Features Category

Loading...

network securitysecurity best practicesmalware defense

Guide to Business Cybersecurity: Best Practices Against Cyber Threats

Businesses have been increasing the amount of technology they integrate into their workflows. In America, 94% of businesses use technology to improve efficiency. . Virtual tools allow them to complete tasks quickly and accurately with fewer resources. However, these employed processing and storage techniques are prone to cyberattacks that can corrupt a business’s electronic system, resulting in data and money loss and a negatively impacted reputation. Companies must implement the best cybersecurity practices and solutions for smooth and secure business operations. Cybersecurity entails securing your data, servers, programs, and systems against external and internal attacks in network security. Here is a guide to help you understand various cybersecurity vulnerabilities and how to implement protective measures against them. What Are Common Types of Cyberattacks Businesses Experience? To protect your system against different types of cyberattacks, you must understand the various kinds, their origin, and the harm they can do. Here are the more common risks to keep in mind: Password Guessing Attacks A password-guessing attack entails hackers trying to guess an organization’s usernames and passwords. The sample information they use comes from previous data and cloud security breaches, which occur when employees keep the same weak or default passwords for multiple logins and command servers. Hence, the credentials are easy to remember. To avoid password-guessing attackers, encourage employees to use unique and complex passwords with a mixture of letters and numbers. Advise them to type the password when logging into the company’s servers rather than having the system remember it. It’s also best to introduce a password-changing policy where everyone must reset their passwords after a set period. Organizations should also use password cracking, or the technique of retrieving passwords from encrypted data stored in or communicated by a computer, to help identify easily hackablepasswords and test passwords to create stronger ones. Many great open-source password-cracking network security toolkits are available to assist. Distributed Denial of Service Attacks Distributed Denial of Service attacks (DDoS) occur when a hacker paralyzes an organization’s system with a massive influx of fake activity, such as messages, requests, and web traffic. DDoS attacks are made through malware-infected, interconnected devices (computers, servers) on botnets. This attack weakens business cybersecurity measures, allowing hackers to access data. Identifying DDoS attacks is challenging because their symptoms, like slower servers, are confused with regular high traffic. On closer inspection, the fake activity comes from one IP address and occurs at odd hours of the day. You can eliminate these types of cyberattacks by creating a black hole to remove the fake traffic or limit the requests a server receives in a certain period. Malware Attacks Malware attacks are when hackers infiltrate software through private networks to access information. Some types of malware attacks include: Keyloggers : These track the information users type with keyboards, such as passwords and Social Security Numbers. Ransomware entails encrypting vital data where the hacker forces users to pay a ransom to access it. If their demands are unmet, they threaten to delete, sell, or publish it on the dark web. Spyware : This monitors a user’s online activity, like web browsing, to gather personal information for hackers. It can also hack into webcams and turn them on to collect sensitive and identifiable information. Adware : Also known as spam, adware is relatively harmless. It decreases the performance of your computer but can download other harmful malware without your knowledge. Malware attacks enter networks through viruses, trojan horses, and worms. They spread quickly in interconnected systems, but you can eliminate them through updated antivirus software and properauthentications. Phishing Attacks In phishing attacks, hackers deceive employees through fake websites and emails to release private information, such as login credentials, credit card numbers, and Social Security information. Threat actors disguise themselves as trusted agencies, like banks, to obtain sensitive information. In a survey, 57% of organizations reported facing successful online or email phishing attacks. Spear phishing attacks are personalized to target a specific organization or person, creating emails using their names to make it harder to distinguish them. Authentication software and awareness programs can reduce the chances of victimizing such cyberattacks. Business Cybersecurity Best Practices Many businesses use outsourced IT support to implement the best cybersecurity practices. These third-party companies are skilled in managing and updating cybersecurity elements to guarantee data and network security. If you want to save money, consider applying cybersecurity yourself. Here are the most essential, best cybersecurity practices businesses need to prevent most cyberattacks. Use a Secure OS It is no secret that the OS you choose is a key determinant of your security online. After all, your OS is the most critical software running on your computer, managing memory, processes, software, and hardware. Experts agree that Linux is a highly secure OS and, arguably, the most secure OS by design. Some key factors that contribute to Linux being a more secure OS than Windows for businesses include: The Open-Source Security Advantage : Linux source code undergoes constant, thorough review by members of the vibrant, global open-source community so that any cybersecurity vulnerabilities in Linux can be identified and eliminated rapidly. A Superior User Privilege Model : Unlike Windows, where “everyone is an admin,” Linux greatly restricts root access through a strict user privilege model. Because Linux users have low automatic access rights andrequire additional permissions to open attachments, access files, or adjust kernel options, spreading malware and rootkits on a Linux system is harder. Built-In Kernel Security Defenses : The Linux kernel offers a selection of built-in security defenses , including firewalls that use packet filters in the kernel, the