OS Hardening and Other Essential Linux Skills for Maintaining Security


This article can also be found in the Premium Editorial Download "Information Security magazine: Closing the gap: How to decide when (and if) to patch vulnerabilities."

Download it now to read this article plus other related content.

The increased reliability and potentially better security of Linux is tempting more than a few frustrated Windows shops to consider jumping ship to the popular open source OS.

You'll need competent

    Requires Free Membership to View

Linux administrators and managers to deploy and maintain secure systems. This is critical, since the security of any system is directly proportional to the abilities and experience of the people operating them.

While there are a number of things you'll want your Linux administrators to know, they should have the following security-specific Linux skills.

- OS Hardening. This involves reconfiguring core settings, deactivating unneeded programs and tuning the remaining services for better security. In Linux implementations, this also can involve configuring the embedded system-level firewall. These steps will mitigate most known vulnerabilities and neutralize most attacks -- up to 97% in some lab tests.

Freeware applications and tools like Bastille Linux, Titan and the Center for Internet Security's (CIS) Unix security scoring tool help audit the hardening work once it's done. CIS's Linux Benchmark and books like Building Secure Servers with Linux are practical, step-by-step guides for hardening Linux and Unix systems.

- System Assessment. Once an OS is hardened, an administrator must be able to determine if it has been attacked or compromised. System assessments start with creating a baseline of the normal system and then checking the system against the baseline on a regular basis. This assessment might begin with looking at what programs are running, what user context they're running under, what files they have open and what their level of resource consumption is.

This process is both highly technical and somewhat intuitive, thus requiring experience and knowledge. An administrator must know what information is important and how to gather that information. Experience will tell an administrator when something is amiss. Technical skills come into play to discover if the problem is really an attacker or just a system failure, such a faulty hard drive or overloaded application.

- Intelligence Gathering. Next, your administrator must be able to gather and manage intelligence specific to your systems' security. A Linux administrator needs to know what techniques are used by both attackers and defenders. He or she must be able to follow the trend data to keep up to date with current attacks. This helps an organization adapt its defensive posture to changing threat conditions.

Of course, security intelligence directly feeds into the first two skill sets. A good Linux or security administrator will check sites such as SecurityFocus and Incidents at least once per day for alerts and advisories. Security newsletters published by supporting vendors and media outlets help administrators keep up with threat trends.

Where will you get people with such skills? Believe it or not, a good place to start is with your Windows administrators, many of whom are closet Linux geeks or have experience on Linux systems. They'll also have a firm understanding of hardening systems, since locking down Windows boxes before they go into production is nearly a necessity.

About the author
JayBeale is the lead developer of the Bastille Linux project.

This was first published in March 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.