Internet security for Linux users

Someone told me that Linux is more secure than other operating system.  I also have been told that no intruder would make effort to crack a Linux system as it is very hard to break.  Do these correct?  However, I do not agree in some point of views.

In general, Linux is one of the most secure operating systems in the world.  The developers are trying their best to make the operating system secure.  The source code is open to all for inspection which includes *Black Hats and *White Hats.

I am not going to discuss about the physical security on the computer system in deep.  I am going to discuss about internet security for Linux users only.  I also do not touch the wireless security area.  However, other operating systems may be applied for.

BIOS password can protect your BIOS from being changed without authority.  Disable USB ports can protect your data from being stolen.  Chassis lock can protect your hardwares from being stolen.  Login and screensaver password can protect your desktop/computer from being access without authority.  They are all about physical security.

Internet is one of the things that modern human beings live without it.  Everyone surfs the internet every day.  Go everywhere to surf and download.  Funny?

Some Linux users may think that Linux is secure and it cannot be infected by virus or malwares.  However, some careless Linux users may go to a phishing website for entering their bank account password.  They will go to a cracker website to download free softwares which may include *rootkit.  Their Linux boxes may be attacked by intruders via internet connection every second.

Linux operating system is changing everyday.  The application softwares are changing everyday.  The method of attacks are changing everyday.  The software flaw may in every software including Linux kernel.

Some Linux distributions ask user to set his root password during installation.  However, almost every Linux user will set a simple root password.  Some of them may set a password that is very easy to guess and remember.  The only solution is to set a complicated root password which includes symbols, numbers, small and capital letters.  The complicated password is also applied to normal users.  I suggest to change your password in every six months.

Some Linux boxes may not applied security patches for some reasons.  Yes, it will happen to some companies or home users.

Firewall is a passive protection tool.  Almost every computer system will install it.  However, no one rule can protect all kind of intrusion.  It cannot block the intrusion automatically.  Intrusion Detection System (IDS) can detect the intrusion but it cannot stop the attack without human beings.  

There are host based and network based IDS.  Host based is protecting one standalone computer system or server.  Network based is protecting the whole network that including Unix and Windows based network.

For better protection on your computer system, I suggest Intrusion Prevention System (IPS).  It is same as IDS but it can stop the attack automatically without human beings or security experts.  You can block the intruders for ever or in a period of time.  IPS can detect the latest trend of attacks by updating the rules.

Commercial IPS is very expensive that not every small firm and home user can afford.  How about we build one for ourself using Open Source software?  Sure, we can.  Take a look at http://www.snort.org

However, I am not going to discuss how to set up a snort based IDS or IPS here.  Any interested Linux user can study Snort and build one themselves easily.

Internet security is important for every user.  It just like your metal gate, window frames and burglar alarm system at your home.  Computer security is not only talking about whether you have valuable data or information inside your boxes.  It is also talking about to prevent your boxes from being a tool for Black Hats.

Samiux

*Note :
Black Hat – is a collective term for computer experts who doing harm on other's computer.

White Hat – is a collective term for computer experts who doing good to prevent or alert others from being attacked by Black Hat.

Rootkit – is a software which will grant the right of root and control your computer system that you will not notice.

[ 本帖最後由 samiux 於 2008-12-21 10:44 編輯 ]

多謝 Samiux 兄分享

依家 D Distribution 幫人 Install 時 Setup 埋 Firewall 都已經幫到好多   IDS/IPS o個 D so far 唔好話屋企用家, 就算公司都唔係個個會用

不過 Remote Security 永遠都係 "A chain is only as strong as its weakest link", 是但一樣出事就會俾位人"入"到。 我自問見到最 Common 俾人入到o既都係因為有 SSH account 用 D 太簡單o既 Password

講開又講, 可能係依家 D Linux Kernel 安全o左, 又可能係 D Cracker tools 冇以前勁, 呢兩年就算見到 D system 真係一個唔覺意俾人入o左, 我見到o既 Privilege Escalation 都少o左... 雖然用你部機做衰o野就必然, 但咁至少破壞力已經少好多先。

TOP

To put it simply, no OS is safe in the hands of a dumb***. Every computer user should know how to keep their OS secure (like periodically checking for system updates) and how not to fall into phishing traps.

[ 本帖最後由 Phil_123 於 2008-12-21 18:12 編輯 ]

TOP

Phishing and SPAM IQ Test:
http://www.sonicwall.com/phishing/

TOP