Category Archives: Linux Security

Linux Security Articles

Linux Server Security

Linux has managed to become accepted in the commercial world. Although Windows is more used, Linux servers are used almost everywhere nowadays. That Linux servers have become popular also means that some people are looking into how to break into Linux servers. Here is a short overview about Linux server security.

The difference between Windows and Linux is huge. Windows is controlled by Microsoft and you only get OCO (Object Code Only). If you are not happy with something in the Windows operating system, you have to wait until Microsoft does something about it. Linux on the other hand is open source, at least in theory, you can get the source code. Of course, most Linux users will not be better off with the source code but that means that more than one company can improve the system. Of course, the access to the source code could, at least in theory, help the bad guys to find security flaws in the system.

So how do you make a Linux server secure? All servers connected to a network face two different kinds of risks, attacks from the outside and unauthorized access from logged in users. When it is comes to security, the weakest link determines your level of security, so you need to pay attention to all levels.

It is also very important that the server location is secure. If people can just walk up to the computer and boot it from their own external device, the Linux security features can’t help you. You need to make sure that the server is in a secure room and that the BIOS and boot loader are password protected. Also make sure that backups are kept in a secure place. If people can walk out with a backup of your data, they don’t need to waste their time on trying to break into your Linux system.

First, you should always protect the servers on your network with one or more firewalls. Firewalls are very good at keeping the bad guys out. But in today’s rough world, you don’t want to rely on firewalls alone. You need to harden your Linux systems as well.

The best practice of how to harden Linux changes all the time, check the Internet or your Linux vendor for the latest recommendations. But in essence, you want to disable all services that are not absolutely necessary. You should also only allow encrypted communications, such as ssh. But beware that ssh, like all networking protocols, is a potential security risk.

New security holes are detected all time, and generally patches are quickly released fixing them. This means that you must update your operating system and applications regularly. Unfortunately, the root account is all powerful so make sure that it is very secure. Basic hardening includes not allowing root logins over the network.

Auditing has never been a strong feature of Linux but when rightly configured auditd can be used for all necessary auditing. You also have a number of other solutions for keeping track of what has changed on your Linux systems.

Like all other operating systems, you have a big problem if a Linux system has been compromised. The only secure solution is to re-install the system from scratch. This is very time-consuming and disruptive for the users. And if you have a number of servers that are configured in the same way with the same users, you have to re-install several servers.

If you know when the system was compromised, you can use backups to get the system to a point before the attack. But this can often be as time consuming as installing the system from scratch. And it does not really make sense to restore the system before you have worked out how the system was compromised. If you don’t close the security hole, the restored system may get attacked again and you are back to square one.

Server Security

Server security is a complicated subject. Servers are supposed to be used by a lot of people, which means that they have to be accessible. On the other hand, servers often have sensitive data and are important parts of the network so it is very important that they are secure.

A server can run a lot of different operating systems. Nowadays most servers are running some version of Windows or Linux. But many other operating systems are also used. It is a mixed blessing securing a server running an OS that is not very popular. Already in the 1990s, Novell pointed out that its NetWare networking operating system was quite safe, after all it was using IPX, not TCP/IP as most other computers on the Internet. Anyone who wanted to break into a Netware server had to design their own attacks. This of course required a fair bit of knowledge about both NetWare and the IPX protocol. Attacking TCP/IP computers on the other hand did not require much skills, you could find ready-made attack methods and programs on the Internet. But if an operating system is not much used, security flaws may also take longer time to detect and to patch.

Popular server platforms, such as Linux and Windows, may have a lot of known security flaws but they quickly detected and solved. But servers have to be patched regularly. Many successful attacks are taking advantage of security flaws that have been known, and solved, several months ago, sometimes even for years. One of the biggest problem is to keep up with all new patches. This is not a big problem if you only have one or two servers. But today, a lot of places have hundreds of servers. This creates a problem, it will generally takes quite some time to apply patches to all servers. Before all servers have been patched, new fixes have been released.

As mentioned, server security is dependent on the server platform. Someone who tries to break into a Linux server trying to exploit known Windows security flaws will not be very successful. The same goes for the good guys, how to secure a server depends on what kind of server you are securing. Here you can learn more about Windows server security. The success of Linux has made it a very lucrative market. Linux solutions used to be cheap but once Linux started to become popular with large companies, the money in the Linux world has become much bigger. This is true both for Linux software and jobs. Here is more information about Linux server security.

It should also be pointed out that although most threats come from the outside world. Most of the successful security breaches are done by insiders. Today’s firewalls are very good at keeping outsiders away from your servers but firewalls don’t help against attackers that already have access to the servers. So how can you protect yourself and your servers against inside attackers? Actually, there is no simple solution that will work for all servers. But most systems have features that let you divide users into different groups with different privileges. This combined with auditing features are the best way of protecting your servers. Here is more information about insider attacks

It is especially important to keep file servers secure. One single infected file on a file server can quickly infect a lot of client computers. Unfortunately, running a virus scanner on a file server may slow it down significantly. A busy file server can seldom scan files that are opened by clients, the CPU load required for this quickly makes the server non-responsive. Therefore, many sites disable virus scanning on file servers but make sure that all clients have virus scanning enabled. It is reasonable solution, not as secure as having the file server scanning the files but the server will be able to handle all requests within a reasonable amount of time.