Linux Security 101: Introduction

in #security7 years ago (edited)

In this series of articles, we will be talking about Security. We will begin with a few common facts and misconceptions about Linux, and then we will get our hands dirty.

Please note, you won't be an expert in security after this. Security on servers and computers, is an ongoing battle of keeping your system secure at the same level and making it more secure.

You need years and years of experience to make a system ultra-super-duper secure.


Linux is very secure

Linux is considered to be very secure, and that's why it is used for many critical web services. But is it that safe?

There is nothing "100% secure". The only secure computer/server/phone is the one that's not connected to any network. However, there are many steps you can take to ensure your server/computer is a little more secure than the average server/computer. At some point you begin to trade your convenience for security. You can setup a Two-Factor authentication, add email notifications when a login happens to your server, you can use a standard account instead of an administrator. It all comes down to how many hoops you can jump through.


Convenience vs Security

For example, having an account that you can use without a password, is very easy for you (and everyone else to login). Using a password is not that easy, but it will keep out many intruders. If you use key-based login, is probably the most secure method for SSH.

You will be trading security for convenience due to various reasons, and depending on the risk you are willing to take. A non-secure system does not cost the same with a secure system. You've got to spend a lot of man hours to properly secure a server. If you have to hire an outside team to do this, the cost sky-rockets very easily. So you will be considering what is the most probable thing that can occur to you? Is it a real threat? And is the countermeasures you will be setting up effective?


Linux is as secure as you make it!

In general, yes. Linux is secure on it's own. But it's as secure as you make it! If you start installing tenths of websites and don't ever update them, then it's not secure! If you are using passwords like 123456 (like most of my coworkers do on their work computers), transmitting sensitive data on non-secure protocols (such as FTP) etc.

You must understand that using basic security concepts (like the passwords I talked to you just now), are the key for the first level of defense. You will be getting a little bit of basic training in "Security 101", so be sure to stick around.

I've seen a lot of people telling "I use Linux, so my server, my files, my work, my emails are secure." It might be, but security is an "ongoing battle". Your server is never 100% secure, and it will never be. You have to stay vigilant!


What makes Linux secure?

  • Linux is a multi-user environment, so each user is seperated from the others.

Each user can access only his/her files. In most cases, they can't install software, configure network interfaces etc. All these are done by the superuser. By default, the superuser is the account "root".

Do not give root access to anyone on your server. It's as easy as a simple command to trash your whole system if they don't know what they are doing, as they have access to everything. Even files other users have marked as readable only by them!

Standard accounts can also be used by services, not only people. So it is wise to make PHP run as a standard user and not as root, as a small bug combined with unlimited access can and will be catastrophic.

  • Advantages for multi-user environments

Each user can set file permissions to allow/disallow other users from viewing/editing their files.

Each file has an "owner" and a "group". The owner, the group and everyone else can have different permissions.

If someone manages to break into a user account, it doesn't necessarily mean that your system is compromised (unless of course they have root privileges)

  • Linux is open-source.

There is a common misconception around, that paid software is more secure than free software. This depends on various stuff and staff! For example, Microsoft makes millions every year with Windows, but out of the box Linux is considered more secure. Since Linux is open-source, everyone can see the source code and can contribute. This can make a huge difference on how quickly a security-related bug can be fixed. Windows on the other hand is close-sourced. It means that only people who work for Microsoft, or are contracted by Microsoft can have access to the source code. If Microsoft doesn't hire security specialists, Windows will become less secure, especially if none of the programmers has a strong security expertise.

In open-source software you can have 20+ companies working on a piece of software. Any developer can provide a fix (security or otherwise related), which will be taken into consideration. It is nearly impossible to add malicious code, as it will be discovered. On the other hand, Windows and any other closed-source software can be doing anything under the hood. No third party that hasn't been contracted by Microsoft, can take a peek and fix bugs.

  • Central software channels

If you've read my other tutorials, you noticed that I've been talking about repositories. In Linux, by default, all software packages come from main repositories that are maintained by each linux distro. They are secure, and while there have been incidents of malicious code spreading through them, it is very rare this would happen again.

Also, all packages are checked by a signature that changes even if a 0 changes to 1. This protects in case a package is maliciously modified during download (a.k.a Man in the Middle attacks). The signatures are transfered to your computer/server when you update the repositories. This, however, is not necessarily true if you install third-party repositories. Do your research before adding a repository not maintained by your Distribution team.

Those repositories, do not only hold packages of your operating system. They also include a huge amount of third-party software, that is checked before being deployed. This makes it easy to update your system. You don't have to go to each program's website to check if a new version is available.

  • Attackers are usually lazy

An attacker prefers an easy target, or a moderately difficult target with bigger "wins".

The reason that you are hearing about Windows computers being hacked every day, is because there are simply more Windows-based computers than Linux-based. And most Linux users are professionals or enthusiasts, who are not the ones that will use that easy to find password. They usually pay extra attention to security. Of course there are people who don't know what they are doing on Linux, but they are a very small percentage.


Linux is not immune though!

Linux might be more secure than Windows, but it doesn't mean that it is immune to attacks and viruses. It is usually a case of "not-worth-it" for an attacker, but do not take this for granted. Things change. Use common sense and do not install each and every software package you come across a third-party repository just for the fun of it. You may not like what you will get.


Thanks for reading the Security 101 Intro. In the next part I will be talking to you about Security principles. Click here to read it!

Image source: blr.com.


Craving for more? Until the next part is available, have a look at my Server 101 series:


Also, I am running a witness server.

Please consider voting me, dimitrisp, for a witness if you find what I post & do helpful and add value to the network

You can read my witness declaration here

Sort:  

Thank you for sending donation even though I didn't ask for it. Will follow you and vote for you as witness.

Thank you very much!

Congratulations @dimitrisp! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of posts published

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Coin Marketplace

STEEM 0.25
TRX 0.25
JST 0.039
BTC 95803.39
ETH 3334.91
USDT 1.00
SBD 3.31