21 Sep 2015
Unit 1 Discussion 1
Securing a Linux System
As the significant prevalence of Linux web servers globally grows, security is often touted as strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place. Many risks are possible from a compromise including using the web server into a source of malware, creating a spam-sending relay, a web or TCP proxy, or other malicious activity. The operating system and packages can be fully patched with security updates and the server can still be ...view middle of the document...
For small and large businesses, having a site or blog of your company serving up malware from a compromise is a loss of business and creates a very poor reflection of your company’s IT services on the public as well as potential clients.
Using network address translation and port address translation is the first recommended step. Since database products use predefined default ports, it is the first thing hackers look for, and hence should be changed. Even though the database IP address and port is not exposed to the outside world, it is a best practice to change it, to keep spyware and viruses away. Any standard firewall nowadays provides NAT and PAT features.
Securing SMTP transmissions can be done by both validating incoming mail & using a mail relay. The validation of incoming mail will check the incoming mail for an authorized address, and discard it if not found. Mail relay allows e-mail received by your e-mail server to be passed onto the intended recipient even if that user is not registered on your server. If you do need to have relay enabled, your best option is to allow it for authenticated users only. Authentication is done either via IP address or user id and password.
The last is the file server for customers’ loan applications and other personal data files. TCFS (Transparent Cryptographic File System) works as a layer under the VFS (Virtual File system Switch) layer, making it completely transparent to the applications. The security is guaranteed by means of the DES (data encryption standard) algorithm. Keys are kept in a special database which stores keys encrypted with the user's login password. To maximize the level of security, it is best to keep to a minimum number of trusted entities. A TCFS user needs to trust only the kernel and the superuser of the client machine accessing the data.