Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
133 views12 pages

Basic Linux Security

The document discusses basic Linux system security. It covers topics such as physical security, using the principle of least privilege, limiting use of the root account, using strong passwords, closing unneeded ports, encrypting network connections, installing package updates, using intrusion detection systems, advanced security techniques, and resources for further information.

Uploaded by

Vijay Kumar Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
133 views12 pages

Basic Linux Security

The document discusses basic Linux system security. It covers topics such as physical security, using the principle of least privilege, limiting use of the root account, using strong passwords, closing unneeded ports, encrypting network connections, installing package updates, using intrusion detection systems, advanced security techniques, and resources for further information.

Uploaded by

Vijay Kumar Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 12

Basic Linux/System Security

19 Jun 2001

New Jersey Infragard

Physical Security
Physical access to machines Switches instead of hubs

19 Jun 2001

New Jersey Infragard

Principle of least privilege


Fewest accounts necessary Fewest open ports necessary Fewest running applications

19 Jun 2001

New Jersey Infragard

Root Account
Used as little as possible
Master key to a building Apps use other accounts, if possible People use su, sudo

http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/sudo.v80.htm

19 Jun 2001

New Jersey Infragard

Passwords
>=7 characters Mixed case, letters and symbols Not names or words Keep private Dont leave them out in the open Change once a month to 6 months Passphrases http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/essential_host_security.htm
New Jersey Infragard 5

19 Jun 2001

Open ports
Close all unneeded applications
netstat anp or lsof to see whats open Ntsysv, linuxconf to shut down

Firewalls as a special case for a network Disable, or at least limit, file sharing http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm
19 Jun 2001 New Jersey Infragard 6

Plaintext network connections


Email, telnet, web traffic Sniffers http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/ssh-intro.htm

19 Jun 2001

New Jersey Infragard

Encrypted network connections


Ssh
Terminal session File copying Other TCP connections

http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/ssh-techniques.v0.81.htm IPSec


All packets traveling between systems or networks http://www.freeswan.org

https web servers http://httpd.apache.org/related_projects.html


19 Jun 2001 New Jersey Infragard 8

Package updates
Available from Linux distribution vendor
Sign up for announcements list Use automated update tools: up2date, red carpet

http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm

19 Jun 2001

New Jersey Infragard

Intrusion Detection System


Snort
Reports on attack packets based on a regularly updated signature file Install inside the firewall

http://www.snort.org

19 Jun 2001

New Jersey Infragard

10

Advanced techniques
Audited OS: OpenBSD http://www.openbsd.org Stack overflow protected OS: Immunix http://www.immunix.org Chroot applications, capabilities Virtual machines: VMWare and UML http://www.vmware.com, http://www.user-modelinux.sourceforge.net TCFS http://tcfs.dia.unisa.it
19 Jun 2001 New Jersey Infragard 11

Resources
Distribution security announcements list ISTS Knowledgebase http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/index.htm
Worm characterizations and removal tools Linux and network security papers covering many of todays topics

Ssh key installer ftp://ftp.stearns.org Sans training http://www.sans.org Bastille Linux http://www.bastille-linux.org
19 Jun 2001 New Jersey Infragard 12

You might also like