A report of this analysis has been published already

May 22, 2015 07:59 GMT  ·  By

The UK government releases every year a security guidance that details various problems and security problems that are identified in systems used by the authorities. They also revealed some issues with Ubuntu 14.04 LTS, although it's not something major.

Ubuntu is the most used Linux operating system, so it's not really a surprise that security assessments made by governments are a real thing. On the other hand, this is not the first time the UK government made this analysis of Ubuntu, and in fact, they have recommended it before as the most secure option on the market.

The analysis of the system is done by CESG, which is UK’s National Technical Authority on Information Assurance, and one of the roles of this organization is to provide advice to UK government entities and organizations providing services to UK government. Since Ubuntu can be found in parts of the administration, it needs to undergo a certain amount of scrutiny.

Ubuntu could be more secure

Even if Ubuntu is a Linux operating system, it doesn't mean that it's infallible. It has its problems like any other operating system, but they don't have anything to do with viruses or malware, the problems that can be usually encountered in a Windows OS. The issues covered by the CESG report cover much more specific topics.

The organization tests against many scenarios and publishes its findings and recommendation in a comprehensive report, which is freely distributed, and everyone can take a look at it. Here are just a couple of critical issues identified:

"Ubuntu does not use any dedicated hardware to protect its disk encryption keys. If an attacker can get physical access to the device, they can perform an offline brute-force attack to recover the encryption password."

"The VPN has not been independently assured to Foundation Grade. Without assurance in the VPN, there is a risk that data transiting from the device could be compromised," is noted in the report.

There are a lot more issues in the Ubuntu 14.04 LTS Security Guidance, but you will have to keep in mind that the scenarios are about usage in various enterprise configurations it's not aimed at regular users.