UEFI Secure Boot firmware verification mechanism, the Linux Kernel Lockdown configuration option, and the SELinux or AppArmor Mandatory Access Control (MAC) security enhancement systems. Admins can add layers of data and network security to their systems by enabling these features and configuring them during Linux kernel self-protection. Security through Diversity : A high level of diversity is possible within Linux environments due to the many Linux distributions (distros) available and the different system architectures and components featured. This diversity helps satisfy users’ requirements and can protect against different types of cyberattacks by making it difficult for adversaries to efficiently craft exploits in network security that can be used against a wide range of Linux systems. Highly Flexible & Configurable : There are vastly more configuration and control options available to Linux admins than to Windows users, many of which can be used to enhance security. For instance, Linux sysadmins have the ability to use SELinux or AppArmor to lock down their system with security policies offering granular access controls, providing a critical additional layer of security throughout a system. Despite the key benefits Linux offers, it is crucial to remember Linux is not a “silver bullet” in security. The OS must be correctly and securely configured, and sysadmins must practice secure, responsible administration to prevent attacks on network security. Use Antivirus Software Antivirus software scans, detects and removes known malware from a computer. It runs in the background and occasionally pops up to notify you of potential network security threats froma website, download link, or hardware. However, since new malware codes constantly appear, ensuring your antivirus software is constantly updated is crucial. Use a Firewall & a VPN A firewall is a barrier between an organization’s network and the public internet. It constantly monitors and filters traffic into the personal network according to your organization’s data and network security policies. In simpler words, firewalls ensure that different types of cyberattacks, like DDoS, do not enter the organization. Like antivirus software, you must regularly update firewalls to prevent newer network security threats. Firewalls also perform NAT and VPN functions. Network Address Translation (NAT) hides IP addresses, allowing users to access the internet with more security and privacy. In contrast, a Virtual Private Network (VPN) creates a tunnel between private and public networks, ensuring that the data packets shared remain secure. Use Two-Factor Authentication Two-factor authentication (2FA) is an extra layer of protection used after you enter your username and password. The second authentication check can be one of three types: Something you know : This can be a personal PIN or question, such as the name of your first pet. Something you have : This includes verification through something users would often have. For example, you can gain access by entering a one-time passcode (OTP) sent to your phone. Something you are : This authentication includes fingerprints, eye scans, and voice prints. Invest in Security Awareness and Training Programs You must train your employees regarding the best cybersecurity practices so they can be aware of common hacking and phishing attacks and techniques. Since employees are the first defense against specific cyberattacks, preparing them can protect your organization’s data, network security, and all your business systems. You should also instruct employees not to plug unknown devices into PCs, download unknown orunsafe files, open spam emails on the business’s computers, or enter their passwords on random websites to avoid malware attacks. Similarly, employees must use different computers for payment processing and web surfing to prevent identity theft incidents. Your employees must have the right platform to report cloud security breaches, such as suspicious emails they receive or a sudden increase in server traffic. The IT department must promptly address such concerns to ensure these cyberattacks are not established or spread. What Should I Do After a Cyberattack? Despite your best efforts, your system can still be susceptible to cyberattacks. As soon as the attack is identified, you must contain it. Disconnect your computers from the internet and isolate essential computers from the interconnected devices . As an extra precaution, consider changing the sensitive file passwords. You can also configure additional email authentication methods like MTA-STS to prevent man-in-the-middle attacks like TLS downgrades and DNS spoofing on future attacks. You must then identify the attack’s source. The network connections at the time will help your IT department understand any cybersecurity vulnerabilities that would have allowed the threat to bypass security measures and what further improvement they require. You must also analyze the information you lost and take measures accordingly. For example, if you lose payment processing credentials, you must report the incident to law enforcement agencies and change your passwords. Be transparent about the cyberattack with clients, as their data and network security may also be compromised. Final Thoughts on Business Cybersecurity Data is essential for businesses, allowing companies to make informed decisions that increase profit margins. A greater reliance on technology also makes businesses susceptible to different types of cyberattacks, like the ones mentioned in this guide, so safeguarding data is a must, albeit complex. You canindependently apply the best cybersecurity practices, like choosing a secure OS, using antivirus software and firewalls, and two-factor authentication to protect your business’s sensitive data. Without the proper experience and knowledge, your business will remain susceptible to attacks on network security. Hiring trained IT professionals or considering outsourcing to a cybersecurity provider is best. They will ensure your data and network security measures are constantly updated, and your employees are trained in security protocols. . Understanding prevalent cyber threats and implementing strong security measures is vital for tech-dependent businesses. Business Cybersecurity, Cyber Attack Prevention, Cybersecurity Tools, Malware Defense, Security Best Practices. . Brittany Day

