LFCA: Basic Security Tips to Protect Linux System – Part 17

Now more than ever, we are living in a world where organizations are constantly bombarded by security breaches motivated by the acquisition of highly sensitive and confidential data which is highly valuable and makes for a huge financial reward.

It’s rather surprising that despite being at a high risk of suffering from a potentially devastating cyberattack, most companies are not well prepared or simply overlook the red flags, often with devastating consequences.

In 2016, Equifax suffered a catastrophic data breach where millions of highly confidential customer records were stolen following a series of security lapses. A detailed report indicated that the breach was preventable had the right security measures been implemented by the security team at Equifax.

In fact, months before the breach, Equifax was warned about a potential vulnerability in their web portal that would compromise their security, but sadly, the warning went unheeded with grave consequences. Many other large corporations have fallen victim to attacks, which continue to grow in complexity with each passing moment.

We cannot stress enough how crucial the security of your Linux system is. You may not be a high-profile financial institution that is a potential target for breaches but that doesn’t mean you should let your guard down.

Security should be at the top of your mind when setting up your Linux server especially if it will be connected to the internet and accessed remotely. Having basic security skills is essential in safeguarding your Linux server.

In this guide, we focus on some of the basic security measures that you can take to protect your system from intruders.

Cyber Attack Vectors

Intruders will exploit a variety of attack techniques to access your Linux server. Before we dive into some of the measures you can take to safeguard your system, let’s exploit some of the common attack vectors that a hacker can use to infiltrate systems.

1. Brute force Attacks

A brute-force attack is an attack where the hacker uses trial and error to guess the login credentials of the user. Usually, the intruder will use automated scripts to continuously gain entry until the right combination of the username and password is obtained. This kind of attack is most effective where weak & easily guessable passwords are used.

2. Weak Credentials

As alluded to earlier, weak credentials such as short and easily guessable passwords such as password1234 pose a potential risk to your system. The shorter and the less complex a password is, the higher the chances of your system being compromised.

3. Phishing

Phishing is a social engineering technique where the attacker sends the victim an email that appears to come from a legitimate institution or someone you know or do business with.

Usually, the email contains instructions that prompt the victim to divulge sensitive information or may contain a link that directs them to a fake site that poses as the company’s site. Once the victim attempts to login in, their credentials are captured by the attacker.

4. Malware

Malware is short for malicious software. It encompasses a broad range of nefarious applications such as viruses, trojans, worms, and ransomware that are designed to spread rapidly and hold the victim’s system hostage in exchange for a ransom.

Such attacks can be debilitating and can paralyze an organization’s business. Some malware can be injected into documents such as images, videos, word, or PowerPoint documents and packaged in a phishing email.

5. Denial of Service Attacks (DoS)

A DoS attack is an attack that limits or impacts the availability of a server or computer system. The hacker floods the server with traffic or ping packets that render the server inaccessible to users for prolonged durations.

A DDoS (Distributed Denial of Service) attack is a kind of DoS that employs multiple systems that flood a target with traffic rendered it unavailable.

6. SQL Injection Attack

An acronym for Structured Query Language, SQL is a language used to communicate with databases. It allows users to create, delete and update records in the database. A lot of servers store data in relational databases which use SQL for interacting with the database.

An SQL injection attack leverages a known SQL vulnerability that makes the server divulge sensitive database information that it otherwise wouldn’t by injecting malicious SQL code. This poses an enormous risk if the database stores personally identifiable information such as credit card numbers, social security numbers, and passwords.

7. Man-in-the-Middle-Attack

Commonly abbreviated as MITM, the man-in-the-middle attack involves an attacker intercepting information between two points with an aim of eavesdropping or modifying traffic between the two parties. The goal is to spy on the victim, corrupt the data or steal sensitive information.

Basic Tips for Securing Your Linux Server

Having looked at the potential gateways that an attacker can use to breach your system, let’s go over some of the fundamental measures that you can take to safeguard your system.

