Practical security for Linux

Home Linux practical security-Linux general technology-Linux technology and application information, the following is a detailed description. Author: David M Williams
Original article: Practical Linux home security
Translator: houxijin

Most modern home computer users must keep up with this situation and protect their computers from all sorts of unpleasant things: computer viruses, anti-spam, and firewalls have been widely used by ordinary people. Is it still directly related to this even if we don't use redmon's 'no' operating system? What software packages should I use?

The short answer is directly related. Everyone is responsible for computer security. OK. If your computer has a special purpose and has no mutual influence with the network, no connection is established, and you have never read a floppy disk, CD, or other necessary media, in this case, you do not have to run any such application.

However, it is most likely that such a computer is used as a back-end financial system or runs specialized scientific software in a laboratory. Do not use computers to read e-mail, do not browse the network, do not read iTWire, Or do (electronic) banking.

Use those computers must be more careful. We all know that Microsoft Windows attracts virus programmers and malware like droops, but Linux users seldom join in any debate about whether an anti-virus system is more bloated than the other.

Indeed, some banks are even examining Linux Live CDs for customers to use. In this environment, Internet banking users will start their computers from the Linux CD and then execute online banking in the Linux environment. If you already use Linux, you don't actually need this, But it proves that Linux provides end users with an understanding of security and security facilities on Microsoft Windows.

This understanding is fair: When you use Google to search for "Windows virus outbreak" against "Linux virus outbreak", you should check the results of different types. Windows results talk about new viruses attacking commercial networks, large-scale outbreaks of viruses, descriptions of witnesses, and a large majority of blue screen crashes related to viruses and malware. On the contrary, the results of Linux talk about the availability of different anti-virus products. The term "Outbreak" is usually mentioned in the context of "a large number of virus outbreaks have become news, it also appears in the article about how Linux protects itself from viruses, which is better than Windows. Online users cannot find any articles about large-scale virus outbreaks that attack Linux computers.

There are some good reasons for this. Microsoft defenders will point out that because more people use Windows, it has a higher payload for virus writers. This argument is a sophistry, which hides the truth from the truth. In fact, Linux is safe by default, and Linux users are used to a very reasonable and secure way of working. The most obvious fact is that Linux users rarely log on with root superusers after all. This means that even if a malicious program is executed, it is impossible to tamper with any system file. It cannot delete system files. It will cause new services to be automatically loaded and run at startup.

However, anti-virus on Linux is also a good idea. I will tell you why.

The answer is that you probably want to interact with Windows users at some point in time. This is correct. If you are a Linux user, you do not have to run any anti-virus system for your own purposes. You will not be infected with Microsoft Word's macro virus. You won't be hit by years of big title virus outbreaks.

However, you may receive a joke from your family and friends that you should pass to a Windows operator. You may store files on the Samba server accessed by a Windows client. You may run the POP server for Windows machines.

Every one of these Windows customers is at risk of virus infection. If you are the one from which they are infected, isn't that bad? On the one hand, You Should Be not afraid of trouble for the benefit of others, but on the other hand, this is part of a good Internet user. I used to mention that the Linux host system transmits viruses just like a person with a cold heart. Mary was walking around and 47 people were infected with typhoid fever. She carries the disease, but she is not affected.

Similarly, Linux systems that pass viruses, even though they do not hurt themselves, are also the disseminators of plague. Maybe I am too dramatic, but I am frustrated when I hear someone suffering from a virus that is not detected or labeled when it passes through my network.

Why is Windows so vulnerable? Back to what I just said; contrary to Linux, Microsoft Windows users have always been used to logging on with full administrative privileges. Third-party software vendors are irreachable; therefore, many applications refuse to be installed or run correctly, unless they are operated as administrator users. I have seen poor programs that accidentally open static configuration Files to read and write-although they do not actually need to write such Files-because the configuration Files are stored in the directory C: \ Program Files, so, the user needs high-level privileges. Non-administrator users cannot write this directory. When requesting the software help service, the solution is "Make sure the user is a local administrator. However, the company closed down and cleared up the company within the time it had not even clicked twice, but this is just one of many examples.

Linux software needs to be installed in some way. In addition, some applications write directories and configuration files. Imagine that if the program that processes the incoming email cannot store data anywhere! However, the difference is intentional. From the very beginning, Linux built on the concept that nominated programs can run like superusers, but only explicitly specified programs. In order to install new programs, common users can temporarily become super users. This is not easy to change, mainly through the use of the sudo command, Linux users know that they can only increase the required privileges, and each time a command is sustained.

Microsoft has tried to correct this very bad defect through user access control (UAC) in Windows Vista. However, I suspect someone needs to look forward to seeing complaints about how UAC works. This may not be Microsoft's fault, rather it is said that many software still place too many unreasonable requirements on Management access, so the UAC prompt seems to be excessive. In any case, there is an option to disable UAC, which will make the system as vulnerable to attacks as in earlier Windows versions.

As a result, millions of Windows users are seen as computer superusers running Outlook and IE. Any program they run-good or bad-has full permissions and unrestricted access to the system. On the contrary, you cannot find the Linux User and type "sudo firefox ".

All of this shows that a firewall is not required to change the operating system. This software restricts access to the Internet. You may operate a website that is used internally but does not want to be exposed to the outside world. In this case, blocking firewall port 80 will prevent anyone not in your network from browsing your network.

In fact, all Internet communications should be blocked by default and the port to be used should be started. This means that you know exactly what is allowed, and the results will protect services that are running in the system that you do not know, such as FTP, Web, and email servers. The firewall is also suitable for protecting you from DoS attacks.

Another critical software in the modern world is the Anti-Spam system. Wherever you are, or whatever software you are running, you are the target of Viagra salesclerk and dead Royal relatives who have the right to use countless millions of dollars as long as you send them some cash. A lot of non-asking information is meaningless; I 've received an advertisement for penis enlargement, but I don't understand anything about how to make jail bigger. Maybe I have misunderstood it.

So, let's make a summary. Home Computer Security includes anti-virus, firewall, and anti-spam. Linux is a safer system than Windows. It is not a rhetoric, but a result of different designs and repeated "correct" working methods instilled in end users. However, if you want to connect to any other computer, you should do your best to consider everyone's security.

For Linux, ClamAV is a good free open-source anti-virus system. An excellent firewall called iptables has been built in. It can be configured in a subtle way as you may like to check the L7Filter. For Anti-Spam, try Anti-Spam SMTP Proxy (ASSP ).

Be vigilant and ensure security. Let's hear your thoughts. Do you think there are other mandatory provisions to ensure the security of home computers? Is there any better software recommendation? Or do you think this is a waste of time, and Anti-Virus is simply unnecessary to increase the burden on the processor?