Mar 13, 2023 •

Brittany Day

27.Tablet Connections Blocks Lock Esm H240

data protectionaccess controlpassword management

Effective Strategies For Strengthening Linux Cloud Security

Technology, in many ways, has changed the way people do business. Modern society is highly digitalized, thanks to technological advancements in the Internet of Things (IoT). . Along with it, cloud computing has garnered much attention, too. More and more cloud-based solutions emerge on the market; in fact, businesses worldwide are looking to or have already invested in cloud-based storage solutions. Cloud storage is an effective way of streamlining a business’s operations. It’s also relatively secure in some respects. However, this doesn’t mean that cloud systems are infallible. Their exposure to the IoT and the Internet makes them vulnerable to cyberattacks, which are reported to have drastically increased recently. So, businesses need to bolster their cloud security. Fortunately, this is something with which cybersecurity experts can help you. Data is now a major asset for most companies, and of course it's critical to keep it secure. Here’s a guide on how businesses can strengthen their cloud and data security. The Importance Of Linux Cloud Security Cloud security describes the various procedures and policies that protect cloud users and company data. A cloud security policy guides how you implement security measures, like antimalware tools, authentication, permissions, and antivirus software updates. The reason why Linux cloud security is important is that most cloud systems run on Linux architecture. Given how distributed systems are constructed, there's a relatively high probability of insecure configuration, which may result in security gaps. Misconfiguring a web application, for example, might create a pathway for cyber attackers to remotely control the cloud server. The rising popularity of the cloud suggests that cloud-based solutions are in great demand. But, because a lot of data passes through IoT, it puts organizations in a difficult position. IT administrators now have to proactively consider how they’ll store root passwords, the strength of thosepasswords, system integrity, and application security, among other things. As a result, every firm must foster a culture of security awareness. This begins by incorporating a zero-trust approach into your cloud security procedures. It implies you create security solutions based on the notion that interactions begin in an untrustworthy state. Given the constant evolution of cyber threats, a proactive approach to cybersecurity is essential today. This method allows you to stay on top of security threats and build effective counter-strategies. Top Tips And Advice For Improving Linux Cloud Security Cloud Backup There’s probably not a day when you can firmly assert that your systems are 100% secure or impenetrable. The reality is that no matter how well you implement techniques to strengthen cloud security, the risk of data loss will still exist. Even though you shouldn't live in constant worry, you must always maintain a backup in case of a data breach or disaster to prevent your entire operations from falling apart. Organizations can’t afford to lose their data. A data breach may cause severe interruptions in workflow and productivity for some firms that depend heavily on data. That’s why it’s extremely important to invest in cloud backup services. Moreover, it’s important that you consider your system requirements before using any cloud backup solution. For example, you should note that not all cloud backup service providers support Linux operating systems. Therefore, if you have such a system, Linux cloud backup solution or any comparable alternative you can find would be ideal. Use Access Controls Some cloud solutions may have optional access control features you could get to improve security even further, however, it’s ultimately your responsibility to set up the appropriate access controls to promote data safety. Proper access controls are extremely useful in preventing insider theft. It’s frequently the case that many cyberattacks are launched from within theorganization, whether deliberate or unintentional. So, it’s important to always know who has access to what. However, note that you could also set up your system so that select individuals can access certain parts of the system. That way, your employees can access the resources they need to be productive and get their respective jobs done. Encrypt Your Data Data encryption is important as far as cybersecurity is concerned. The public networks that all traffic goes through to connect with cloud servers may be infiltrated with hackers. Given that your employees will constantly be sharing, uploading, and retrieving data via the cloud, there’s a possibility that hackers could intercept these exchanges and steal valuable information. Fortunately, there are several cloud encryption tools you can utilize. Nevertheless, it’d be best if you encrypt all of your enterprise's data , regardless of the format, to strengthen your cloud infrastructure's security. You should encrypt data in transit and at rest. When transferring files, ensure that you only use secure transfer protocols, such as Secure Shell (SSH), Secure Copy (SCP), and SSH File Transfer Protocol (SFTP). This way, your vulnerability to online cyberattacks and risk of data security