Security > Workstation/Server
Security > Linux
Before you get into using Linux on your computer, you should do
some serious thinking about security. When you operate a Linux
system (or any other system) on WHOInet and the Internet, you
are personally legally responsible to ensure that your machine
is as secure as you can make it. This is because a single security
breach on a networked computer can serve as a staging area for
more and worse attacks on other computers on the same network.
This page is intended to give you a basic overview of some security
principles. For a more in-depth discussion of secure computing
practices for Linux workstations, you might want to take a look
at Karl Krueger's paper Your
/home is your castle, or check out the CIS
- Know what software you are running. If you
don't know what your system is supposed to be doing with its
time, it's very hard to tell when it stops doing the right thing,
or when someone has broken into it and made it run things it
shouldn't be. In addition, you should keep track of changes
made to your system. Packages such as tripwire can
alert you if your system configuration has been changed, possibly
by a break-in.
- Don't run any software you don't need to run.
Most Linux (and Unix) distributions come with a whole slew of
network server software (daemons) that you don't necessarily
need. (Do you really need your own IMAP mail server,
or AppleTalk, or DNS name daemon?) Every one of these daemons
is a potential avenue by which a cracker can compromise your
system. Uninstall, or disable in inetd.conf, daemons
you don't need.
- Use encrypted protocols. Any time you log
in to a system using telnet, rlogin, or the
like, you are sending your password in cleartext over the network.
This is a bad idea, as it can be packet-sniffed by anyone in
between you and the remote host. Install and use ssh
(Secure Shell) -- and disable your telnet daemon. (If ssh
is not available with your OS distribution, you can get it from
Similarly, if you need to pass confidential information over
the Web, make sure you're using SSL (https).
- Keep your software up to date. Very little
software is perfectly secure as released, and security holes
are often found in network software -- software which you may
have installed. Anyone -- both friendly sysadmins and hostile
crackers -- can find out about these security holes, on
security-related mailing lists or Web
sites. Because WHOI is constantly being scanned by malicious
persons for security holes, running out-of-date network software
here is tantamount to posting a sign on your computer saying
"HACK ME, PLEASE!" Your OS distributor
most likely operates mailing lists carrying announcements of
software upgrades. Subscribe to these lists. Read them.
- Keep backups. Your backups are your guarantee
that no matter what happens to your system, you will
always be able to restore it to a certain point. As such, they
are your last line of defense against data loss caused by security
compromises -- or by hardware failure, natural disaster, or
even operator error. In addition, backups of log files and system
state can serve as evidence if your system is compromised.