Linux Security and Hardening
General Linux Security
Physical Security for Linux
Network Security in Linux
Additional Security Resources
In this section, you’ll take a deep dive into Linux security. You’ll build your knowledge and skills through a comprehensive overview of the key areas that you need to know to secure Linux systems.
You’ll begin with Linux security in general before moving on to physical security and the countermeasures you can employ to protect your hardware. From there, you’ll explore authentication systems and the various account types on a Linux system, and how to secure each one. You'll also learn how to enforce strong passwords and manage account and password expirations.
In the networking section, you'll learn how to secure network services that run on Linux systems. You'll also learn how the local firewall works in Linux and how to configure it. You’ll learn about file system security and how permissions work in detail, including special modes, file attributes, and ACLs. You'll also discover what rootkits are, how to detect them, and how to remove them.
You’ll also find several security resources you can use to continue your security education and stay on top of the latest security issues for Linux distributions.
There are several knowledge checks as you go through these resources. These will help you identify any areas that you might need or want to review. At the end you’ll find a final exam, where you can test yourself on what you’ve learnt.
- Get a general view of Linux security including roles, network services, encryption, accounts, and multifactor authentication
- Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
- Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
- Understand the different types of accounts you'll find on a Linux system and the special precautions you need to take with each account type
- Learn how to enforce good password security practices on your Linux systems
- Learn about multi-factor authentication and how it can be implemented in Linux
- Learn techniques and strategies to secure network services
- Learn how to secure your files and directories on Linux through permissions, data sharing, special modes, file attributes, ACLs, and rootkits
Is Linux secure? That's the big question, and it's a very broad question too. The truth is that nothing is perfectly secure. Security is really a series of trade-offs. Many times, these trade-offs are between convenience and security. When I say convenience, I'm also talking about ease of use. For example, Linux would be easier to use and more convenient if users didn't have to identify themselves before they gain access to the system, but that wouldn't be very secure. This is just one very simplistic example of a security trade-off. You'll often be making trade-offs based on the severity and probability of the risk you're trying to mitigate. Cost considerations, effectiveness of countermeasures and system performance will also be taken into account before you decide to make a trade-off. In general, Linux is secure, but it's really only as secure as its users and system administrators make it and allow it to be. Linux can quickly and easily be made into a very unsecure platform. For example, a user could change the permissions on a file that contains sensitive data, such that anyone on the system could read it. a system administrator could change all the files on a system such that everyone could modify them. Users could use easy to guess passwords. Data could be transmitted in the clear to or from a Linux system over a public network. Software could be installed on a system that has security problems. If users and system administrators don't have the proper training or security awareness, these types of issues can easily crop up. We'll be talking about the details of each of these examples and many more. More importantly, you'll learn about ways to protect your Linux systems from these issues later in the course. The point is that I don't want you to fall into the trap of thinking the Linux is secure and then assuming you're going to be safe from attacks. Don't think, my website is hosted on a Linux server, it's secure. I'm perfectly safe. Our database runs on Linux too, we'll be fine. Just because you're using Linux, doesn't absolve you of creating a secure computing environment. It's also an ongoing process. You have to work at security and maintain your level of security throughout the lifespan of your Linux systems. Don't fall into the trap of believing that since Linux is more secure than Windows, you don't need to be vigilant and security conscious.