breaches are significantly reduced. Monitor Cloud Threats Even if you’re confident that your cloud system is secure, you should always monitor your system for threats. This enables you to identify threats and deal with them before they fester. So, your company must continuously maintain visibility in all of its cloud technology. You can achieve this by continuously monitoring user behavior to gain insights and real-time data on how your cloud infrastructure is being used. Cyber attackers shouldn’t be underestimated regardless of how sophisticated you believe your defenses are. In fact, it’d be better to adopt a proactive approach in which you anticipate and prepare for cyber threats as much as possible. Hackers are constantly probing theInternet of Things in search of loopholes, that’s why continuous threat monitoring is essential. You may have witnessed circumstances in which several unsuccessful login attempts from various IP addresses occurred. This should be a cause for alarm because hackers frequently utilize passwords to penetrate networks. Fortunately, most Linux systems keep authentication logs that allow you to monitor login activities. But, for added visibility, consider using malware scanning and intrusion detection programs. Thankfully, many cloud service providers are equipping their systems with built-in cloud threat detection features. You must ensure that such capabilities are enabled at all times. Most systems employ a mix of telemetry sources, such as network flow logs that use analytics and supplementary threat intelligence sources, to identify threats. Invest In Employee Training Your employees might be the biggest indirect threat to your business’s cloud security. Bear in mind that they’re the ones interacting with your cloud systems most of the time. Plus, they’re the ones interacting with customers and handling customer information a lot of the time. And, one of the easiest methods for hackers to get your data is through phishing. Therefore, giving your staff frequent, thorough training is crucial. You must equip your employees with the knowledge to responsibly use IT resources and networks. One way of doing this is by creating a clear and sound cybersecurity policy. This will guide employees on how to use the connected IoT devices and systems in the company. By doing this, your staff will be able to recognize phishing attacks and avoid them. Regular staff training can help avoid any misuse resulting from ignorance or carelessness. Monitor Usage & Conduct Regular Audits Ideally, you should audit the personnel who have access to the cloud. You should also keep track of how these users interact with the system. Keep an eye out for unauthorized file sharing and investigate any otherquestionable behavior you notice. This allows you to detect people who’ve gained illegal access to your cloud servers. As mentioned previously, you need to work with the presumption that vulnerabilities may be present. So, consider implementing procedures that hold your workers or anyone with access to your systems accountable. Improve Password Security Strong passwords are a crucial cybersecurity measure that can improve your cloud security. One of the other ways that hackers can infiltrate a system, profile, or account is through hacking passwords. Some people set simple passwords because of the fear of forgetting them. But, that’s a fatal mistake. Setting an easy password makes the cyberattacker's job much easier. Most people that get their accounts hacked or their identity stolen experience those things because of poor password management practices. That’s why it’s extremely important to set up strong passwords for all your cloud infrastructure and services. Multi-factor authentication is one method of enhancing password security. There are countless possibilities for multi-factor authentication; pick the one that works best for you. Another fantastic idea is to invest in a password manager that can keep all your passwords safe so you won’t have to worry about forgetting them. You could also urge your employees to invest in a good password manager. Also, consider using SSH keys in place of passwords. Establish Cloud Deletion Policies Whether you want to switch to a new cloud system or stick with your current one, managing the data of your former clients should be your top priority. Customer data should be systematically erased when the data retention time has passed. Therefore, strict data deletion rules must be established by organizations to properly and securely erase data from the system while upholding strict GDPR compliance . Also, always choose reputable cloud service providers since, at least with them, you can trust that all concerned data are deleted safely. Conclusion Given the increasing frequency of cyberattacks, every firm must invest in cloud security. While cloud solutions typically have built-in security safeguards, you should go a step further to strengthen your system security. So, consider applying some of the ideas stated above, or talk with a reputable specialist who can assist you in developing a solid cybersecurity strategy. . Enhance your Linux cloud security with a multifaceted strategy including automated encrypted backups, strong encryption, strict access controls, and regular updates. Linux Cloud Security, Data Protection, Cloud Backup Solutions, Access Control, Cybersecurity Strategies. . Brittany Day

