Linux Server Security
Linux server security is without a doubt a subject that should remain first and foremost in our minds, whether we have built a home gateway or a production server for business purposes a Linux server that has been compromised becomes a liability to its owner and its users.
The incredible number of bad elements on the internet makes Linux server security a top priority when building a machine that will be connected to the net or indeed any public network.
So what do the hackers and crackers of the world want with your Linux server? Well, some people would be genuinely disappointed to discover that the vast majority of break-in attempts conducted on Linux servers are not to steal priceless company or personal data held on that server, although this does occur targetted attacks are in the minority. The prize most of these attackers seek is your Linux server itself.
Your Linux server is an invaluable tool to those who participate in activities that are questionable or simply illegal. Two activities that spring to mind immediately are spamming and phishing.
Spamming is the act of sending bulk unsolicited electronic messages, the most widely recognized form of spam is spam emails but unfortunately, spam can also be sent using other media such as instant messaging, social networks, wiki's and online classifieds just to name a few.
Spam emails may attempt to sell you a product (which may or may not be genuine, likely not), promote a website (usually porn or gambling), defraud its recipient (Nigerian 419 scams and the like), lure you to a fake website (see phishing) or spread viruses.
Spamming is wholly and solely a numbers game, the more emails you send out the more likely someone will read it and fall for your scheme. At least 85% of email traffic on the internet is spam.
Phishing can be considered to be the process of attempting to acquire sensitive information such as usernames, passwords, and credit card details. Usually, the usernames and passwords cybercriminals attempt to acquire are those used for internet banking and other financial transactions.
Phishing is an expansion of spamming, where a bulk email purporting to be from a bank or financial entity invites the user to enter their details online via a link within the email that leads to a carefully crafted website. The website and its URL have a look and feel almost identical to the legitimate one. Once the scammers have the user's bank login they waste little time emptying bank accounts.
Unfortunately for the spammers, phishers and other online criminals finding a safe home for their dubious operations can present many challenges. Many countries now have legislation against activities such as spamming and fraudulent activities such as phishing are illegal everywhere.
In the instance of spam an example, ISP's and countries that have become known to be sources of spam are often blocked by network and mail server administrators. Mail from these known spam sources is simply not acceptable.
Block lists such as SpamCop and Spamhaus contribute to the reduction of spam by providing dynamic databases of IP addresses that have been known to send spam that is queried by production mail servers before the email is even accepted. As a result of this spammers must constantly seek new hosts through which to send their junk emails.
Your Linux server conveniently provides a web server and a mail server from which the criminal element can operate their various scams with little fear of being caught or blocked, at least in the short term.
Once they have established access to your machine it can also become a platform for them to conduct attacks on other hosts as well. There can often be a reasonable length of time between your Linux server being compromised and you becoming aware of it, usually when the sales department tells you customers are not receiving their emails because the recipient's ISP is rejecting them.
Implementing Linux Server Security
So now that we know why our Linux server is at risk the next step is to prevent intrusion from unwanted visitors and retain control of our machine. There are a few good practices that can ensure reasonable Linux server security without going to extremes and when adopted will keep the unsavory element at bay. We will cover each one more thoroughly on the other pages of this section.
- Activate your Firewall Linux server if necessary
- Ensure your users keep secure passwordsKeep the operating system up to date
- Be aware of security issues that may emerge on the programs and services you use
- Disable any unnecessary programs and services