Now more than ever, we are living in a world where organizations are constantly bombarded by security breaches motivated by the acquisition of highly sensitive and confidential data which is highly valuable and makes for a huge financial reward.
It’s rather surprising that despite being at a high risk of suffering from a potentially devastating cyberattack, most companies are not well prepared or simply overlook the red flags, often with devastating consequences.
In 2016, Equifax suffered a catastrophic data breach where millions of highly confidential customer records were stolen following a series of security lapses. A detailed report indicated that the breach was preventable had the right security measures been implemented by the security team at Equifax.
In fact, months before the breach, Equifax was warned about a potential vulnerability in their web portal that would compromise their security, but sadly, the warning went unheeded with grave consequences. Many other large corporations have fallen victim to attacks, which continue to grow in complexity with each passing moment.
We cannot stress enough how crucial the security of your Linux system is. You may not be a high-profile financial institution that is a potential target for breaches but that doesn’t mean you should let your guard down.
Security should be at the top of your mind when setting up your Linux server especially if it will be connected to the internet and accessed remotely. Having basic security skills is essential in safeguarding your Linux server.
In this guide, we focus on some of the basic security measures that you can take to protect your system from intruders.
Cyber Attack Vectors
Intruders will exploit a variety of attack techniques to access your Linux server. Before we dive into some of the measures you can take to safeguard your system, let’s exploit some of the common attack vectors that a hacker can use to infiltrate systems.
1. Brute force Attacks
A brute-force attack is an attack where the hacker uses trial and error to guess the login credentials of the user. Usually, the intruder will use automated scripts to continuously gain entry until the right combination of the username and password is obtained. This kind of attack is most effective where weak & easily guessable passwords are used.
2. Weak Credentials
As alluded to earlier, weak credentials such as short and easily guessable passwords such as password1234 pose a potential risk to your system. The shorter and the less complex a password is, the higher the chances of your system being compromised.
Phishing is a social engineering technique where the attacker sends the victim an email that appears to come from a legitimate institution or someone you know or do business with.
Usually, the email contains instructions that prompt the victim to divulge sensitive information or may contain a link that directs them to a fake site that poses as the company’s site. Once the victim attempts to login in, their credentials are captured by the attacker.
Malware is short for malicious software. It encompasses a broad range of nefarious applications such as viruses, trojans, worms, and ransomware that are designed to spread rapidly and hold the victim’s system hostage in exchange for a ransom.
Such attacks can be debilitating and can paralyze an organization’s business. Some malware can be injected into documents such as images, videos, word, or PowerPoint documents and packaged in a phishing email.
5. Denial of Service Attacks (DoS)
A DoS attack is an attack that limits or impacts the availability of a server or computer system. The hacker floods the server with traffic or ping packets that render the server inaccessible to users for prolonged durations.
A DDoS (Distributed Denial of Service) attack is a kind of DoS that employs multiple systems that flood a target with traffic rendered it unavailable.
6. SQL Injection Attack
An acronym for Structured Query Language, SQL is a language used to communicate with databases. It allows users to create, delete and update records in the database. A lot of servers store data in relational databases which use SQL for interacting with the database.
An SQL injection attack leverages a known SQL vulnerability that makes the server divulge sensitive database information that it otherwise wouldn’t by injecting malicious SQL code. This poses an enormous risk if the database stores personally identifiable information such as credit card numbers, social security numbers, and passwords.
Commonly abbreviated as MITM, the man-in-the-middle attack involves an attacker intercepting information between two points with an aim of eavesdropping or modifying traffic between the two parties. The goal is to spy on the victim, corrupt the data or steal sensitive information.
Basic Tips for Securing Your Linux Server
Having looked at the potential gateways that an attacker can use to breach your system, let’s go over some of the fundamental measures that you can take to safeguard your system.
1. Physical Security
Not much thought is given to the physical location and security of your server, however, If you are going to have your server on an on-premise environment this is usually where you would start.
It’s important to ensure that your server is safely secured in a data center with backup power, redundant internet connectivity, and sufficient cooling. Access to the data center should be limited to authorized personnel only.
2. Update Your System Repositories and Packages
Once the server is set up, the first step to take is to update the repositories and application software packages as follows. Updating the package patches any loopholes that might present in the existing versions of applications.
For Ubuntu / Debian distributions:
$ sudo apt update -y $ sudo apt upgrade -y
For RHEL / CentOS distributions:
$ sudo yum upgrade -y
3. Enable a Firewall
A firewall is an application that filters incoming and outgoing traffic. You need to install a robust firewall such as the UFW firewall and enable it to only allow the required services and their corresponding ports.
For example, you can install it on Ubuntu using the command:
$ sudo apt install ufw
Once installed, enable it as follows:
$ sudo ufw enable
To allow a service such as HTTPS, run the command;
$ sudo ufw allow https
Alternatively, you can allow its corresponding port which is 443.
$ sudo ufw allow 443/tcp
Then reload for the changes to take effect.
$ sudo ufw reload
To check the status of your firewall including allowed services and open ports, run
$ sudo ufw status
4. Turn off Any Unnecessary Services/Ports
Additionally, consider turning off any unused or unnecessary services and ports on the firewall. Having multiple ports which are not being used only increases the attack landscape.
5. Secure SSH Protocol
The default SSH settings are not secure, and therefore some tweaks are required. Be sure to enforce the following settings:
- Disable the root user from remote login.
- Enable passwordless SSH authentication using SSH public/private keys.
For the first point, edit the /etc/ssh/sshd_config file and modify the following parameters to appear as shown.
Once you disable the root user from logging in remotely, create a regular user and assign sudo privileges. For example.
$ sudo adduser user $ sudo usermod -aG sudo user
To enable passwordless authentication, first head over to another Linux PC – preferably your PC and generate an SSH key pair.
Then copy the public key to your server
$ ssh-copy-id [email protected]
Once logged in, be sure to disable password authentication by editing the /etc/ssh/sshd_config file and modifying the parameter shown.
Take care not to lose your ssh private key as that is the only avenue that you can use to log in. Keep it safe and preferably back it up on the cloud.
Finally, restart SSH to effect the changes
$ sudo systemctl restart sshd
In a world with evolving cyber threats, security should be a high priority as you embark on setting up your Linux server. In this guide, we have highlighted some of the basic security measures you can take to fortify your server. In the next topic, we will go deeper and look at additional steps that you can take to harden your server.
2 thoughts on “LFCA: Basic Security Tips to Protect Linux System – Part 17”
Thanks a lot…
“You need to install a robust firewall such as the UFW firewall” – Are you using UFW as a Firewall the name of which is recognized by most of the readers or are you seriously suggesting UFW for corporate use?
While UFW may be adequate for private computers and servers, it is not robust enough to protect corporate servers as evidenced by all the breaches of corporate data centers. I am sure that Equifax, Target, Yahoo, et al. used industrial-strength security suites much more robust than UFW, nevertheless they were penetrated.
Speaking of security suites – while you mentioned malware as a multifaceted threat, you did not mention installing anti-malware software as one of the basic means of securing a server. It can be argued that anti-malware is just as, if not more, important protection as a Firewall. A Firewall will not stop viruses, Trojans, and/or other malware from infecting and ravaging a server.