Hi. Welcome to Ingram Micro.

Please choose your role, so we can direct you to what you’re looking for.

If you’d like to learn more about Ingram Micro global initiatives and operations, visit ingrammicro.com.

An Open-Source Security Expert Checklist

July 07, 2017

An Open-Source Security Expert Checklist

Being able to manage and secure open-source software is becoming a must-have skill set for IT professionals working in-house for businesses of all sizes, as well as for those at solution providers who want to step in to manage services or offer IT consulting. Open-source is becoming more popular throughout the business computing landscape, so it pays for solution providers to understand open-source and employ open-source experts.

So what does an open-source security expert need to know? Checking the following items off of your list will help you ensure that you yourself, or the IT professionals you’re working with on implementations or employing to manage services, are up to the task of securing an open-source office environment.   

Know the Ins and Outs of Open-Source Operating Systems

One of the most popular open-source operating systems, Ubuntu, is built out on a Linux platform and is developed by a dedicated user base. The free operating system (OS) has a user-friendly graphical interface that resembles the look and feel of a PC running Windows, and it tends to move more quickly than other OSes. While at one point, this OS was used only by the tech-savvy, there are use cases developing for having it in place on systems used in the front of the office—such as extending the life of older machines that are only needed for simple computing tasks.

But while Ubuntu may look simple from the user’s perspective, being able to maintain an installation of Ubuntu or another Linux-based open-source OS requires serious technological know-how. An IT professional should know how to troubleshoot in a Linux environment, how to apply patches and updates, and how to find and install drivers. While Ubuntu is often considered more secure by its adherents than proprietary systems because of the far smaller amount of malware created in order to target Linux-based OSes, an incorrectly managed installation of such an OS can leave huge security holes open.

Know How to Handle Popular Open-Source Software Packages

There are plenty of other popular open-source projects used in order to address computing needs in the business world. Some examples of open-source projects that a solution provider should be aware of are:  

  • Open-source tools that partition and manage cloud resources, like OpenStack
  • Open-source content management systems, like WordPress
  • Open-source software that fills the role of popular office software, like OpenOffice

The degree of technological sophistication it takes to adequately manage and secure these tools varies. Cloud management tools and content management systems, for instance, require a high level of tech know-how in order to handle correctly, as they are critical to a business’s data infrastructure and, if not secured correctly, could easily act as entry points to a network.

Other, simpler office tools like OpenOffice will probably only require hands-on management from IT staff when they are unable to fit the needs of a user. Because open-source software along these lines is created by communities of developers in order to mimic the features of popular proprietary software, the open-source versions are not guaranteed to have the latest features or to be flawlessly compatible with proprietary software. When managing services, being able to handle such cases and understanding how to advise on them or work around them can also be important.

Stay on Top of the User Communities

Open-source developers use online forums in order to discuss the product that they are working on throughout the software’s ongoing evolution. If you’re implementing and securing open-source solutions at the enterprise level, bug fixes and basic security patches aren’t going to be the automated processes that they are with proprietary software. Nor is there vendor-provided documentation on how the product works.

With open-source software, user communities are the basis of understanding how the software works, how to fix it when something goes wrong, and how to secure it effectively and recognize and patch vulnerabilities. Visiting developer forums and understanding what’s going on in them that’s pertinent to a given open-source product is necessary for making sure that the software is implemented and maintained correctly.

What open-source software have you seen being used lately in business environments?