Nov 28, 2022 •

Brittany Day

Banner 2 1028x280 1708121730 1 1771599631

system hardeningsecurity toolspassword management

Crucial Instruments for Safeguarding Unix-Based Systems and Platforms

System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people . Being able to identify tools and techniques to harden your systems is a key play on securing your systems. Moreover, choosing the right tools is a matter of experience. You should try most of them, or perhaps the ones that are popular. I chose free and open source software because, if I want to, I can check the applications source code and see for myself how did programmers wrote the software, how did they manage to keep the software easy to understand etc. Without trying to explain the networks peripherals particular importance on the security of the whole system, I will dig deep into software that check systems protocols, passwords, vulnerabilities, weaknesses, security flaws, best practices on protecting and securing your system and so on and then some important security steps any system administrator should know. I chose two popular security tools: Tiger and Lynis. Both state of the art security-auditing tools. Lynis Lynis is Unix based software and its free under the GPL and a popular security hardening solution. The advantage here is that it does not change any of your configuration files. Instead, it lists what it seas as weak or needs to change. It can scan your system in details and very extensively. Its use is straight forward, and it is OS independent, which means it will run in almost any Linux or Unix environment. You can run Lynis from USB, Cd, ext. HDD or any other media. With proper plugins, Lynis can test your databases, e-mail servers, web and what not. There are many documentations and video presentation regarding installing and configuring as well as using Lynis. I advice you to search for these and read as much as you can until you feel comfortable and start testing and using it. Latest version of Lynis as of now is 2.1.0 and can be obtained at: /downloads/lynis/ Tiger Just like Lynis, Tiger supports multiple UNIX platforms and it is free under GPL License. Besides system hardening tools, system configuration checks etc, Tiger offers host-based intrusion detection, and it is very successful at it. Its worth to note for Linux/Unix environment newcomers that, while there are lots of intrusion detection tools out there, most of them if not all are command line and offers minimal X based or GUI mode. As of now, the latest and stable version of Tiger is 3.2.3, and can be obtained at: Index of /releases/tiger/ I’ll write some Tiger scripts and their use. You are advised to check its documentation and find what interests you and what you are trying to accomplish. check_inetd – This script will check your init.d and find any misconfiguration. check_group – As its name suggests, it will check group passwords vulnerability, duplication and so on. check_accounts – This scrips will check your accounts for anything suspicious, home directories, shells, accounts with no passwords etc. check_anonftp – This checks your ftp configuration for any vulnerability. check_passwd – Checks for password configurations. Security Tips: I can’t stress enough how important it is for a Unix system to have root login disabled. This is crucial step and should be deactivated on all systems running important services, period. Besides disabling root login, it is advisable and yet very important to have X windows uninstalled. This is necessary if you’re running apache web server and you don’t need X windows. Remember, X windows are and can be vulnerable to attacks. Never use unsecured connections like telnet, ftp and so on! Use SSH, sftp instead! Set strong password policies and password expiration date, so that the user is prompted to change the password when it expires. This will ensure consistent password changes on all user accounts. I would advice to set it to three months at latest. Check file permissions periodically, this can create havocif not set properly. Close unused ports. Remove unnecessary software Check various security websites (do these daily) for security holes people and programmers found, and patch them immediately if your system is vulnerable! sysctl: an interface for changing parameters in Unix like environments. Read for sysctl and tweak the configuration the way you want it. Implement firewalls (iptables) Make daily backups! This is very important. Relocate another backup server away from the server room in case of disaster recovery etc… I could have filled this document with print screens and information on how to do all these things I explained, but I though it would be much better if you try them yourself. When you search for knowledge, I strongly believe, you will learn things much better, and sooner. You can refer to these two system hardening software and security advices, but don’t limit yourself. Try anything you can find, perhaps, look for popular software and try them on your test-machines, simulate real-life situations, configurations and so on. Remember, security measurements start with your systems version up to date! Last but not least, I would be very happy if you share some security tips with us on this post, so people can enjoy and learn more and be successful on what they do. About the Author Mr. Ibrahimi is a freelance Unix/Linux specialist and consultant with over 15+ years of experience on Open Source software. He is a regular contributor to UNIX community online as well as locally on projects involving his expertise on implementing Unix/Linux on IT infrastructures. . Being able to identify tools and techniques to harden your systems is a key play on securing your sy. system, administrators, aware, important, their, systems, security, runtime. . Dave Wreski

May 27, 2015 •

Dave Wreski

Linux administrationsecurity practicepassword management

Medusa 2.0: Command Line Password Guessing Tool Overview and Tips

Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit . Medusa is a command line tool, as far as I know there is no GUI front end. But don't let that scare you, it's super simple to operate. The foo magic of compiling from source is the hardest part. Although if you're running Ubuntu, Medusa is in their repository. Starting with Ubuntu 10.10 Medusa packages were updated to latest 2.0 release. If you're a Fedora fan boy, good news; Medusa RPM is available. With Fedora 16 Medusa was updated to release 2.0. Anything prior will use Medusa 1.5. Other distros may have to compile from source. Compiling Medusa from source: Download Medusa 2.0 source from foofus.net Decompress tarball tar -xvf medusa-2.0.tar.gz Perform usual compile foo magic ./configure make make install One word of caution. During the ./configure process a module check is performed. If dependencies have not been met, Medusa will not support those modules. You'll have to ensure all dependencies are satisfied before running make and make install . Have a look here if you run into trouble http://foofus.net/goons/jmk/medusa/medusa.html Installing Medusa from Ubuntu Repository: apt-get update apt-get install medusa Basic password guessing with Medusa: If you'd like to see all Medusa options, execute medusa with no switches. If you'd like to see all supported modules execute medusa -d In its most basic form Medusa requires the following information: Target host User name or text file with user names Password or text file with passwords Module name For example; If I want to try a single password guess of abc123 against the Administrator account on a Windows box with an IP address of 192.168.100.1 medusa -h 192.168.100.1 -u Administrator -p abc123 -M smbnt In a Windows environment the Administrator account is special in that it is theonly account which cannot be locked out. Although watch out, some environments remove this feature. Before you brute force accounts ensure you know the lockout policy. But let's pretend in this example the Administrator account does not lock out. This means I can attempt as many password guesses as I'd like. In this case I'd download a pre-compiled password list. Then, let Medusa loose and wait. medusa -h 192.168.100.1 -u Administrator -P passwordlist.txt -M smbnt Depending on the latency between you and the target host, limiting concurrent attempts may be a good idea. This can be accomplished with -t or if you'd like Medusa to stop after first succesful username, password combination use -f Medusa is simple, fast and effective. I especially love the number of modules it supports, including web forms. How many times have you wanted to password guess a web site login? With Medusa it is possible, simply provide the proper URL. Medusa even supports SSL and if your target is using security through obscurity by using a non standard port, Medusa supports that too. Specify non standard ports with -n Administrators should be auditing passwords regularly. Weak passwords are your number one concern. If you allow users to generate a weak password they will. You're best bet is to implement a good password policy and enforce it. As always ...for more information please visit our blog at: https://www.drtcyber.com/dbg . Explore Medusa 2.0, a powerful command line tool for efficient password cracking. Learn to install it, use its capabilities, and follow security best practices.. Password Guessing Tool, Medusa 2.0, Command Line Security, Linux Admin, Security Practices. . Anthony Pell

