Follow

Hi guys! A friend of mine asked if it is feasible in 2021 to use laptops running Linux in ISO27001 (and 27002) certified companies.
In theory, it is possible, but in practice, I'm a bit lost; they need monitoring tools, device management, possibly centralized policy enforcing, but I'm curious about the best solution for Desktop, i.e. to make a remote wipe of a device, enforce policies that block USB ports, provision software, control access etc. etc
Looking for advice 😃

I'm trying to tackle one functionality at time!
So for provisioning, I was thinking about ssh + ansible.
But searching a bit I found foreman and fogproject! still searching!

In order to block USB port should be enough to blacklist usb-storage in modprobe 🤔

@cicciodev
ubuntu and red hat have tools in the enterprise versions for this type of advanced admin task.

@StinkyTofu I suspected that! never used a RedHat enterprise or Ubuntu enterprise though! 😅

@StinkyTofu I will surely suggest it to my friend! but right now, I'm on a quest to find instruments that a small-medium business can afford 😆

@cicciodev
Many orgs just take ISO27002 (the part with best practice recommendations) and try to implement it without adjusting it for their needs.

But ISO27001 is flexible enough to adapt it for certain situations as long as you can justify it.

So if your ITSec team would do a risk assesment (RA) of Linux on notebooks, it would come to the conclusion, that many measures, which were written with Windows in mind, are not necessary for Linux. With this RA running Linux would be compliant.

@Haydar wow, thank you, very useful! I'm pretty ignorant on the matter! a friend of mine asked, and not knowing much about windows, I was following his request step-by-step!

@Haydar I have to admit that ignoring the basis led me to re-discover Lynis and AppArmor 😃

@cicciodev
That maybe not in vain, some measures might still apply - depending on the outcome of the risk assessment.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.