report
2018 IC3 Report
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018
 
Credit Score Explainer
Credit Score ExplainerCredit Score Explainer
Credit Score Explainer
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015
 

Recently uploaded

Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
expandedwebsite
 
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sean M. Fox
 
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
saipooja36
 

Recently uploaded (20)

ANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptx
 
Championnat de France de Tennis de table/
Championnat de France de Tennis de table/Championnat de France de Tennis de table/
Championnat de France de Tennis de table/
 
IPL Online Quiz by Pragya; Question Set.
IPL Online Quiz by Pragya; Question Set.IPL Online Quiz by Pragya; Question Set.
IPL Online Quiz by Pragya; Question Set.
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDF
 
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
 
How to Analyse Profit of a Sales Order in Odoo 17
How to Analyse Profit of a Sales Order in Odoo 17How to Analyse Profit of a Sales Order in Odoo 17
How to Analyse Profit of a Sales Order in Odoo 17
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
 
The Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptxThe Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptx
 
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUMDEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
 
An overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismAn overview of the various scriptures in Hinduism
An overview of the various scriptures in Hinduism
 
Dementia (Alzheimer & vasular dementia).
Dementia (Alzheimer & vasular dementia).Dementia (Alzheimer & vasular dementia).
Dementia (Alzheimer & vasular dementia).
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
 
How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio App
 
PSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptxPSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptx
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
 
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
 

UK Gov Report Summary

  • 1. UK Gov Security Assessment puts Ubuntu in First Place CESG, the security arm of the UK government that assesses operating systems and software, has published its findings for all ‘End User Device’ operating systems (OSs). Based at GCHQ, they included OSs for laptops and mobile devices in their assessment, and for uses designated at “OFFICIAL” level in accordance with UK Government Security Classification Policy. This is roughly equivalent to a standard set of best practice security features. Any enterprise would be interested in implementing these to make sure that information is not leaked from their organisation. The security assessment included the following categories: ● ● ● ● ● ● ● ● ● ● ● ● VPN Disk Encryption Authentication Secure Boot Platform Integrity and Application Sandboxing Application Whitelisting Malicious Code Detection and Prevention Security Policy Enforcement External Interface Protection Device Update Policy Event Collection for Enterprise Analysis Incident Response No currently available operating system can meet all of these requirements. Ubuntu however, scores the highest in a direct comparison. A summary of the assessment is shown below:
  • 2. Sections that were considered as having a “Significant Risk” are marked below as a red box; sections that have some notes about risks to be aware of are marked in orange; sections that passed the assessment are marked in green. Android 4.2 [1] VPN Disk Encrypti on Authenti cation Secure Boot Platfor m Integrity & Applicati on Sandbox Samsung Devices with Android 4.2[2] Apple iOS 6[3] Apple OSX 10.8 [4] Blackber ry 10.1 (EMM Corporat e) [5] Blackber ry 10.1 (EMM Regulate d) [6] Google Chrome OS 26 [7] Ubuntu 12.04 [8] Window s 7 and 8 [9] Window s 8 RT [10] Window s Phone 8 [11]
  • 4. -se Analysis Incident Respons e GREEN 5 9 7 8 5 9 8 9 8 7 7 ORANGE 6 2 4 4 6 2 3 3 4 4 3 RED 1 1 1 0 1 1 1 0 0 1 2 As you can see from the table the only OS that passes as many as 9 requirements without any “Significant Risks” as independently assessed by CESG is Ubuntu 12.04 LTS. So, what about the 3 sections that have comments: VPN, Disk Encryption and Secure Boot? VPN The comments made by CESG were that “The built-in VPN has not been independently assured to Foundation Grade.” This means that the software does meet all the technical requirements of security to pass the assessment, but that the software itself has not been independently assessed to make sure that it hasn’t been tampered with during the development process. You can also see from the comments made on each detailed assessment that nobody meets this requirement fully at this time. The best you can hope for is technical compliance with independent assessment pending, which is the case for Ubuntu 12.04 or independent assessment complete but missing technical features, like Windows 8, for example. The independent assessment work for Ubuntu is being carried out by a partner and we expect CESG to provide additional guidance for meeting this requirement fully, in due course. We expect that this will be also available in time for the upcoming release of Ubuntu
  • 5. 14.04 LTS and if so we expect to fully meet this requirement in this release. Disk Encryption Disk encryption is a similar case to the VPN assessment. For Ubuntu 12.04, CESG states: “LUKS and dm-crypt have not been independently assured to Foundation Grade.” LUKS and dm-crypt are used on Ubuntu to encrypt the data on the hard disk and to decrypt the data when starting up, by requesting a password from the user. Without the password, the computer cannot start the operating system or access any of the data. The technical requirements are all met, but the software has not been through an independent assessment to prove that it has not been tampered with in development. So, the independent assessment still needs to be done for LUKS and dm-crypt on Ubuntu to pass this requirement. However, every other operating system on the list has also yet to pass an independent assessment, but Ubuntu meets all the technical requirements already and we just need a sponsor to put the software through the assessment process. Secure Boot Secure boot is a Microsoft technology invented in co-operation with OEMs to ensure that software cannot be tampered with after the hardware has been shipped from the factory. It has provoked much debate in security circles, as the ability to install any software which you can control is desirable from a security perspective. The German government recently criticised secure boot [12] as preventing installation of specialised secure operating systems after sale of hardware. Ubuntu’s response, from Ubuntu 12.10 onwards is to adopt Grub2 as the default bootloader, with support for Secure Boot, but with an ability to turn off secure boot to modify the OS, if required. This is explained in John Melamut’s blog post here [13]. We believe this
  • 6. gives users and enterprises the best compromise between security and ability to customise after sale. Summary All in all Ubuntu 12.04 LTS stacks up as the most secure of the current desktop and mobile operating systems. Supported by Canonical with free security updates for 5 years, and without malware problems, it’s hard to beat in official public sector applications. We are working hard to close the gap and make Ubuntu clearly stand out as the most trustworthy operating system for the future and we hope to make excellent progress before our next LTS release in April 2014, 14.04 LTS, which will be even better. Darryl Weaver Sales Engineer, EMEA, Canonical Further Reading The original CESG guidance is available to read here: https://www.gov.uk/government/collections/end-user-devices-security-guidance--2 References [1] https://www.gov.uk/government/publications/end-user-devices-security-guidance-android-42 [2] https://www.gov.uk/government/publications/end-user-devices-security-guidance-samsung-devices-with-android-42 [3] https://www.gov.uk/government/publications/end-user-devices-security-guidance-apple-ios-6 [4] https://www.gov.uk/government/publications/end-user-devices-security-guidance-apple-os-x-108 [5] https://www.gov.uk/government/publications/end-user-devices-security-guidance-blackberry-101-emm-corporate [6] https://www.gov.uk/government/publications/end-user-devices-security-guidance-blackberry-101-emm-regulated [7] https://www.gov.uk/government/publications/end-user-devices-security-guidance-google-chrome-os-26 [8] https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1204 [9] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-7-and-windows-8 [10] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-8-rt [11] https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-phone-8 [12] http://www.bmi.bund.de/SharedDocs/Downloads/DE/Themen/OED_Verwaltung/Informationsgesellschaft/trusted_computing_eng.html