How to be a 'security warrior,' part 2

No soldier goes into battle without training. But once he's in the trenches, he sometimes has to rely on skills he didn't learn in boot camp. The same goes for today's security admins, many of whom are new to Linux or even security administration.

In this interview, security expert Anton Chuvakin tells IT pros how they can hone their security administration skills, even if they are new to Linux. In part one of this two-part series, Chuvakin described Linux's security strengths and tools. Chuvakin is co-author with Cyrus Peikari of "Security Warrior," a new book from O'Reilly.

How is securing Linux different from securing other operating systems? There are a couple of differences that I

would point out here:

  • One, Linux is open source so some security vulnerabilities in Linux are found more quickly than in proprietary Unix operating systems. While the good guys are fixing things, however, the bad guys can use open source to discover and run attacks quickly. I don't want to contribute to whether open source adds or subtracts to security, but some people know about the flaws in Linux and will take advantage of them.
  • Two, in most cases with Unix and always in Windows, you would have to go to a specific vendor to obtain your security patch. There's a whole online community working on Linux patches and making them available quickly. Linux users can make it a matter of policy to have a distributor as a patch option and to have a patch update Website as a second source.
What would you do if you were a sys admin moving from another specialty to security administration?
People who just started moving into security should not test their skills on important production systems. If you really have no basic Unix or Windows security expertise, hire consultants to secure your Linux systems. You'll need advice about what to buy and how to use what you bought. I'd learn what I could from the consultants. Then, I'd start reading and take many classes. If you were a Unix administrator who is moving to handling Linux, what would you study first, in terms of learning how to secure your systems?
If I had a Unix background, I would just try to get familiar with the Linux system via my knowledge of Unix systems. I'd look for the similarities, like NFS. Then, I'd connect the unknown things to the known things that actually contribute to systems security. What if you were moving from Windows to Linux?
If I came from Windows background and had to move to securing Linux, I'd still used most of the common sense security practices I used with Windows: patch, disable things I don't use, keep tabs on what the users can do and so on. Find ways to do the same thing on Linux, and you will do a pretty good job of basic security.

Also, I'd just start studying basic Linux security. What directions my studies would take would depend upon the systems I'm in charge of, like on what kind of user accounts and privileges the users have. I'd focus on identifying exposed network services via a scanner…kind of like the classic Unix security checklist. What do you consider to be the most basic security administration skills?
Administrators should be able to find and use tools that tell them what is on their systems. They should know how to harden them. For example, they should know how to disable network services or put up a host firewall. They should, at least, have a handle on the simple security administration tasks.

There are other skills, like disabling users' accounts and preventing users from logging in at all. It makes sense to learn those hardening tricks for each of the systems that you can harden safely. That will take you fairly far. I would read up on that.

Dig deeper on Linux system security best practices



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: