<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2815180&amp;fmt=gif">

Top Linux Security Mistakes and How to Avoid Them: Part 1

System administrators can make mistakes like anyone else. Improve your own security performance by learning from the mistakes of others.  

Organizations continue to invest in initiatives to secure their endpoints and networks from cyberattacks. In an enterprise IT environment, it’s the system administrator's responsibility to carry out these goals and reinforce the organization’s security posture.

This means implementing prevention-based systems and orchestrating an effective response to suspicious activity throughout the environment. This is a continuous process that must constantly adapt to changes in the threat landscape.

Administrators of Linux systems have a unique set of challenges to confront. Effectively managing hundreds of active devices isn’t always easy. There are many moving parts to keep track of and keeping them secure means shouldering a great deal of responsibility.1

1. Postponing Patches and Updates

The presence of unpatched operating systems and software packages is one of the most critical – and preventable – vulnerabilities Linux system administrators can address. Threat intelligence professionals are constantly publishing new security advisories, and developers are releasing patches to address them.

It’s important to recognize that this advisories are public, which means cybercriminals can see them too. It’s not hard to scan enterprise networks looking for unpatched systems. A few minutes of scheduled maintenance downtime is a price worth paying for the security benefits up-to-date patches bring.

2. Overusing Privilege Escalations

Permanent sudo access is an undoubtedly convenient tool. For a system administrator, delegating superuser privileges to users on a program-by-program basis is an easy way to avoid having to manually grant privileges for individual tasks – but it comes at a cost.
Granting permanent privileges to accounts creates long-lasting security liabilities. You can mitigate some of these risks through privileged account management. Consider restricting file and directory permissions and requiring additional verifications for operations that require greater privileges.

3. Lazy Password Management

Passwords remain one of the most secure authentication methods available, but they’re far from perfect. Excellent password management is critical to security-oriented Linux systems administration.

It should go without saying that there is no room for weak passwords in today’s cybersecurity environment. The 8-character password standard is long obsolete. Modern brute force tools can break strong 8-character passwords in less than an hour. Eleven should be the absolute minimum.

Consider using a key file instead of setting the same root password on all computers. Give each server its own public key file. You can then keep a private key paired with the public key on your own secure desktop.

4. Improper VLAN Configuration

Virtual local area networks are a useful tool for segmenting and organizing enterprise networks. They improve security by limiting trusted connections within the network. However, they require careful configuration and assignment, and it’s not always easy to guarantee optimal VLAN performance.

Streamlined VLAN configuration is only possible with extensive documentation. System administrators need to know how to adjust ports for compatibility and to systematically test switch ports and VLAN tags accordingly.

5. Log Management Inefficiencies

Log files offer an in-depth look at exactly what’s happening inside your IT environment. Keeping track of them is one of the cornerstones of effective security incident and event management. However, overwhelming yourself with log files can do more harm than good.

Consider using a log filtering solution to prioritize your most important system activities and equip your team to address those first. Remote log management can help you optimize log capture and analysis in modern, distributed workplaces with remote employees logging in from diverse endpoints.

 

Support Your Linux Infrastructure with Castra Expertise

Castra’s team of experts can help you improve the security of your Linux network using highly customizable SIEM software from some of the best security developers in the industry. Our security operations center provides 24x7 managed detection and response. Rely on us for SIEM management services you can trust.