Deadline looms for second UK Linux security challenge

Deadline looms for second UK Linux security challenge

Summary: The government- and Sophos-sponsored challenge is designed to drum up interest in learning Linux security skills, which are needed for protecting web infrastructure and, in turn, companies

SHARE:

Hackers are being invited to take part in a Linux security challenge next week that is sponsored by the UK government and Sophos.

The government has been running a Cyber Security Challenge (CSC) scheme since 2010, in an attempt to draw more young people into the computer security business.

The first Linux-focused challenge took place last year, and registrations for the next one, beginning on 27 August, close at noon on Wednesday.

The web is by far the main vector for those looking to attack companies. Most web infrastructure around the world is based on Linux, but most schools don't teach pupils how to use the operating system.

This makes Linux security skills quite valuable, and Sophos is pitching the contest as a good way to demonstrate such skills and impress potential employers.

"There have been some steps towards improving the ICT curriculum in schools but we can no longer stick our heads in the sand," Sophos technology strategy director James Lyne said in a statement on Monday.

"The web is the main tool used by cyber-criminals to target both business and consumers so we still need to do much, much more to teach vital skills like Linux programming in schools and universities and to nurture the young Linux generation," he added.

Topics: Security, Government UK, Linux

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • RE: Linux security skills

    Shouldn't server security education and training be OS-neutral? All server OSs require proper configuration, maintenance and monitoring. As do the web-facing applications running on the servers.

    Why not use Windows, Linux and FreeBSD in the lab?
    Rabid Howler Monkey
    • Security and Linux

      Mr. Rabid Monkey , Please watch whomever it is that gives you bananas ( or Kool aid ) The reason most of the web structure is built upon Linux is because , if you start with a solid foundation .... that is just the starting point for a quality structure. Your ATM usage is primarily Linux based , else we'd have no money in it ; regardless of your income level. I advise you to not equate all O.S. as equal . The quality differences are apparent once you become informed and knowledgable. Before I go ; would you be interested in buying this old ford pinto I have for sale ? It works as a portable lighter , too !
      William R Nicholson
      • Oh, joy

        From the article:
        "The government has been running a Cyber Security Challenge (CSC) scheme since 2010, in an attempt to draw more young people into the computer security business.

        There are many enterprises, not to mention SMB's, that are mixed shops, meaning that they run *BOTH* Windows and Linux servers. And you will walk into a job interview as a security professional and say something on the order of:

        "Windoze is teh suk"

        Guess what? The interview suddenly ended and you are walking the street looking for a security job. Better stick to a 100% Linux shop for your next job interview.
        Rabid Howler Monkey
  • And here's the problem with this so called 'challenge': Sophos

    Linux and other Unix systems have layers of security that are like a honeycomb of sandboxes. On Linux, programs and users can only execute software or access files within those sandboxes to which they have been given permission. This is true for Linux desktops and servers.

    Windows on the other hand is like a four-walled warehouse. If access can be gained through a gap in one of those walls, then the whole warehouse and its contents are exposed. This is true for Windows desktops and servers and this is why all viruses and malware are targeted at Windows.

    This difference between the operating systems is well known by those of us who use Linux but Windows are apparently completely oblivious.

    And here's the problem with this so called 'challenge': Sophos

    So what's wrong with Sophos?

    There are millions of Windows viruses and malware... millions. There are none for Linux...

    There are no Linux viruses because programs can't execute unless a user on that computer specifically sets permissions for the rogue software and even if that happened it would be limited to that users access rights.

    For decades, the solution to protecting your business and personal computers from viruses and malware has been: remove Windows and install Linux.

    For decades this has been true... decades.

    Sophos make money from selling Windows Anti-virus software.

    If Sophos wanted to protect people from being contaminated by Windows viruses and malware then they would have simply advised their customers to install the free software, Linux and save a fortune but instead they made sure that Windows threats were hyped so they could charge money for their Anti-virus software.

    I don't trust Sophos for this reason. Make no mistake they are in this for the money.

    I was dubious about this 'challenge' but signed up anyway. Guess what... I started to receive recruitment spam. I unsubscribed.
    tuxtester
    • Share The Pool Please !

      Tuxtester , While technically you are infallible in every point , I'd Like you to share your immense treasure trove of knowledge . There are people out there that could be very talented and if given a little encouragement might be of use to the general cause. That cause being the advancement of humans and artificial intelligence. We must encourage everybody and even if Sophos has the gaul to want to earn unwarranted " Profit " in your eyes ; we may have advancements if you just let some others use the pool !
      William R Nicholson
      • 'infallible' was not part of my vocabulary so I looked it up and now it is

        'infallible' was not part of my vocabulary so I looked it up; I typed: dict infallible

        and now it is part of my vocabulary.

        There's your pool of knowledge: the Internet along with the tools we use to push and pull information to and from it.

        With regards to sharing my knowledge of Linux and getting people up and running with the thing, I'll do that now but in a way that Artificial Intelligence probably wouldn't. I'll recommend a book:

        Linux Pocket Guide
        Author: Barrett
        Cost: A lot less than a tenna


        Download and burn to CD: Xubuntu (yes it will fit on a CD)
        http://xubuntu.org/

        Install it.


        With regards to programming Linux: Learn Java.

        I'll recommend another book for that:

        Java Pocket Guide
        Author: Liguori
        Cost: less than a tenna

        The skills learned from programming Java can be used on multiple Operating Systems and mobile devices.


        A lot more Linux information can obviously be gathered from the Internet (pool). I suggest starting here:

        The Linux Documentation Project :: How to, guides and FAQs.
        http://tldp.org/
        tuxtester
  • education and training be OS-neutral?

    Sadly school ICT curriculums tend to boil down to
    "We'll teach you to be a Microsoft Customer", and by the way before you start the course make sure you have a laptops running MS Windows, with MS Office, Ms Visual Studio etc...

    It's no wonder young people leave school oblivious to anything but MS, they're never told anything else exists.
    AndyPagin
    • If true, these curriculums are grossly outdated

      Linux servers and Java are very important technologies in many enterprises and SMBs. Most Linux distros are free to use and if one wants to learn Red Hat, simply use CentOS or Scientific Linux as a surrogate. Oracle's JavaSE, whether proprietary or open-source (OpenJDK), is free to use. Eclipse and Netbeans IDEs are free to use for Java and other supported languages (e.g., C, C++, PHP). Both IDEs are also cross-platform.

      Virtualization is also becoming increasingly important in the enterprise and SMBs. Oracle's VirtualBox, whether proprietary or open-source, remains free to use. Microsoft's Hyper-V will be available on Windows 8 Professional.

      For crying out loud, install VirtualBox on Windows if one doesn't have Windows 8 Pro. Then install a Linux distro as a guest OS followed by server app software, both open-source and proprietary, on the Linux guest OS. Express editions for Oracle and IBM DB2 are available for download and installation on Linux. They are both free. Oracle is significantly ahead of Microsoft SQL Server in the enterprise from a market share perspective and DB2 is not far behind Microsoft SQL Server. And most Oracle and DB2 installations run on something other than Windows.
      Rabid Howler Monkey