SlideShare a Scribd company logo

Basic Linux Security

Download as PPT, PDF
P
pankaj009

This document discusses basic Linux system security. It recommends securing physical access to machines, using the principle of least privilege by limiting accounts, ports, and applications. It also recommends strong passwords, closing unnecessary ports, encrypting network connections, keeping software updated, using intrusion detection, and advanced techniques like auditing OSes and using virtual machines.

1 of 12
Downloaded 125 times
1
2
3
4
5
6
7
8
9
10
11
12
Basic Linux/System Security
Physical Security Physical access to machines Switches instead of hubs
Principle of least privilege Fewest accounts necessary Fewest open ports necessary Fewest running applications
Root Account Used as little as possible Master key to a building Apps use other accounts, if possible People use su, sudo http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/sudo.v80.htm
Passwords >=7 characters Mixed case, letters and symbols Not names or words Keep private Don’t leave them out in the open Change once a month to 6 months Passphrases http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/essential_host_security.htm
Open ports Close all unneeded applications “ netstat –anp” or lsof to see what’s open Ntsysv, linuxconf to shut down Firewalls as a special case for a network Disable, or at least limit, file sharing http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/essential_host_security.htm
Plaintext network connections Email, telnet, web traffic Sniffers http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/ssh-intro.htm
Encrypted network connections Ssh Terminal session File copying Other TCP connections http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/ssh-techniques.v0.81.htm IPSec All packets traveling between systems or networks http://www.freeswan.org https web servers http://httpd.apache.org/related_projects.html
Package updates Available from Linux distribution vendor Sign up for announcements list Use automated update tools: up2date, red carpet http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/essential_host_security.htm
Intrusion Detection System Snort Reports on attack packets based on a regularly updated signature file Install inside the firewall http://www.snort.org
Advanced techniques Audited OS: OpenBSD http://www.openbsd.org Stack overflow protected OS: Immunix http://www.immunix.org Chroot applications, capabilities Virtual machines: VMWare and UML http://www.vmware.com , http://www.user-mode-linux.sourceforge.net TCFS http://tcfs.dia.unisa.it
Resources Distribution security announcements list ISTS Knowledgebase http://www.ists.dartmouth.edu/IRIA/knowledge_base/index.htm Worm characterizations and removal tools Linux and network security papers covering many of today’s topics Ssh key installer ftp://ftp.stearns.org Sans training http://www.sans.org Bastille Linux http://www.bastille-linux.org

More Related Content

PPTX
Linux security
trilokchandra prakash
 
PPT
Security and Linux Security
Rizky Ariestiyansyah
 
ODP
Linux commands
Balakumaran Arunachalam
 
PPTX
User and groups administrator
Aisha Talat
 
PPT
Introduction To SELinux
Rene Cunningham
 
PPT
Intro to linux
Ravi Prakash Giri
 
PPTX
Linux User Management
Gaurav Mishra
 
PPT
Samba server configuration
Rohit Phulsunge
 
Linux security
trilokchandra prakash
 
Security and Linux Security
Rizky Ariestiyansyah
 
Linux commands
Balakumaran Arunachalam
 
User and groups administrator
Aisha Talat
 
Introduction To SELinux
Rene Cunningham
 
Intro to linux
Ravi Prakash Giri
 
Linux User Management
Gaurav Mishra
 
Samba server configuration
Rohit Phulsunge
 

What's hot (20)

PPTX
Basic commands of linux
shravan saini
 
PDF
Network Security Presentation
Allan Pratt MBA
 
PPTX
Samba power point presentation
Md Maksudur Rahman
 
PDF
USB Drivers
Anil Kumar Pugalia
 
PDF
Linux kernel
Mahmoud Shiri Varamini
 
PDF
An Introduction To Linux
Ishan A B Ambanwela
 
PPT
Ch02 System Threats and Risks
Information Technology
 
PPTX
Five Major Types of Intrusion Detection System (IDS)
david rom
 
PPT
Ch07 Access Control Fundamentals
Information Technology
 
PPTX
Server hardening
Teja Babu
 
PPTX
Presentation on samba server
Veeral Bhateja
 
PDF
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Edureka!
 
