18. Conclusion

By subscribing to the security alert mailing lists, and keeping current, you can do a lot towards securing your machine. If you pay attention to your log files and run something like tripwire regularly, you can do even more.

A reasonable level of computer security is not difficult to maintain on a home machine. More effort is required on business machines, but Linux can indeed be a secure platform. Due to the nature of Linux development, security fixes often come out much faster than they do on commercial operating systems, making Linux an ideal platform when security is a requirement.

It is unfortunate that this document does not discuss some other issues, such as the legal ones. While this certainly affects an administrator, it does not uniquely affect a Linux system administrator. The legal issues are real ones. Luckily, there is an incredible amount of information on this topic available elsewhere already.

Some things you should always be sure to do when taking on a security project:

• Use layered security. Don't rely on all one security mechanism, such as your firewall, for securing your entire site.

• Encrypt as much data as possible. Clear text passing on the wire is a great opportunity for a cracker to intercept and use to his advantage.

• Do not rely on basic authentication. Utilize the tools that are available, including SSH, S/Key, Kerberos, as well as TCP Wrappers for host authentication, etc.

• Have someone check your work. What you may consider secure, another may see an obvious hole in your strategy. Balance of power.

• Be aware of your environment. Is syslog still working? Does it seem like there is an abnormal load on your machine?

• Keep it as simple as possible. A simple solution is far easier to keep secure than a difficult one.

• Be proactive. Staying in tune with the current events in security, and improving technology is key to protecting your network.

• Employ the ``Keep It Simple, Stupid'' Methodology (KISS) at first

• Multiple gateways is bound to be less secure than trying to manage just one. Make sure you know where all your points of entry are.

• Install only network services required by your users, and only after evaluation of their potential for security problems.

• Perform regular scans of the status of your network. Use the freely available tools, such as SATAN, ISS, and CRACK to check your systems integrity.

• Relax. Check out the Linux Penguin's Page http://www.vni.net/~kwelch/penguins/

Keeping up-to-date with the flood of security topics can be an overwhelming task. Take a piece at a time, and prioritize what needs to be done. Choosing the obvious holes to fix first is a good start.

Remember, just because you have all the latest software updates installed, does not mean your machines are secure. There will always be new software exploits, as well as uneducated users who choose poor passwords. Continual inspection and attentiveness is required.