Scribd
Upload
120 views12 pages

Basic Linux Security

The document discusses basic Linux system security. It covers topics such as physical security, using the principle of least privilege, limiting use of the root account, using strong passwords, closing unneeded ports, encrypting network connections, installing package updates, using intrusion detection systems, advanced security techniques, and resources for further information.

Uploaded by

Vijay Kumar Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
120 views12 pages

Basic Linux Security

The document discusses basic Linux system security. It covers topics such as physical security, using the principle of least privilege, limiting use of the root account, using strong passwords, closing unneeded ports, encrypting network connections, installing package updates, using intrusion detection systems, advanced security techniques, and resources for further information.

Uploaded by

Vijay Kumar Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 12

Basic Linux/System Security

19 Jun 2001

New Jersey Infragard

Physical Security
Physical access to machines Switches instead of hubs

19 Jun 2001

New Jersey Infragard

Principle of least privilege


Fewest accounts necessary Fewest open ports necessary Fewest running applications

19 Jun 2001

New Jersey Infragard

Root Account
Used as little as possible
Master key to a building Apps use other accounts, if possible People use su, sudo

http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/sudo.v80.htm

19 Jun 2001

New Jersey Infragard

Passwords
>=7 characters Mixed case, letters and symbols Not names or words Keep private Dont leave them out in the open Change once a month to 6 months Passphrases http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/essential_host_security.htm
New Jersey Infragard 5

19 Jun 2001

Open ports
Close all unneeded applications
netstat anp or lsof to see whats open Ntsysv, linuxconf to shut down

Firewalls as a special case for a network Disable, or at least limit, file sharing http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm
19 Jun 2001 New Jersey Infragard 6

Plaintext network connections


Email, telnet, web traffic Sniffers http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/ssh-intro.htm

19 Jun 2001

New Jersey Infragard

Encrypted network connections


Ssh
Terminal session File copying Other TCP connections

http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/ssh-techniques.v0.81.htm IPSec


All packets traveling between systems or networks http://www.freeswan.org

https web servers http://httpd.apache.org/related_projects.html


19 Jun 2001 New Jersey Infragard 8

Package updates
Available from Linux distribution vendor
Sign up for announcements list Use automated update tools: up2date, red carpet

http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm

19 Jun 2001

New Jersey Infragard

Intrusion Detection System


Snort
Reports on attack packets based on a regularly updated signature file Install inside the firewall

http://www.snort.org

19 Jun 2001

New Jersey Infragard

10

Advanced techniques
Audited OS: OpenBSD http://www.openbsd.org Stack overflow protected OS: Immunix http://www.immunix.org Chroot applications, capabilities Virtual machines: VMWare and UML http://www.vmware.com, http://www.user-modelinux.sourceforge.net TCFS http://tcfs.dia.unisa.it
19 Jun 2001 New Jersey Infragard 11

Resources
Distribution security announcements list ISTS Knowledgebase http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/index.htm
Worm characterizations and removal tools Linux and network security papers covering many of todays topics

Ssh key installer ftp://ftp.stearns.org Sans training http://www.sans.org Bastille Linux http://www.bastille-linux.org
19 Jun 2001 New Jersey Infragard 12

You might also like