After the colleague leaves the company, the account is terminated. At some moment the processes started by the account stop working Linux Hardening and Security Lessons and a business process is disrupted. A critical view on any of the suggestions is not just a good idea, but required.
Before making changes to systems, special care should go into testing. This is even more important for changes made to systems that are in production. For those items that you don’t fully understand, follow up by doing more research first instead of just copy-pasting configuration snippets. Some of the authors even don’t have a full understanding of the tips they advocate.
Another issue is outdated information or simply incorrect advice. Implementing the listed security measures only makes your system more secure if done correctly. There are no ’10 things’ that are the best, as it depends strongly on each system and its purpose. When you come across other checklists with a number in the title, then most likely it’s not a real checklist. Like hardening and securing an operating system, a good checklist requires dedication and a lot of work.
These are misconceptions, as Linux also requires diligent security practices. SELinux (Security-Enhanced Linux) is a security module that provides a mechanism for supporting access control security policies. It helps to limit the resources a process can access, enhancing overall system security. In my Linux Attack and Defense webinar series, I demonstrate attacks on Linux systems, then show how proactive security hardening could block the attacks. The immense value of proactive hardening is that it can eliminate security vulnerabilities that you don’t even know are present. Screenshot of a Linux server security audit performed with Lynis.
Intrusion Detection Systems (IDS) monitor network or system activities for malicious activities or policy violations. Tools like Snort or Suricata can be used for network-based IDS, while AIDE or Samhain can be used for host-based intrusion detection. At a young age I discovered my love for technology and computers. It began with figuring out how technology worked by taking it apart.
After reducing the footprint of the system, the next step is to add relevant security measures. This category defines if a measure helps with prevention or focuses on detection. For example, an antivirus scanner typically will do detection. If it has on-access scanning and can save your system from an infection, it also helps with prevention.
Your course materials include a “Setup Instructions” document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions. I encourage you to download Breach2 and a Kali Linux virtual machine and then follow along with both the attack and defense in the webinar. Now that you know the counter-attack, would you skip the hardening steps? The bulk of the total population of attackers, including fully-automated worms, aren’t willing or able to use a botnet. At that point, the probability is much lower that the attacker coming after me is in the “willing and capable” group.
The internet contains a lot of resources of value, especially when it comes to technical subjects. At the same time, many blog posts and articles are not of high quality. Some of the authors even don’t have a full understanding of the tips they advocate. For that reason, we suggest working with authoritative sources of high quality. In the area of system operations or information security, the usage of any checklist requires a serious warning.