Jan 09, 2012 •

Anthony Pell

security advisorypassword managementpenetration testing

Linux Security Resolutions: 2005 Best Practices for Administrators

As a preface to this paper, I wanted to take a moment mourn the loss of the many tsunami victims worldwide. Our thoughts and prayers are with each of the victims and families. Donations to help in the relief effort can be made through the following organizations; World Vision ; American Red Cross ; Oxfam ; and many others. . Introduction Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide. Whether it be physical terrorism, or malicious acts of information security, we have all raised our level of awareness. For many across the world, the new year brings a sense of rebirth and recommitment. All of us take time to reflect on the past year, reexamine our lives, and focus on how we can do better the upcoming year. Some have career related goals, others only wish to make more time for their family because of the realization that those close to you are in fact the real and only reason for everything. Personally, I am one who loves to set goals. Without a mission and plan, very little gets accomplished. The new year should not only be a time to set personal goals such as an exercise regiment, but also a time to focus on security practices and configurations. 2005 will be hostile, now is the time to prepare. Reflect on Present Those of us long-time security gurus always chant the mantra "security is a process, not a product; repeat." The new year should be a time to refine that process. Take a moment to analyze and ask the following questions: Are we doing everything the way we should? What areas of our operation need to be improved? Are we following security best practices? Do I feel confident about our security practices? Do I have metrics to provideassurance about our security? Are we proactive, or do we always seem to be catching up? Although many network environments are similar, it is important to keep the questions as broad as possible. It is necessary to reflect on the overall picture of security. Some of you may be responsible for hundreds of servers, others may only keep a hobby-server running on a DSL line. Security should be important to all in every situation, and many of the broad concepts of security are the same. For example, the first question says "Are we doing everything the way we should?" Although simple, and warrants only a YES/NO response, it is loaded with other questions. One of the most obvious ones, do you take shortcuts? I'll admit, I'm sometimes guilty. Rather than taking the time to do something completely right the first time, I focus all of my time on functionality, and once it is working, move on to more pressing matters. One must be dedicated in making sure that severs are setup and configured in the most sound way possible. It's not enough for something just to work; it should be configured to reduce as much risk as possible. One of the more pointed questions above is about security confidence. While too much confidence can lead to disaster, too much paranoia can drive someone mad. The obvious balance is in the middle. Security personnel should strive to be confident, but paranoid. It sounds like an oxymoron, but its not. It is important to have faith in one's own system, but always be aware and ready for emerging threats. For example, early 2004 was inundated with Linux kernel vulnerabilities. Although I was confident that my EnGarde Linux servers would hold up; I didn't ignore the bugs completely. It is important to keep up with vulnerability news and apply patches when available. Confidence(trust) can be obtained through good security practices. Using standards such as BS7799/ISO17799, ISF Best Practices, as well as others can help establish a program for building securityconfidence. Documentation such as the Linux Security Howto, Linux Security Administrators Guide, as well as NIST's dozens of configuration guides can ensure software has been setup and configured properly. Its not enough just to be confident. One must have assurance that the systems in place will provide adequate protection for its information assets. Weather its trade secrets to protect, or just protecting a website from defacement, the information security principles are the same. Layer, layer, layer! Provide multiple levels of security through authentication, access control, network traffic regulation and segmentation, and the use of strong cryptography. Know your system inside and out by monitoring logs, system events, as well as understanding legitimate activity. Being able to quantitate the number of failed unauthorized attempts provides a level of assurance and demonstrates the value of each security control. A proactive security process is a combination of knowing your assets, knowing your systems, understanding its threats and vulnerabilities, while working in a prioritized manner to reduce the risk of each. A Security Resolution Rather than focus on management related security issues such as policy development, security awareness & training, and risk analysis, I am writing resolutions that can be directly applied by system administrators. Also, please beware that the issues I touch here are by no means a complete list of security issues that should be examined. I would be writing for weeks if I attempted to cover all issues that affect Linux administrators. Change Passwords/Keys: We all have our favorite passwords and passphrases. We get comfortable with them and become reluctant to change them. For