PPTX
Operating system security
Ramesh Ogania
 
PPTX
Linux System Monitoring
PriyaTeli
 
PDF
Linux systems - Linux Commands and Shell Scripting
Emertxe Information Technologies Pvt Ltd
 
PPTX
Understanding NMAP
Phannarith Ou, G-CISO
 
PDF
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
PDF
SSH
Zach Dennis
 
PPTX
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
PPTX
Linux security introduction
Mohamed Gad
 
Basic commands of linux
shravan saini
 
Network Security Presentation
Allan Pratt MBA
 
Samba power point presentation
Md Maksudur Rahman
 
USB Drivers
Anil Kumar Pugalia
 
Linux kernel
Mahmoud Shiri Varamini
 
An Introduction To Linux
Ishan A B Ambanwela
 
Ch02 System Threats and Risks
Information Technology
 
Five Major Types of Intrusion Detection System (IDS)
david rom
 
Ch07 Access Control Fundamentals
Information Technology
 
Server hardening
Teja Babu
 
Presentation on samba server
Veeral Bhateja
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Edureka!
 
Operating system security
Ramesh Ogania
 
Linux System Monitoring
PriyaTeli
 
Linux systems - Linux Commands and Shell Scripting
Emertxe Information Technologies Pvt Ltd
 
Understanding NMAP
Phannarith Ou, G-CISO
 
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
SSH
Zach Dennis
 
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Linux security introduction
Mohamed Gad
 
Ad

Viewers also liked (20)

PPTX
Linux Security Overview
Kernel TLV
 
PPT
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
PPT
Linux Operating System Vulnerabilities
Information Technology
 
PPT
Unix Security
replay21
 
ODP
Introduction To Linux Security
Michael Boman
 
PDF
How Many Linux Security Layers Are Enough?
Michael Boelen
 
PPT
Linux Security
nayakslideshare
 
PDF
linux security: interact with linux
Ammar WK
 
PDF
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas
 
PDF
Linux Security Scanning with Lynis
Michael Boelen
 
PDF
Partners Healthcare Case Analysis
Sarang Ananda Rao
 
PDF
Linux Hardening
Michael Boelen
 
PDF
Linux Security, from Concept to Tooling
Michael Boelen
 
PPTX
System protection in Operating System
sohaildanish
 
PPTX
Security & protection in operating system
Abou Bakr Ashraf
 
PPTX
Developer < eat love code >
Rizky Ariestiyansyah
 
PDF
Security & Cryptography In Linux
Ahmed Mekkawy
 
PDF
Why linux is better than windows
Shiwang Kalkhanda
 
PDF
Protection in Operating System Layer
Sidharth D
 
PPTX
Unitrends Sales Presentation 2010
lincolng
 
Linux Security Overview
Kernel TLV
 
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
Linux Operating System Vulnerabilities
Information Technology
 
Unix Security
replay21
 
Introduction To Linux Security
Michael Boman
 
How Many Linux Security Layers Are Enough?
Michael Boelen
 
Linux Security
nayakslideshare
 
linux security: interact with linux
Ammar WK
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas
 
Linux Security Scanning with Lynis
Michael Boelen
 
Partners Healthcare Case Analysis
Sarang Ananda Rao
 
Linux Hardening
Michael Boelen
 
Linux Security, from Concept to Tooling
Michael Boelen
 
System protection in Operating System
sohaildanish
 
Security & protection in operating system
Abou Bakr Ashraf
 
Developer < eat love code >
Rizky Ariestiyansyah
 
Security & Cryptography In Linux
Ahmed Mekkawy
 
Why linux is better than windows
Shiwang Kalkhanda
 
Protection in Operating System Layer
Sidharth D
 
Unitrends Sales Presentation 2010
lincolng
 
Ad

Similar to Basic Linux Security (20)

PDF
7 unixsecurity
richarddxd
 
ODP
Securing Your Moodle
moorejon
 
PPT
Addmi 03-addm prerequisites
odanyboy
 
PPT
Low cost multi-sensor IDS system
Robert Schrack
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
PPT
Microsoft Operating System Vulnerabilities
Information Technology
 
PPT
Microsoft OS Vulnerabilities
SecurityTube.Net
 
PPT
Download It
webhostingguy
 
PPTX
Palo Alto Networks PAN-OS 4.0 New Features
lukky753
 
ODP
Nadhiya lamp
Nadhi ya
 
PDF
Linux security quick reference guide
Craig Cannon
 
PPT
Windows network security
Information Technology
 
PPT
Freeware Security Tools You Need
amiable_indian
 
PPT
Internet Security
Anne Adrian
 
PPT
How hackers attack networks
Adeel Javaid
 
PPT
Install and configure linux
Vicent Selfa
 
PPT
Linux filesystemhierarchy
Dr. C.V. Suresh Babu
 
PDF
Hardening Linux, introducing Securix GNU/Linux
Martin Holovský
 
PPT
Ch 22: Web Hosting and Internet Servers
webhostingguy
 
PPT
Linux Vulnerabilities
SecurityTube.Net
 
7 unixsecurity
richarddxd
 
Securing Your Moodle
moorejon
 
Addmi 03-addm prerequisites
odanyboy
 
Low cost multi-sensor IDS system
Robert Schrack
 
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
Microsoft Operating System Vulnerabilities
Information Technology
 
