5 Basic Principles of Linux System Security

5 Basic Principles of Linux System Security

It is still common that people do not know where to start when it comes to information security. With 5 basic principles we can improve the Linux system security and question ourselves if we have done enough.

 

1. Know your system(s)

The first principle is about knowing what your system is supposed to do. What is its primary role, what software packages does it need and who needs access?

By knowing the role of the system you can better defend it against known and unknown threats.

 

Security Measures:

 

  • Password policy
  • Proper software patch management
  • Configuration management
  • Documentation

 

2. Least Amount of Privilege

Each process running, or package installed, might become a target. Security professionals call this the “attack surface”. What you want is to minimize this attack surface by removing unneeded components, limit access and by default use a “deny unless” strategy. This latter means that access by default is blocked, unless you allow it (whitelisting).

Security Measures:

 

  • Use minimal/basic installation
  • Only allow access to people who really need it

3. Perform Defense in Depth

Protect the system by applying several layers of security. This principle is named “defense in depth” and can be compared with an onion: to get to the core, you have to peel of layer by layer. One broken defense might help us protect against full compromise.

Security Measures:

 

  • IPtables / Nftables
  • Hardening of software components

4. Protection is Key, Detection is a Must

Security focuses on the protection of assets. While this is a primary objective, we should consider that one day our defenses are broken. Therefore we want to know this as soon as possible, so we can properly act. This is where principle 3 and 4 both are linked. Set-up proper detection methods, similar to the trip wires used by the military.

Security Measures:

 

  • Linux audit framework
  • Remote Logging
  • Create backups and test them

 

5. Know your Enemy

 

You can only protect a system the right way, if you know what threats you are facing. Why would this system be a target and who would be targeting it? Perform a risk analysis and determine what potential threats your system might endure.

 

Security Measures:

 

  • Vulnerability scans
  • Penetration tests
  • Risk analysis

 

Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)


2 comments

  • German GonzalezGerman Gonzalez

    Excellent your part of your blog with ” 5 Basic Principles of Linux System Security ”

    i’m going to download the Lynis and apply your recommendations.

    Also I am looking for to be partner of Us, its possible ?

    Let me to know more about it, thanks.

    Reply
  • Great, enjoy using the software and enhancing security of your systems.

    Please send an e-mail to social@cisofy.com and we will have a look how we can help.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *