Lesson 1

Intruders are constantly trying to break into systems, snoop around, steal software, and corrupt programs. Intruders are not particular about their targets. Small systems are just as vulnerable as large ones when it comes to security. Once your system has been compromised, it can no longer be trusted, so you can save yourself time and money by being prepared. This module discusses techniques to protect your system from unwanted intruders. By learning what intruders do when they break into your system, you will be able to better defend yourself against a break-in. You will also learn about known security problems and how to correct them. The techniques to determine whether or not your system has been compromised will also be discussed.

After completing this module, you should be able to:

1. Explain why it's important to protect your console
2. Describe security concerns related to network access
3. Explain how crackers get into a system
4. Describe what crackers do
5. List ways to detect attacks
6. Describe insecure remote login services
7. Describe secure remote login services
8. Control the root login process
9. Explain the use of the sudo command
10. Find modified and sticky files
11. Describe the cron facility
12. Describe RPM verification

In the next lesson, protecting your console access will be discussed..

Here are several key strategies you can employ to protect your system from unwanted intruders and remote attacks using the latest version of Red Hat Linux (RHEL):

1. Keep Software Updated:
   • This is the most crucial step. Update your RHEL system regularly with the latest security patches. These patches address vulnerabilities that attackers can exploit.
   • Utilize a tool like `yum update` or a subscription management tool like Red Hat Satellite Server to automate updates.
2. Secure Shell (SSH):
   • Use SSH for remote access instead of insecure protocols like Telnet. SSH encrypts communication, protecting your credentials and commands from eavesdropping.
   • Strong Passwords: Enforce strong passwords for SSH access and use key-based authentication whenever possible. Key-based authentication eliminates the need to transmit passwords, adding an extra layer of security.
   • Restrict Access: Limit SSH access to authorized users or IP addresses. You can achieve this by editing the `/etc/ssh/sshd_config` file.
3. Firewalls:
   1. Utilize a firewall to filter incoming and outgoing network traffic. RHEL comes with a powerful firewall tool called `firewalld`.
   2. Configure `firewalld` to allow only authorized services and ports. By default, most inbound traffic is blocked, ensuring a more secure posture.
4. User Accounts:
   • Implement the principle of least privilege. Grant users only the minimum permissions they need to perform their tasks. This minimizes the potential damage if an attacker gains access to a user account.
   • Avoid using the root account for everyday tasks. Create separate user accounts with limited privileges for daily work.
5. Antivirus and Intrusion Detection/Prevention (IDS/IPS):
   • Consider deploying antivirus software and Intrusion Detection/Prevention Systems (IDS/IPS) for additional protection. These tools can help identify and block malicious activity.
   • RHEL offers tools like SELinux (Security Enhanced Linux) which implements mandatory access control for an extra layer of defense.
6. Monitoring and Logging:
   • Monitor system logs for suspicious activity. Tools like `tail` and `grep` can be used to monitor logs.
   • Consider centralized logging solutions for easier analysis of system events across multiple servers.
7. Stay Informed:
   • Regularly check security advisories from Red Hat for new vulnerabilities and their corresponding patches.
   • Subscribe to security mailing lists or feeds to stay updated on the latest threats and best practices.

Additional Tips:

• Beware of Social Engineering: Don't click on suspicious links or attachments in emails, even if they appear to come from a trusted source.
• Regular Backups: Regularly back up your critical data. This ensures you have a recovery option in case of a successful attack.
• Physical Security: Secure your physical system to prevent unauthorized access. This includes keeping your server room locked and access controlled.

By implementing these security measures and maintaining a proactive approach, you can significantly improve the security posture of your Red Hat Linux system. Remember, security is an ongoing process. It's essential to adapt and update your defenses as new threats emerge.