Securing Linux, Part 1: Introduction

By Mario Eberlein, Rene Auberger, Wolfram Andreas Richter
2005-04-21


Resources
• Read the other installments in this Securing Linux series on developerWorks.

• See the Committee on National Security Systems' National Information Assurance Glossary for a compendium of system security definitions.

• Bruce Schneier's Secrets and Lies: Digital Security in a Networked World (John Wiley & Sons, 2004) is an exploration of computer system threats, the hacker mindset, prevention, security system implementation, and more.

• For a general overview and resource guide for those working to provide a secure Linux environment, read Addressing security issues in Linux ( developerWorks , June 2001).

• Practical Linux security ( developerWorks , October 2002) emphasizes that good security begins with good user management.

• The Secure programmer column on developerWorks is an ongoing series dedicated to helping you write secure programs for Linux.

• Integrity: further reading
• Building the Ideal Web Hosting Facility: A Physical Security Perspective by Seth Friedman (SANS Institute, February 2003) looks at physical security in the context of building a Web hosting facility.
• Wikipedia explains the man in the middle attack, a type of attack in which a third party is able to read and modify messages sent between two unknowing victims.
• Read Wikipedia's explanation of digital signatures.
• Checksumming is a common way to validate data integrity. Enhancing File System Integrity Through Checksums gives a good overview.

• Confidentiality: further reading
• Pluggable Authentication Modules allow multiple authentication mechanisms to be configured and leveraged within the Linux operating system.
• This NIS-Howto describes how to configure Linux as an NIS(YP) or NIS+ client and how to install an NIS server.
• The Kerberos Infrastructure HOWTO describes the design and configuration of a Kerberos infrastructure for handling authentication with Linux.
• This LDAP whitepaper describes how to set up a Linux workstation to use an LDAP server for user information and authentication.
• This Access Control Lists patch/user code combination allows supporting full access control lists (ACLs) for the Linux kernel.
• The GNU Privacy Guard is an open source encryption software stack.
• Availability: further reading
• The Tivoli Intelligent Orchestrator helps increase server utilization by automatically triggering the provisioning, configuration, and deployment of a server into production.
• IBM Redbooks Technote Patterns for the Edge of Network contains guidelines to keep in mind when planning a high availability configuration.
• The Redbook Continuous Availability -- Systems Design Guide guides you through a complete cycle of analysis, design, and implementation of continuously available systems.
• American Power Conversion's Effect of UPS on System Availability explains how system availability and uptime can be affected by AC power outages.
• IT availability Check List ( availability.com , 2004) provides a quick checklist for issues to take care of regarding availability.
• Computerworld explains how to defend against DDoS attacks.

• Linux security projects
• Security Enhanced Linux: This Linux version incorporates a strong, flexible mandatory access control architecture into the kernel.
• Openwall GNU/Linux: A security-enhanced server operating system with Linux and GNU software as its core.
• Bastille Linux: The Bastille Hardening System attempts to "harden" or "tighten" UNIX operating systems.
• IPCop Firewall is one of the major Linux Firewall distributions.
• Knoppix security tools distribution focuses on information security and network management tools on a bootable CD.
• For more Linux security projects, look for Distributions: Secure on LinuxLinks.com

• Find more resources for Linux developers in the developerWorks Linux zone.
• Get involved in the developerWorks community by participating in developerWorks forums and blogs.
• Purchase Linux books at discounted prices in the Linux section of the Developer Bookstore.
• Order the no-charge SEK for Linux, a two-DVD set containing the latest IBM trial software for Linux from DB2®, Lotus®, Rational®, Tivoli®, and WebSphere®.
• Innovate your next Linux development project with IBM trial software, available for download directly from developerWorks.












Tutorial Pages:
» A Consideration of What it Means to be Secure
» Security Defined
» Integrity
» Confidentiality
» Availability
» Linux System Security
» Next in the Series
» Resources


First published by IBM DeveloperWorks

Related Tutorials: » How to Install PHP 5 on Linux » How to Install Apache 2 on Linux » How to Install MySQL 5.0 on Linux » SMB Caching » Mound --Bind » Tar Wild Card Interpretation

Tutorials AJAX ASP CGI & Perl CSS Flash HTML Illustrator Java JavaScript Linux MySQL PHP Photoshop Python Wireless XML Miscellaneous Scripts AJAX ASP ASP.NET CGI & Perl Flash Java JavaScript PHP Python Remotely Hosted Tools & Utilities XML Web Hosting Articles ASP.NET Budget Dedicated Servers Ecommerce Linux Resellers Shared Small Business Windows Developer Manuals Learn HTML Learn PHP Learn CSS Learn AJAX Learn JavaScript Learn Pear White Papers Resources Developer Tools Developer Content