Securing Linux: Part 1
"Security is not an option, but a way of life". This is the mantra given by Kurt
Seifried, the author of the famed 'Linux Administrators Security Guide' and
numerous other Security HOWTO's available out there.
The theme in these series of articles is to make one aware of the trivial
security concerns on a stock Linux box. This article aims at giving novice users
an insight into conducting a security audit of their systems and helping them
take corrective measures in order to avoid any future security lapses.
Throughout this article, you will find pointers to various other security
howto's and research. This Security guide isn't a substitute for them but merely
a look at the various facets of insecure networking that are a part of our
everyday computing lives.
Everyday as you log on to the Internet to transact your daily business, your
data has to pass through hundreds of machines out there before it reaches its
final destination. En route, from point A to B, anyone can sniff your packets of
data, analyze the contents and maybe even reframe the packet contents. There is
no dearth of sniffing, cracking tools and password breaking tools out there. You
have a lot to worry about before you can consider your network safe.
Take it one step at a time, one day at a time. The only weapon by your side is
your Knowledge. Keep yourself updated with the latest news from the security
front. Look out for bug releases at the major security sites on the Internet.
Patch your software as soon as the exploits are revealed. You have to be very
active to ensure that you are always one step ahead of the rest.
Many organizations use BIOS security passwords in order to restrict access to
machines. But in contradiction to this security, the employees have POST-IT
notes on their desktop with the BIOS password written on it.
There have been instances where the organization's unofficial policy is to
maintain a single syllable password "x" for all the users of the machines in
their network. Certainly makes life so much simpler both for the system
administrator, user and the cracker. The point we are trying to make here is
the need to change people's attitude towards security.
So who are we trying to condemn? No one to be precise. But what we are saying is
that the only way you can ensure that your data is 100% secure is to turn your