Linux security for SMBs: Check IT List

More on security for SMBs Systems management essentials for SMBs Read more SMB security tips

General server security rules

Linux security requires some of the same rules applied to other servers, regardless of the operating system. Here are some general server security rules to know first:

• Turn off all unneeded services and close their respective ports. If your server is a file repository, for example, and not for sending email, then turn off SMTP and close port 25. Also close off any other open ports that aren't used by the server. Conduct a careful audit of default settings and configure them so as not to leave open any known backdoors posted on hacker Web sites.
• Make sure the server is up-to-date with the latest security patches. At the same time, make sure all software is updated to the latest versions, some of which has been updated specifically for security holes discovered since the prior release.
• Restrict access to the server to only those who need it for specific maintenance purposes. Conduct regular audits of accounts to prune out employees who no longer need to work on the server or who have left the company. Dormant and dead accounts are at risk to be resurrected by malicious users.
• Install host-based firewalls on servers to add an extra layer of security. Several Linux distributions come by default with iptables, a simple packet-filtering firewall. Configure and turn it on.
• Monitor and log all server activity with intrusion detection and prevention systems. Like all other operating systems, Linux also has native logging features. This is important because Linux can still be victimized by rootkits and other malware, and often the only way to detect malware on Linux is through careful reviews of logs.
• Dedicate a single server to each server, such as email and Web. If it needs to be Internet-facing, put it in your demilitarized zone.
• Pay attention to physical security. Put servers in locked server rooms in locations inaccessible to non-IT staff.

Linux server security rules

Specific security controls for Linux fall into three areas: access management, remote administration, and upgrade and patch management.

Access management

Carefully review accounts that have access to the system and monitor what they have access to. Linux has a strong file permissions system through the root user. But if a user is compromised, an attacker can take full control of the system -- and then possibly your network -- through the compromised machine. Segregate users into groups and remove root access from those who aren't system administrators. Certain system files have only root access for a reason. They should only be accessed by system administrators and no one else.

Also, restrict the use of set user ID files that provide escalated root privileges to ordinary nonroot users.

A nice tool for system administrators that comes packaged with Linux is sudo, which allows a user to temporarily be rooted for restricted system tasks. Accounts that need root access have to be added to a sudo configuration file. Even then, they are only given permission to execute a specific command as root and not complete control of the machine.

Remote administration

Linux can be remotely managed with Secure Shell (SSH), which securely encrypts traffic to and from the server. Unlike Telnet, which operates in clear text, SSH encrypts not only the login user ID and password, but also the data sent afterward. It can be configured to allow traffic from only certain servers on the network and to allow only certain users access to the server.

Turn off the "r" services, which allow remote access to the server and restrict access through configuration files to Samba and Network File System (NFS), both of which allow file sharing and are insecure by default. Samba connects to Windows shares and NFS is unencrypted, exposing traffic in clear text.

Upgrade and patch management

Each Linux distribution has its own method for distributing automatic upgrades to its systems. Ubuntu and Debian use the popular and widespread apt-get, while Fedora and Red Hat use yum, another well-known application. Mandriva and SUSE use their own distribution systems altogether.

They also respond to security updates at different rates -- some slower, others faster. This is something that should be considered when choosing a Linux distribution.

This is only a brief introduction to Linux security. As with any security implementation, make sure to do a thorough risk analysis of your Linux system to determine the right level of security and the best approach for your particular network.

Joel Dubin, CISSP, is an independent computer security consultant in Chicago. He is a Microsoft MVP specializing in Web and application security and is the author of The Little Black Book of Computer Security from Amazon.com.

Rate this Tip To rate tips, you must be a member of SearchCIO-Midmarket.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Information security management for the midmarket Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Gartner: Vetting security of third-party partners in five steps Business software for the midmarket How to create and measure success of a SharePoint governance program Involving users in business intelligence strategy key for success Successful SOA means a long process made of small projects Key IT software solutions: Making smart choices in tough times Business intelligence vendor comparison: Gartner analyzes the big four SaaS project costs in detail: The payoff isn't always in cash CIOs share SaaS contract advice on pricing, customization and more How to build an effective corporate performance management strategy SharePoint alternatives seek to fill in the gaps Packaged social network platforms help manage, grow online communities Open source midmarket software Business software guides for the midmarket: CRM, ERP, Web 2.0 and more Open source solutions vs. SaaS applications: Weigh the options Microsoft releases code to the Linux community -- and? Key IT software solutions: Making smart choices in tough times Information systems management for the midmarket How to choose the right open source solution for your business Open source applications sit at IT strategy table during recession OpenOffice takes on Microsoft Office at SMBs Open source and SMBs: Open your mind Open source and SMBs: Answers RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.