1. Physical Security

Not much thought is given to the physical location and security of your server, however, If you are going to have your server on an on-premise environment this is usually where you would start.

It’s important to ensure that your server is safely secured in a data center with backup power, redundant internet connectivity, and sufficient cooling. Access to the data center should be limited to authorized personnel only.

2. Update Your System Repositories and Packages

Once the server is set up, the first step to take is to update the repositories and application software packages as follows. Updating the package patches any loopholes that might present in the existing versions of applications.

For Ubuntu / Debian distributions:

$ sudo apt update -y
$ sudo apt upgrade -y

For RHEL / CentOS distributions:

$ sudo yum upgrade -y

3. Enable a Firewall

A firewall is an application that filters incoming and outgoing traffic. You need to install a robust firewall such as the UFW firewall and enable it to only allow the required services and their corresponding ports.

For example, you can install it on Ubuntu using the command:

$ sudo apt install ufw

Once installed, enable it as follows:

$ sudo ufw enable

To allow a service such as HTTPS, run the command;

$ sudo ufw allow https

Alternatively, you can allow its corresponding port which is 443.

$ sudo ufw allow 443/tcp

Then reload for the changes to take effect.

$ sudo ufw reload

To check the status of your firewall including allowed services and open ports, run

$ sudo ufw status

4. Turn off Any Unnecessary Services/Ports

Additionally, consider turning off any unused or unnecessary services and ports on the firewall. Having multiple ports which are not being used only increases the attack landscape.

5. Secure SSH Protocol

The default SSH settings are not secure, and therefore some tweaks are required. Be sure to enforce the following settings:

For the first point, edit the /etc/ssh/sshd_config file and modify the following parameters to appear as shown.

PermitRootLogin no

Once you disable the root user from logging in remotely, create a regular user and assign sudo privileges. For example.

$ sudo adduser user 
$ sudo usermod -aG sudo user 

To enable passwordless authentication, first head over to another Linux PC – preferably your PC and generate an SSH key pair.

$ ssh-keygen

Then copy the public key to your server

$ ssh-copy-id user@server-IP

Once logged in, be sure to disable password authentication by editing the /etc/ssh/sshd_config file and modifying the parameter shown.

PasswordAuthentication no

Take care not to lose your ssh private key as that is the only avenue that you can use to log in. Keep it safe and preferably back it up on the cloud.

Finally, restart SSH to effect the changes

$ sudo systemctl restart sshd
Summary

In a world with evolving cyber threats, security should be a high priority as you embark on setting up your Linux server. In this guide, we have highlighted some of the basic security measures you can take to fortify your server. In the next topic, we will go deeper and look at additional steps that you can take to harden your server.

If you read this far, tweet to the author to show them you care. Tweet a thanks
James Kiarie
This is James, a certified Linux administrator and a tech enthusiast who loves keeping in touch with emerging trends in the tech world. When I'm not running commands on the terminal, I'm taking listening to some cool music. taking a casual stroll or watching a nice movie.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

2 thoughts on “LFCA: Basic Security Tips to Protect Linux System – Part 17”

  1. “You need to install a robust firewall such as the UFW firewall” – Are you using UFW as a Firewall the name of which is recognized by most of the readers or are you seriously suggesting UFW for corporate use?

    While UFW may be adequate for private computers and servers, it is not robust enough to protect corporate servers as evidenced by all the breaches of corporate data centers. I am sure that Equifax, Target, Yahoo, et al. used industrial-strength security suites much more robust than UFW, nevertheless they were penetrated.

    Speaking of security suites – while you mentioned malware as a multifaceted threat, you did not mention installing anti-malware software as one of the basic means of securing a server. It can be argued that anti-malware is just as, if not more, important protection as a Firewall. A Firewall will not stop viruses, Trojans, and/or other malware from infecting and ravaging a server.

    Reply

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.