When it comes to securing your Linux system -- or any other system, for that matter -- the first step is to set up a security policy, a set of guidelines that state what you enable users (as well as visitors over the Internet) to do on your Linux system. The level of security you establish depends on how you use the system -- and on how much is at risk if someone gains unauthorized access to it.
If you're a system admin for one or more Linux systems at an organization, you probably want to involve company management, as well as the users, in setting up the security policy. Obviously, you can't create a draconian policy that blocks all access; that would prevent anyone from effectively working on the system. On the other hand, if users are create or use data valuable to the organization, you have to set up a policy that protects the data from disclosure to outsiders. In other words, the security policy should strike a balance between the users' needs and the need to protect the system.

For a standalone Linux system, or a home system that you occasionally connect to the Internet, the security policy can be just a listing of the Internet services that you want to run on the system and the user accounts that you plan to set up on the system. For any larger organization, you probably have one or more Linux systems on a LAN connected to the Internet, preferably through a firewall. In such cases, thinking of computer security across the entire organization systematically is best.

The link for this article located at CertCities is no longer available.