Chapter 8. Security
This chapter is about keeping your system secure. It is, I think, a terrible indictment of human nature that such a chapter should be necessary at all. If people didn’t try to attack computer systems, there would be no need to defend them. Sadly, we need to take security seriously.
Securing your system is a kind of risk management strategy, and there is usually a trade-off between security and convenience of use. You might try to quantify the cost of a security breach of your system like this:
Expected cost = (probability of an attack's success) * (cost of that attack)
Reducing the probability of an attack’s success is generally known as hardening the system. A lot of this is common sense—educate users to choose strong passwords, disable or delete services you don’t need, tighten up permissions on files as far as possible, establish a firewall, keep abreast of newly discovered vulnerabilities and keep software up to date, don’t give out the root password, and so on. Reducing your cost of an attack is equally important. For example, detecting intrusion quickly is much better than allowing a breach to go unnoticed for days. Maintaining regular backups will limit any potential loss of data. Splitting your services across multiple machines (also known as not putting all your eggs into one basket) can help prevent a single breach from bringing your entire organization down.
The chapter is about defense rather than attack. You’ll see how to thwart some of the more obvious ...
Get SUSE Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.