Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
For someone interested in learning about computer security on an in-depth level, where would you suggest they start? It seems like there are so many different aspects of computer security that trying to find a place to start is overwhelming and confusing. So what would you choose for a good "starting point" for someone who is just beginning to learn about security, and what sort of progression would you see fit?
There are two main issues concerning security (not just computer security either):
1. People controls
2. Hardware/software controls
A good security policy will address both of these aspects. People refers to things like, say, a con artist calling a company and pretending to be from the IT department and asking for passwords, when in fact he's a 15 year old hacker. If you're on a single-user machine, this probably isn't that much of a problem since you are directly answerable to...you. Check out Mitnick, K.; Wozniak, S.; Simon, W. "The Art of Deception: Controlling the Human Element of Security". Weiley: 2002
So, in terms of software security, you'll want to look at something generally called "system hardening", which usually encompasses network security, local security, access permissions (not just what chmod does but why some people should have access to some files and others not, which is much more important), etc.
O'Reilly has a bunch of great books out, I particularly like "Network Security" but that deals only with...network security. I would steer clear of anything that has "Idiots" or "Dummies" in the title, or anything made by Sybex (they're reference manuals are good but don't go into enough depth most of the time, IME).
I would add that a good knowledge of cryptography will be beneficial. I found that cryptography gets into many aspects of security. Look at books about the guides for the Security + Certification. The material is structured and will help you progress in a more steady manner. You can complement this with notes online material and, of course, with forums like this one.
Also, know your opponent. For most of us, the opponent is simply a "script kiddie," and the only reason why he knows that our computer exists is because he's on the Internet and so are we. He's simply a vandal, looking for more systems to spray-paint. Here's what we can do about him...
Always use a firewall router, between your cable-modem and anything and everything else. Even with default settings, this will "filter out" most unwanted traffic. It will distinguish between "inside" and "outside," which otherwise the Internet will not do.
Spring a few bucks (not many, actually...) and buy a router that is equipped with VPN = Virtual Private Networking. This is a surpringly-secure cryptography that will make it very difficult for anyone else to get into your system from the outside.
As any midieval king knew, use a moat. The above two pieces of hardware are your "moat," and the drawbridge only goes one way.
Make sure your system software is up-to-date and stays that way.
Make sure that you know what services, or daemons, are running on your system and why. Configure them to accept connections only from within your local network.
Make sure that you know what user-ids exist on your system, and why. Disable all unneeded ones for login.
Make sure that your passwords do not exist in a dictionary. Even a password like pass2944word, where '2944' is the third through sixth digits of your office phone-number, would be unguessable. Look around your desk right now: some object, in plain sight, will jog your memory in some suitably obscure way.
Never log on as root unless you are doing system maintenance that requires it. Set up a system-maintenance account for yourself, normally disabled for login, which you use exclusively for "non-rootly" system maintenance tasks. Make your normal, everyday user-id just an ordinary Jane or Joe, with no "special" privileges or access-rights at all. (n.b.: The same concept applies to Windows, where for some ridiculous reason, users tend to be Administrators by default! Every Windows user, except one, should be "limited users." Same idea, same reason!)
Be vigilant, be sensible, but don't be paranoid.
HTH!
Last edited by sundialsvcs; 08-03-2005 at 07:14 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
