Staying on Top of Linux System Security


Heartbleed, Shellshock, POODLE… With severe security vulnerabilities on the rise, how can Linux users protect their systems? Unattended package upgrades can help, but only if they are properly set up and monitored. Some of the challenges include:

  • many popular virtual private server (VPS) providers do not install or enable automatic security updates in their Linux images
  • "apt-get install unattended-upgrades" on Debian-based systems will install automatic security updates but does not actually *enable* them, potentially putting unsuspecting Linux users at risk
  • some security updates (e.g., kernel-level) require a server reboot to take effect, and yet users often don't realize this until the next time they log in, resulting in a system that is vulnerable in the interim

In addition to outlining strategies for proper configuration and management of unattended security updates, this talk will also cover how to maintain the security of Linux systems in Docker container environments, where the above strategies generally do not apply. In such environments, an entirely different approach and workflow is usually required.

Talk scheduled for: 11:45 a.m. on Friday, February, 20th, 2015

Wednesday, December 10, 2014 - 16:45