Tag Archives: Linux

Linux Security: No Room For Cockiness

Posted on by
6

Hello All. Today, I am very happy to share with you a post written by a guest blog writer, Shawn Powers. Shawn has been teaching IT for more than a decade. His specialties are Linux, Chef, and integrating multiple platforms for larger networks. Early in his career, he started a Cisco Academy for a local school district where he taught networking (CCNA & CompTIA A+) to high school students. He has a passion for teaching others, and his enthusiasm comes through in his courses. He is an associate editor for Linux Journal and instructor for CBT Nuggets.

Linux Security: No Room For Cockiness, By Shawn Powers

https://themmindset.files.wordpress.com/2011/04/windows_vs_linux.jpg

                  https://themmindset.files.wordpress.com/2011/04/windows_vs_linux.jpg

One of the biggest selling points for using Linux is its inherent security advantage. Some people claim it’s due to a better modular security structure in its design. Others claim it’s compromised less often because it’s not targeted as much. I think the truth lies somewhere in the middle. Wherever you think Linux has an edge, the worst thing a system administrator can do is depend on the percentages game and assume a Linux system is invulnerable.

A Linux server is not invulnerable.

Even if Linux itself is secure, the applications installed on top of the operating system might not be. One prime example is the Code Red worm that affected Apache web servers. It didn’t matter that Linux system was secure. After an application with elevated privilege got compromised, the system was done for.

What does this mean for the person in charge of Linux Security? Several things.

1) Keep your system updated.

We make fun of Windows users for the hundreds of security updates that need to be installed on a regular basis. Truth be told, Linux systems have just as many updates! Yes, some are feature changes, but on most systems there is a special “security” channel in the update mechanism that is crucial to keep up to date. Don’t wait for a security problem before installing those updates. Make them a part of your regular routine.

http://www.libertycolumns.com/images/os-updates-windows-mac-linux.jpg

                http://www.libertycolumns.com/images/os-updates-windows-mac-linux.jpg

2) Don’t install services you don’t intend to use.

When you’re setting up a server, whether it’s a virtual machine, bare metal, or a cloud instance, don’t install services unless you actually need to use them. If you’re not going to host web pages on your MySQL server, don’t install Apache on it! Not only are services more vectors for compromise; if you don’t use them, you’re less likely to notice if they fall behind in updates. An idle Apache server is just as vulnerable as an active one. Install what you need, but no more.

3) Firewalls are your friend.

There was a time somewhere between Windows XP and Windows Vista where the first thing I did on a desktop system was turn off the firewall. It seems like the built in firewalling system on Windows was so flaky, that it broke more than it solved. That’s not the case anymore with Windows, and it’s absolutely not the case with Linux. Whether you’re using a GUI tool, or the super simple “Uncomplicated FireWall” (UFW) in Ubuntu from the command line, use a firewall! And like with the applications you install, only open the ports you need, and no more.

Linux security is generally rock solid, and is fairly easy to maintain. One of the biggest problems Linux system administrators face is the tendency to neglect updates. So take security seriously, and Linux will be painless to keep safe. Leave it on its own, and hackers will happily check for vulnerabilities on your behalf!

-Author, Shawn Powers

(images and formatting added by Matthew Nappi)

 

Do you agree with Shawn’s viewpoint on Linux security? Is there anything else you would add to this list? Let us know in the comments below.

Thanks for reading and don’t forget to subscribe.