Securing computers had been an issue since the development of computers. As number of people using computers increased, securing computer resources and also the computer network had become an ongoing task to be achieved. Linux operating system is taking a leading step in computer security. In this document I am going to discuss about three key topics related to computer security and Linux security. They are as stated below:
1) What is Computer Security?
2) Best practices in Linux Security
3) Linux Security Vs Windows Security

What is Computer Security?

In a generic sense, security is “freedom from risk or danger.” In the context of computer science, security is the prevention of, or protection against,
Access to information by unauthorized recipients, and
Intentional but unauthorized destruction or alteration of that information
Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym “CIA”:
Confidentiality — Ensuring that information is not accessed by unauthorized persons
Integrity — Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users
Authentication — Ensuring that users are the persons they claim to be

Best practices in Linux Security

There are many ways to protect Linux systems. The below methods are some the best practices that can be adapted to make the system free from intruders. The methods are as follows:
Turn off unused services
Services that you don’t enable can’t be attacked from the outside. If you don’t provide access to a service, it doesn’t matter if there are any vulnerability in the daemon that would provide that service. So disable anything you don’t need to use.
Some daemons are started when the system boots, and remain active as long as the system remains up. For these persistent daemons, you need to look at the initialization scripts or programs used to start services when the system boots. Other services are not started at boot time, but instead are managed by either inetd or xinetd.
If your system is configured with inetd, look at /etc/inetd.conf, and remove, or simply prefix with a “#” character to make it a comment, any entry providing a service you don’t need. For example, if you aren’t delivering mail on your Linux workstation, you don’t need to have pop and imap daemons accepting connections — disable them with the “#” prefix:

Where available, install IP filter or firewall rules
Note that while restricting network access helps, it is no guarantee that you won’t be attacked. If you allow virginia.edu, you can be attacked from another virginia.edu system. But restricting access to a smaller group of systems will reduce the number of attempts you see made against you.
Linux - Configure IPtables or IPchains. IPtables is available with the Linux 2.4 kernel to manage the IP firewall rules. IPchains is used with the Linux 2.2 kernel, and is also available with the 2.4 kernel. You can use one of these to define whose IP addresses you will accept or reject. The rules can be different for incoming and outgoing packets. We have a model configurations or scripts which can be installed on a Linux system to define the rules such that only packets originating inside the virginia.edu domain are accepted.
Install ssh and tcpd
SSH (Secure SHell) is a protocol which supports logging into a remote system or executing commands on a remote system, using an encrypted communication between the two systems. Session encryption protects you from unscrupulous packet sniffers who may have access to one of the networks through which the packets between the two hosts may have to travel.
The tcp wrapper daemon, tcpd, comes as a part of recent Linux installations, but you still have to add it for AIX, Irix, or Solaris installations.
Keep your system up-to-date with the latest patches from your vendor
UNIX and Linux exploits are discovered from time to time, and if you don’t keep your configuration updated, you’ll potentially leave yourself exposed to attacks that try newly discovered vulnerabilities. Get the latest patches for your version of the OS.
UNIX File Sharing

Permissions

You may want to give others access to your directory or files in one of your directories. As an individual user, you can control who has access to the files that you own. Be careful how you set the permissions, because you don’t want to give away the wrong set of access rights.
Network File System (NFS)
NFS is the most frequently used method of sharing access to a filesystem (or a directory in a filesystem) between UNIX systems. System administrators need to be careful how they implement NFS, and be aware of the vulnerabilities associated with the various daemons that collectively make up the NFS service, including nfsd, mountd, statd, lockd. Before you configure your machine to provide NFS server, be sure to update these daemons with the latest patched versions to close any known vulnerabilities.
Desktop Screensaver
If you use a Unix or Linux desktop computer, don’t just walk away from your keyboard leaving your windows open for anyone to use. The easiest way for someone to break in on your computer is to find that you’ve left yourself logged in while you’re away from the keyboard. No special tools or knowledge are needed for someone to break in if you leave yourself open this way.
The safest thing to do when you leave your workstation is to logout. In the ITC Unix workstation lab, this is the only thing to do. In your office or research lab, however, you may choose instead to lock your desktop using a password-protected screensaver. This requires you to use your login password to get the desktop display back.
Linux Security Vs Windows Security
Linux and Windows support for network security and protocols are comparable. Both enable support for IPSec, an open standard for cryptography-based protection at the IP layer. IPSec verifies the identity of a host or end point and ascertains that no modifications were made to the data during transit across the network and encrypts data. OpenSSH, OpenSSL, and OpenLDAP are available on Linux and corresponding closed source implementations — SSH, SSL, LDAP — are available on Microsoft systems.

Linux is somewhat superior due to continuing security issues with Microsoft IIS and Exchange/Outlook. Apache and Postfix are cross-platform applications and tend to be more secure than corresponding Microsoft products. Application security for Linux is also enhanced with firewalling built into the kernel. And Snort is an excellent intrusion detection system.

One notable recent addition the Linux kernel for x86-based systems is Ingo Molnar’s exec-shield, which provides protection against attacks from buffer or function pointer overflows and against other types of exploits that rely on overwriting data structures and/or putting code into those structures. The exec-shield patch also makes it more difficult to conduct a shell-code exploit. Since exec-shield operates transparently applications do not need to be recompiled.
Also, the tendency for Microsoft to mix data and program code in its applications, e.g., Active X, can allow untrusted data from outside the system and can cause the activation of arbitrary code with untrusted data. In some cases, Windows will even allow digitally signed code to be supplied from outside the system, which means a local systems administrator can’t audit the code. Instead the system administrator is dependent on whoever signed the code to perform an appropriate code review.
Let me conclude about the topic ‘Linux security’. Linux provides superior or comparable security capabilities in comparison to Windows. Still, the security of a Linux system is largely dependent on the choice of a Linux distribution and the kernel it is based on and the skill of the IT staff to implement and support a Linux system.

Article Authored by Abhishek G

Author, Abhishek, is a Systems Engineer with SupportPRO. Deric specializes in Cpanel and Server Monitoring. SupportPRO offers 24X7 technical support services to Web hosting companies and service providers.