Security is in the Cracks

Thursday, January 26, 2012

Danny Lieberman

959779642e6e758563e80b5d83150a9f

Recently I spent most of the day re-installing one of the  workstation in the office with Ubuntu 11.10. I like what I saw, but the Unity interface is not my cup of tea so I installed Gnome – what they call Classic Ubuntu.

In principle I shut down as many operating services as I can – especially those that call out and/or listen on the Internet but this is supposed to be a development machine with access to our private git repository and sending out email via a Postfix relay.

On our own small scale of a lab with 6-7 machines for testing network and software security of customer applications, I got to thinking that most system vulnerabilities live in the cracks of system integration of components and packaged software while most of the industry’s efforts in software security are directed towards new software implementations.

If you are preparing to implement a packaged application for financial management, CRM, data mining or ERP, something in the back of your mind probably says that the vendor’s development organization is probably not a lot different than yours (although you hope they’ve thought through the security issues first)...

Here are a 2 ideas to help find the crud in the cracks:

  • You need to identify fault-prone modules in your particular operation and evaluate those modules with the most impact on system reliability and downtime.

Cross-posted from Israeli Software

Possibly Related Articles:
11705
Network->General
Information Security
Software Application Security Vulnerabilities Operating Systems Data Mining Ubuntu Network Security Security Integration Enterprise Resource Planning vendors Danny Lieberman
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked