Even if it were possible to lock a system down air tight, it is not always practical to invest the time and effort required to do so. The best thing to do is to first determine your risk, and then secure accordingly.
- Threat: What is the probability of you coming under attack? Who will be trying to penetrate you? Will you be targeted by seasoned hackers with a bone to pick, or are you only concerned with keeping the $cript kiddies out? Do you have many users, or are you the only one? Are your users trusted, or are they experienced programmers who like to “play”? Are you a reviled site, such as microsoft.com, or are you an innocuous cable modem or dialup user?
- Vulnerability: How susceptible to attack is your host? Do you run many services? How exploitable are they? How accessible is your host? Is your host behind a firewall? Do you offer remote access, and if so, how? Do others have physical access to your host? What other potential points of compromise are there?
- Impact: What are the ramifications if your machine is compromised? Will proprietary data enter the public domain? Is there sensitive or potentially embarrassing information on your computer? Will downtime have a financial impact on you? How long will it take you to get up and running again, and how much effort will it require?
Security is a process, not a permanent state. Once you’ve taken the initial steps to secure your box, you must engage in regular maintenance to ensure that your box continues to remain secure. To ensure continued security, regularly do the following:
- Keep current with patches – Keep current with your distribution’s security updates, and patch on a regular basis.
- Monitor Log files – Logfiles should be monitored regularly for anomalous events. Monitoring with automated tools is acceptable provided you do a regular manual audit of log files as well.
- Audit Password Strength – Run a password auditing tool such as john the ripper every month or so to check for insecure passwords.
- Check your binaries – Regularly scan your system for trojaned or otherwise altered binaries using both an integrity checker, and trojan scanner.
- Check for Remote Vulnerabilities- Periodically run a current vulnerability scanner against your machine from another box, preferably one outside of your firewall.