Ubuntu scores highest in UK Gov security assessment

Discussion in 'Technical' started by stg58, Jan 27, 2014.


  1. stg58

    stg58 Monkey+++ Site Supporter+ Founding Member

    ..................................

    UK government security arm CESG has published a report of its assessment on the security of all ‘End User Device’ operating systems.

    Its assessment compared 11 desktop and mobile operating systems across 12 categories including: VPN, disk encryption, and authentication. These criteria are roughly equivalent to a standard set of enterprise security best practices, and Ubuntu 12.04 LTS came out on top – the only operating system that passed nine requirements without any “Significant Risks”.

    This article summarises the report, addressing the specific remarks raised in the assessment, and examines why Ubuntu is such a secure OS for government and enterprise use. UK Gov Report Summary
    CESG, the security arm of the UK government that assesses operating systems and software, has published its findings for all ‘End User
    Device’ operating systems (OSs). Based at GCHQ, they included OSs for laptops and mobile devices in their assessment, and for uses
    designated at “OFFICIAL” level in accordance with UK Government Security Classification Policy. This is roughly equivalent to a standard
    set of best practice security features. Any enterprise would be interested in implementing these to make sure that information is not
    leaked from their organisation.
    The security assessment included the following categories:
    ● VPN
    ● Disk Encryption
    ● Authentication
    ● Secure Boot
    ● Platform Integrity and Application Sandboxing
    ● Application Whitelisting
    ● Malicious Code Detection and Prevention
    ● Security Policy Enforcement
    ● External Interface Protection
    ● Device Update Policy
    ● Event Collection for Enterprise Analysis
    ● Incident Response



    http://insights.ubuntu.com/wp-content/uploads/UK-Gov-Report-Summary.pdf
     
    melbo likes this.
  2. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Important to point out that this was not Ubuntu vs Other Desktop Linux OSs.

    This was Ubuntu against Android, Apple iOS, Windows 7, 8 and Windows phone, Samsung, Blackberry, and Chrome OS.
    I would agree that Ubuntu is more secure by an order of magnitude than any of those tested against but possible not as secure as other versions of DE Linux. Ubuntu does not utilize SELinux like other versions of Linux do.

    secure.JPG
     
    stg58 and DarkLight like this.
  3. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Thanks melbo, was just going to check on exactly what they compared and wanted to see how miserably Windows failed.
     
  4. melbo

    melbo Hunter Gatherer Administrator Founding Member

    The pdf linked in the OP is pretty good. Would love to see the requirements the UK gov put on the testing? It's a little scewed as Ubuntu isn't even in the same category as Blackberry or iOS. Maybe they are thinking Ubuntu's mobile platform (delayed again) Ubuntu Touch?
     
  5. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Again, was wondering the same thing if they are comparing mobile OS's. Ubuntu doesn't even have their final out yet...
     
  6. melbo

    melbo Hunter Gatherer Administrator Founding Member

  7. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    The first paragraph claims that they "included OSs for laptops and mobile devices in their assessment".

    Now, to be fair, "technically" OSX (10.8) is a laptop OS, Google Chrome OS 26 is what runs on the Chrome-book "type" machines and the chart does include Windows 7 and 8.

    Lastly, I would like to finis reading up on what their requirements are for "Device Update Policy". Windows 7 (and 8) in an Enterprise environment has some of the most robust update policy management infrastructure I have ever seen, even if you just go with WSUS and AD restrictions. Now, Windows 8 may not have the same "robustness" but frankly they shouldn't have grouped Windows 7 and Windows 8 together. Windows 8 was a complete rebuild from almost the ground up. They are COMPLETELY different operating systems.
     
  8. Hex

    Hex Amateur Survivalist

  9. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Oh, and here's the full story: End User Devices Security and Configuration Guidance - GOV.UK not just the "toot ubuntu's horn" part.

    It's interesting that they have separate guidance for Windows 7 and Windows 8, but they lumped them into the same column in the chart.

    I'm no Windows fanboy but damn it, if you are going to do something like this, don't be so freakin' biased.

    Ok, they aren't even consistent in their documentation. For Windows 7, they don't call out bitlocker as being not independently assured (but they call out Windows 8 for that very problem)...however, in the very next section (Windows 7) they say bitlocker has NOT been independently assured to be Foundation Grade but they are OK with the level it provides. In the Windows 8 guidance doc they explicitly call it out as having been NOT assured and that third party products exist, but then under the Significant risks say "Use bitlocker". WTF?
     
    Last edited by a moderator: Jan 27, 2014
  10. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Right and bitlocker vs LUKS/dm-crypt isn't even in the same ballpark when it comes to full disk encryption. Proprietary encryption is not to be trusted.
     
    BTPost likes this.
  11. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Agreed on the bitlocker v. LUKS.

    I guess my point is they aren't being consistent, from what I read, about anything they used as a litmus test, which is why it is ALWAYS best to research it yourself rather than just accept the "executive summary".

    I would be interested to see the comparison between Ubuntu and say a half-dozen other desktop Linux distros.
     
  12. melbo

    melbo Hunter Gatherer Administrator Founding Member

survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7