Linux Operating System: Enter our open source favorite, Linux, which is not a completely foolproof operating system but one with a reputation for being a much more secure player in the OS category than Windows or Apple. As we saw with firewalls, the equipment—or in this case the operating system—is only a secure as the administrator configuration it. With Linux, this is particularly true because the OS does expect users to know what they are doing.
NOTE: For someone entering the penetration testing filed, one distribution of Linux is very popular and that is Kali Linux. Kali is a distribution of Linux that includes a number of tools preloaded into the system that allow wide range of attacks and tests to be performed.
The OS has done a good job of separating administrative tasks from user accounts.
Linux Users aren’t usually running under the administrative account as superuser or root. This substantially reduces system risk by segregating these functions.
Open source is a double-edged sword. The open source community works hard to ferret out even the smallest issue in different iterations of Linux, but open source also means its open. Anybody and everybody are privy to the source code. As an open source product, the responsibility of ensuring the security and hardening of the OS rests more or less on the shoulders of the administrator installing and maintaining it. Given the right skillset, a Linux administrator has an ample amount of granularity in terms of locking a system down; it is just a matter of doing it, and doing it properly.