Protecting against attacks
Disabling Control Alt Delete
The course is part of this learning path
In this course, you'll learn about the importance of physical security and the threats posed by attackers who gain unauthorized physical access to your Linux system. We'll cover a range of points to consider when securing your Linux systems and the best strategies to take.
- Understand the security challenges you'll face both when in direct control of your physical systems and when you use a third party to host them
- Understand what to look for when choosing a third-party provider
- Understand the physical security implications of using cloud environments
- Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
- Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
This course is intended for anyone who wants a solid grasp of physical security considerations for their Linux system.
To get the most out of this course, you should already have a good working knowledge of Linux. If you want to brush up on your Linux skills, consider taking our Learn Linux in 5 Days learning path first.
Linux security starts with physical security. If someone has physical access to your Linux system, meaning that they can physically touch your system with their hands, then they can bypass almost any other type of security in place. For example, if you have extremely tight network security on your Linux server, but don't protect physical access to your server, then the network security doesn't matter because it can be bypass by simply pressing the power button on the server, interrupting the boot process, and entering into single user mode. Now the attacker has unfettered access to the system, where they can disable the network security, install their own software on your system, or do anything else they want to your system. We'll be talking about ways to protect against some of these types of attacks in this section of the course, but even with these countermeasures in place, it's important that you restrict physical access to your system to only those that need access and to those that you trust. Before we get into the Linux-specific parts of physical security, I want to talk about physical security in general and share some guidelines that you should consider. At the most basic level, physical security involves keeping your systems out of the reach of potential attackers. If your servers are under your control, then you want to keep the data center and/or computer rooms locked at all times. Only give keys or key cards to people that need access. You want to keep your computer rooms locked because you don't want just anyone, any employee of your company or guests, to wander into your computer room. Even if they don't have malicious intent, they could accidentally power off the system or disconnect the system from the network. So in general, it's not a good idea to allow people access to your systems, even if you don't take into account the security implications. If the computer rooms are unlocked, then someone could enter the building and then get access to the computer room. This could be an existing employee, a former employee, or even someone who does not work at the company but gained access to the building. Be sure to stay on top of the access. As people's roles change and their needs change, their access may need to change as well. When someone leaves the company or no longer needs access, be sure to get their key or disable their key card. If you have multiple computer rooms, limit the access by each computer room individually. For example, if the Windows servers are in one computer room and the Linux servers are in another, then only give the Windows administrators access to the Windows computer room, and only give the Linux admins access to the Linux computer room. All servers should be in a locked data center or computer room. So don't keep servers laying under your desk, for example. Only allow visitors access to your data center that need access. For example, if your company gives tours of its facilities, don't let people into the locations where your servers are located. It's probably even best to not mention where your server room is located. When visitors are given access, they should be escorted and accompanied. Types of visitors that have a legitimate reason to be in your computer room include electricians, heating and cooling technicians, and computer repair personnel. Let's say that a power supply failed in one of your servers, and someone is sent from the hardware vendor to replace that power supply. That person should be accompanied while they are in the computer room or data center. They should be taken directly to the server with the issue. Ideally, you want to watch to make sure that they only replace the power supply and not perform any additional actions. Also, keep a log. When a user logs into a Linux system, there is a record of that access. Likewise, you should keep a log of who and when someone accesses a computer facility. If you have a badging system in place, then a log may be kept on that system. In any case, there needs to be a log of visitors. Maybe your company isn't large enough to have its own data center and computer rooms, or maybe your company doesn't want to be in the data center business. In these cases, here are some things to consider when your servers will reside at a location that is not under your direct control. You can think of data centers, or co-location facilities, like a bank. A bank is a place where large amounts of money is stored. And likewise, a data center is a place where large amounts of data is stored. One way to get access to large amounts of money is to rob a bank. Likewise, one way to get access to large amounts of data is to gain physical access to a data center. Since you don't have direct control of the data center, you wanna make sure it has physical security processes, procedures, and controls in place to protect your valuable data. Here are some things to look for in a data center. These are some of the same considerations for your own data center or a third party data center. Does it have access controls in place? Do they have security guards, gates, and checkpoints? Do they have video surveillance systems? Do they use intrusion detection technology or alarm systems? Do they employ the use of multi-factor authentication? For example, they employ the use of key cards and some sort of biometric scanning, such as a fingerprint reader. Do they have a need-based access policy? Do they revoke access when needs change? Do they use ID badges for employees, and are they photo ID badges? Do they do background checks on their employees? Is there another layer of security around your servers? For example, if you have an entire rack, does that rack lock? Or if you have a group of racks, are they separated from the rest of the data center, in a locked cage? Is the data center in a nondescript facility? Here's a picture of an actual data center. It's a fairly plain building. You can't really tell what's inside it. Here's another picture of an actual data center. In this one, you can see some security cameras on the building if you look towards the top right of this image. Again, this is a rather nondescript building. If the data center looks more like this, then maybe you should consider looking for another facility. Obviously, this is fake, but you get the point. Let's talk about the cloud. The important thing to realize about the cloud is that even though many things are virtualized, such as virtual machines, virtual CPUs, virtual memory, and virtual storage, it all runs on real actual hardware. As an end user of cloud technologies, you don't need to know about the underlying hardware. However, from a security perspective, you need to know about real world physical security in addition to securing the virtual components. If you are hosting your servers in the cloud or running virtual machines on some other company's hardware, then you need to determine what their physical security policies are, just like you do when you're looking for a data center to house your own servers. Remember, once you strip away all the layers of virtualization, you end up with actual physical hardware that makes cloud computing possible. In addition to physical security, you need to consider that your data resides on their storage platform. For example, what looks like a physical disc to your virtual server could be as simple as a single file on a disc on your cloud provider server. Since the cloud provider owns the physical host and has access to all the storage, then they have access to your disc image and your data. Potentially, they could look at or even alter your disc images. If your cloud provider has a disc encryption service, consider using it. If you don't, then do the encryption yourself inside the virtual machine or accept the risk. We'll be talking about data encryption in more detail in just a couple of minutes, but for now, just know that it's a potential attack surface.
Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Amazon.com. Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.