Is it more secure to leave a system disconnected or upgraded?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it more secure to leave a system disconnected or upgraded?
I have a computer with Debian installed setup very minimally to run a few tools and manage a database. The only time it needs to connect to the internet is for security updates.
Is it more secure to leave a computer disconnected, but never updated? Or are there sometimes security updates are useful even to a system that is not connected to the internet?
Any system that anyone accesses in any way may benefit from security updates as not all vulnerabilities "come from the internet". There are many security vulnerabilities that have "local" attack vectors.
You have to take a look at what the updates are and then decide if there are any mitigating factors. For an incredibly simplistic example, a security update for a specific apache vulnerability may be mitigated by the fact that you aren't running apache on that server.
Some bugs which may corrupt valuable data may be thought as a security issue. And updating helps to fix such bugs. Again checking a update if it's actually needed is a basic protocol.
Updated. There are plenty of local privilege escalation exploits that get fixed. As these can be exploited locally, staying updated is the best way to keep the system secure.
You are also assuming that a disconnected system is more secure than a connected system. Recent malware suggests otherwise. Although the malware is rare and highly targeted, it is a proof of concept that air-gapped machines are not safe from malware.
Indeed updated for the reasons stated above. Even if you run the machine attached to a LAN that may still be considered a hostile environment (unless the only user is you and you trust yourself, heh). To filter out security updates (here: example CVE-2015-0239) it's always good to check your distros take on things (or Mitre.org or the NVD), the latter also provides CVSS metrics to help you determine if you must upgrade immediately (or not). *Also note these days systems aren't really static anymore: requirements, location and even the state of networks change more easily, so leaving out updates may bite you when you try to modify, move or migrate it.
Ok, there is one, single exception: if you never want/will connect it to any network, never plug in usb (or other) devices, never mounts any kind of removable media (like cd, dvd), never installs anything, just use as a standalone machine - or never switches it on.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.