Microsoft OS Vulnerabilities
SecurityTube.Net
 
Download It
webhostingguy
 
Palo Alto Networks PAN-OS 4.0 New Features
lukky753
 
Nadhiya lamp
Nadhi ya
 
Linux security quick reference guide
Craig Cannon
 
Windows network security
Information Technology
 
Freeware Security Tools You Need
amiable_indian
 
Internet Security
Anne Adrian
 
How hackers attack networks
Adeel Javaid
 
Install and configure linux
Vicent Selfa
 
Linux filesystemhierarchy
Dr. C.V. Suresh Babu
 
Hardening Linux, introducing Securix GNU/Linux
Martin Holovský
 
Ch 22: Web Hosting and Internet Servers
webhostingguy
 
Linux Vulnerabilities
SecurityTube.Net
 

More from pankaj009 (6)

PDF
Ipv6 Certificate
pankaj009
 
PDF
Idc Reducing It Costs With Blades
pankaj009
 
PDF
Open Virtualization 2
pankaj009
 
PDF
Sunserver Open Solaris
pankaj009
 
PDF
Virtual Directory
pankaj009
 
PDF
Idc Reducing It Costs With Blades
pankaj009
 
Ipv6 Certificate
pankaj009
 
Idc Reducing It Costs With Blades
pankaj009
 
Open Virtualization 2
pankaj009
 
Sunserver Open Solaris
pankaj009
 
Virtual Directory
pankaj009
 
Idc Reducing It Costs With Blades
pankaj009
 

Basic Linux Security

  • 2. Physical Security Physical access to machines Switches instead of hubs
  • 3. Principle of least privilege Fewest accounts necessary Fewest open ports necessary Fewest running applications
  • 4. Root Account Used as little as possible Master key to a building Apps use other accounts, if possible People use su, sudo http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/sudo.v80.htm
  • 5. Passwords >=7 characters Mixed case, letters and symbols Not names or words Keep private Don’t leave them out in the open Change once a month to 6 months Passphrases http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/essential_host_security.htm
  • 6. Open ports Close all unneeded applications “ netstat –anp” or lsof to see what’s open Ntsysv, linuxconf to shut down Firewalls as a special case for a network Disable, or at least limit, file sharing http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/essential_host_security.htm
  • 7. Plaintext network connections Email, telnet, web traffic Sniffers http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/ssh-intro.htm
  • 8. Encrypted network connections Ssh Terminal session File copying Other TCP connections http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/ssh-techniques.v0.81.htm IPSec All packets traveling between systems or networks http://www.freeswan.org https web servers http://httpd.apache.org/related_projects.html
  • 9. Package updates Available from Linux distribution vendor Sign up for announcements list Use automated update tools: up2date, red carpet http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/essential_host_security.htm
  • 10. Intrusion Detection System Snort Reports on attack packets based on a regularly updated signature file Install inside the firewall http://www.snort.org
  • 11. Advanced techniques Audited OS: OpenBSD http://www.openbsd.org Stack overflow protected OS: Immunix http://www.immunix.org Chroot applications, capabilities Virtual machines: VMWare and UML http://www.vmware.com , http://www.user-mode-linux.sourceforge.net TCFS http://tcfs.dia.unisa.it
  • 12. Resources Distribution security announcements list ISTS Knowledgebase http://www.ists.dartmouth.edu/IRIA/knowledge_base/index.htm Worm characterizations and removal tools Linux and network security papers covering many of today’s topics Ssh key installer ftp://ftp.stearns.org Sans training http://www.sans.org Bastille Linux http://www.bastille-linux.org

Editor's Notes

  • #2: The Investigative Research for Infrastructure Assurance (IRIA) group is part of the Institute for Security Technology Studies (ISTS) at Dartmouth College. IRIA focuses on electronic crimes that involve or target computer networks, for example, the denial-of-service attacks that shut down Yahoo and other major web sites in February, 2000. Our web site at http://www.ists.dartmouth.edu/IRIA/ has more information about our projects and staff.
  • #9: Both tools provide strong authentication for the host by checking a host key at each connection setup. If the host key changes, loud warnings go out and packets are not allowed to pass. Ssh also authenticates the user making the connection, by means of a password or passphrase.