Security is a very complex topic. To begin with, security needs to be viewed in the context of an individual system managed with a specific security policy. Perfect security is only theoretically possible. A security policy can describe only what level of security is enough. There is no tool, practice, or silver bullet that can ensure that systems are safe and reliable. However, OSMS systems can be made sufficiently secure by keeping security patches up to date, hardening the configuration, using layered security and other best practices.
The security goals of open source and proprietary systems are not different. To achieve security, you must address the following issues:
- Management
Create a security policy that describes valuable computer assets that need protection. Create processes and an audit schedule to ensure the management of these assets. Ensure that security management is an ongoing activity.
- Education
Be aware of the evolving security landscape. Understand the best way to meet the requirements of the security policy. Continually educate users about security.
- Vulnerability
Be aware of security vulnerabilities in the systems you manage as soon as they are announced and immediately apply security patches.
- Configuration
Prepare your system to resist the inevitable attack and to limit the damage of a successful attack.
- New flaws
Time exposes new flaws. There is a constant conflict between those who try to protect systems and those who attack them.
Printable version
