Search My Blog

Monday, September 21, 2009

DistroWatch.com: Put the fun back into computing. Use Linux, BSD.

Feature Story (by Caitlyn Martin) Linux Security Basics, Part 1: Authentication

There have been a number of discussions, some of them fairly heated, about system security in the comments section of DistroWatch Weekly (DWW) over the last couple of months. Some have even argued against what most would consider basic Linux security. As a result I received a number of requests to write an article covering Linux security basics, complete with references. There are, of course, entire books written on Linux security and as I began writing, it became clear that one article just wouldn't do the subject justice. Consider this week's feature to be a starting point for a small, intermittent series of articles about Linux security.

I have limited the scope of this article and any future DistroWatch features on security to what makes sense to the home or small office user or, in other words, environments with just a handful of systems and users. Most of what follows can be applied to BSD, OpenSolaris, or indeed any UNIX or UNIX-like operating system, though the file names, specific commands and syntax may be somewhat different. To keep things simple I'm going to stick with Linux systems.

Before I get into describing basic Linux authentication, the recent discussions made it abundantly clear that I need to first define what I mean by security. I also have to answer the most basic question which is why we need to bother with security at all. Some DWW readers claim to have all but ignored security without a single problem for many years. Those claims are undoubtedly true. That doesn't mean the potential for real problems isn't present. Kurt Seifried, in his Linux Administrator's Security Guide, writes: "You only need to make one mistake or leave one flaw available for an attacker to get in. This, of course, means that most sites will eventually be broken into." He adds: "All technical security measures will eventually fail or be vulnerable to an attacker. This is why you must have multiple layers of protection."

Read more...
http://distrowatch.com/weekly.php?issue=20090921#feature

Don

No comments: