Linux Needs Security Too

linux-logoIf you are running a Linux server or Linux desktop in your environment, you need to consider the following security strategies.  Linux users suffer in some cases from the popular delusions of invulnerability that Apple users are prone to, and for some of the same reasons.  Such as, most malware only runs on Windows so why should I care?  Or, Linus is such a small target with less than 2% of the desktop market.

Well first, Linux servers and variants run the Internet, so there is likely to be a Linux server somewhere in your network, even if it is owned and manged by a vendor.  And second, we all need to be engaged in smart security practices before we are attacked, rather than afterwards.

Here are some things you can do to harden your Linux system:

  • Keep Linux and applications updated.  This is an automated process in Ubuntu and some other distros.
  • Use secure browser and plugins.  Using the latest version of your web browser will help keep your online sessions more secure, and the following security plug-in can be effective too.
    • HTTPS-Everywhere
    • AdBlock Plus
    • NoScript
    • Ghostery
    • Disconnect
  • Use the Linux firewall.  This program is called iptables, but in Ubuntu you can access and set up iptables using the Uncomplicated Firewall from end.
  • Use Anti-Malware software.  There is a good free product available from Sophos.
  • Use full disk encryption.  This is good advice regardless of your operating system.  In the event that your computer is stolen, full disk encryption keeps your contents secure and in a form that is useless without the encryption key.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment