Hello All. Today, I am very happy to share with you a post written by a guest blog writer, Shawn Powers. Shawn has been teaching IT for more than a decade. His specialties are Linux, Chef, and integrating multiple platforms for larger networks. Early in his career, he started a Cisco Academy for a local school district where he taught networking (CCNA & CompTIA A+) to high school students. He has a passion for teaching others, and his enthusiasm comes through in his courses. He is an associate editor for Linux Journal and instructor for CBT Nuggets.
Linux Security: No Room For Cockiness, By Shawn Powers
One of the biggest selling points for using Linux is its inherent security advantage. Some people claim it’s due to a better modular security structure in its design. Others claim it’s compromised less often because it’s not targeted as much. I think the truth lies somewhere in the middle. Wherever you think Linux has an edge, the worst thing a system administrator can do is depend on the percentages game and assume a Linux system is invulnerable.
A Linux server is not invulnerable.
Even if Linux itself is secure, the applications installed on top of the operating system might not be. One prime example is the Code Red worm that affected Apache web servers. It didn’t matter that Linux system was secure. After an application with elevated privilege got compromised, the system was done for.
What does this mean for the person in charge of Linux Security? Several things.
1) Keep your system updated.
We make fun of Windows users for the hundreds of security updates that need to be installed on a regular basis. Truth be told, Linux systems have just as many updates! Yes, some are feature changes, but on most systems there is a special “security” channel in the update mechanism that is crucial to keep up to date. Don’t wait for a security problem before installing those updates. Make them a part of your regular routine.
2) Don’t install services you don’t intend to use.
When you’re setting up a server, whether it’s a virtual machine, bare metal, or a cloud instance, don’t install services unless you actually need to use them. If you’re not going to host web pages on your MySQL server, don’t install Apache on it! Not only are services more vectors for compromise; if you don’t use them, you’re less likely to notice if they fall behind in updates. An idle Apache server is just as vulnerable as an active one. Install what you need, but no more.
3) Firewalls are your friend.
There was a time somewhere between Windows XP and Windows Vista where the first thing I did on a desktop system was turn off the firewall. It seems like the built in firewalling system on Windows was so flaky, that it broke more than it solved. That’s not the case anymore with Windows, and it’s absolutely not the case with Linux. Whether you’re using a GUI tool, or the super simple “Uncomplicated FireWall” (UFW) in Ubuntu from the command line, use a firewall! And like with the applications you install, only open the ports you need, and no more.
Linux security is generally rock solid, and is fairly easy to maintain. One of the biggest problems Linux system administrators face is the tendency to neglect updates. So take security seriously, and Linux will be painless to keep safe. Leave it on its own, and hackers will happily check for vulnerabilities on your behalf!
-Author, Shawn Powers
(images and formatting added by Matthew Nappi)
Do you agree with Shawn’s viewpoint on Linux security? Is there anything else you would add to this list? Let us know in the comments below.
Thanks for reading and don’t forget to subscribe.
I don’t know much about Linux, but reading these blogs has made me much more aware of the need to keep our operating systems secure. Well written, Shawn. Great images Matthew.
Item number 2 is especially critical. If you are new to Linux get familiar with the chkconfig command to see what services are running at each run level. Make sure anything you don’t want e.g. apache, sendmail, etc are off. Some “user friendly” distributions have been known (in the past) to default install with lots of stuff on. Or, more likely, a novice user will select packages, e.g. apache which will result in a configuration that starts these services. Turn’em off and stay safe.
And two more useful security tips:
1. Turn on the SELinux kernel module which provides additional access controls on files and directories that mitigates many security issues. See https://en.wikipedia.org/wiki/Security-Enhanced_Linux for a intro to what SELinux is if you are not familiar with it.
2. If you are running services that are available to the outside world, such as sshd which allows SSH connections, then use fail2ban to reduce the likelihood of brute force password cracking efforts. See http://www.fail2ban.org/ for an intro to this valuable security software.
Very clear article, I agree with you! Linux is popular with its security advantage not just because better modular security in its design or it not targeted as much but the reason lie between both of this claimed. But what I curious about is, why people rarely choose Linux as their OS???
WOW! this article it really great i like it
Hey, i found a great site with so many games
Just click this >>> DetikToto <<<
The art of crafting a katana sword is a meticulous and time-honored process that requires the expertise of skilled swordsmiths.