many, it is a huge job. However, maintaining fresh passwords is important to the security of a system. Using the same root password for three years is simply unacceptable. Make it a habit to change major password regularly. If you haven't done it recently, change themnow. Apply System Patches/Keep Software Up-to-Date: Yes, all of us can get lazy, but that is simply no excuse if you wish to maintain a secure system. Vulnerability advisories are released by Linux vendors every day, it should be top priority to test and then apply appropriate patches to production systems. If it is just simply too much work to apply them manually; consider subscribing to an automated distribution service such as those offered by Red Hat and Guardian Digital. Analyze Accounts/Permissions: It has been said that a large number of corporate information security break-ins are a result of stale user accounts. Do you have accounts left on your system for people that quit or were fired six months ago? If so, that's a huge risk. Perhaps quarterly, review the accounts on your system and verify their necessity and validity. It is also important to review file critical file permissions. Sometimes testing a system warrants a permission changes, and then an administrator forgets to set it back to its original state. Review Backup/Restore Procedures: Are the systems being backed? If on tape, how old are the tapes? Have the tapes been verified to ensure that they are actually backing up the correct data, and do the restore procedures work? In an emergency, one does not have the luxury of spare time. It is important to sort through the problems beforehand. Review Logs/Intrusion Detection: Are there procedures in place to periodically review system activity? Nearly every system keeps some form of logs, but very few administrators actually review frequently. Now is a good time implement an automated alert system and refine exactly what information is logged and determine responses to specific events. Physical Security: Ensure all system are running in a safe and secure operating environment. Is the room adequately cooled and ventilated, is it connected to a UPS, is the room locked physically? Physical access to a system opens the door of vulnerabilitymuch wider. Use Encryption: These days, there are no excuses. We should all be using GnuPG to sign and encrypt emails. The software is free, its easy to use, and provides a high level of security. When e-mailing sensitive information to fellow administrators, using cryptography should be a no-brainer. Penetration Testing: After hardening your severs, put them to test. With the advent of OSSTMM (Open Source Security Testing Methodology Manual), light penetration testing is possible for everyone. Using the techniques in OSSTMM and learning to think like the enemy is a skill that can help and administrator improve security greatly. Document Configurations/Settings: There's not much worse than loosing application configuration settings. Security often requires a lot of tweaking, which is easy to forget. Document the settings in critical applications to ensure that the system can be restored in the event of corruption. Learn Something New: What have you just been itching to know about? Have you always wanted to setup a honeypot, or learn more about SELinux? Now is the time! Rather than keep pushing it off to 'when I have time,' setup a schedule to begin learning about it. None of us have three hours a day to dedicate to reading, but all of us can make five minutes. As months pass, knowledge will accumulate and you'll be a well-rounded administrator. Final Remarks It has been another great year, and I look forward to the next. To have a successful and productive year, planning is the key. Whatever your security challenges be, now is the time to address them. We've all been there. Get help by asking questions in forums, asking colleagues, reading howtos, etc. The information is out there, it is up to you to take the initiative. . Fortify your Linux system security by implementing key strategies for robust installation and ongoing upkeep.. Linux Security Practices, System Hardening Techniques, Secure Setup. . Benjamin D. Thomas

Dec 30, 2004 •

Benjamin D. Thomas

Stay Ahead With Linux Security Features

Refine features

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Top Linux Vulnerability Scanners in 2026: A Guide to Open-Source Security Tools

How Linux Pentesting Improves Network Security

Understanding Log Management and Analysis Tools for Linux Systems

What is Nmap? How To Use It Effectively for Network Security

Explore Latest Linux Security features

Guide to Business Cybersecurity: Best Practices Against Cyber Threats

Effective Strategies For Strengthening Linux Cloud Security

Crucial Instruments for Safeguarding Unix-Based Systems and Platforms

Medusa 2.0: Command Line Password Guessing Tool Overview and Tips

Linux Security Resolutions: 2005 Best Practices for Administrators

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Top Linux Vulnerability Scanners in 2026: A Guide to Open-Source Security Tools

How Linux Pentesting Improves Network Security

Understanding Log Management and Analysis Tools for Linux Systems

What is Nmap? How To Use It Effectively for Network Security

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Ahead With Linux Security Features

Refine features

Topics

Authors

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Explore Latest Linux Security features

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!