...
| Note |
|---|
All users are responsible for the security of their computers per Campus and UC Network Policies and Procedures outlined by the following:
(These are outlined also at: UCSB Network Policy and Procedures) |
...
- Be at least 12 characters long (However, more is better)
- Case sensitive (Meaning should have UPPER and lower case letters)
- Contains a mixture of letters and numbers
- Contains symbols (Such as #, ! and so forth...)
- Does not use words found in any dictionary (Such as names or words)
- Does not use letters or numbers in sequence or in repeated fashion (Like 1111, 1234, abcd)
- Using a password that contains public knowledge information related to you (Such as your address and the like.)
(Reference: Password Management on UCSB Information Security)
...
SAMBA (File Sharing) isn't necessary unless you are planning on being a file share server.
RPCBIND (For NFS) isn't necessary unless there is going to be network file share links to be made.
Basically, look for what is running on the machine and disable what isn't necessary for what you need at this time.
...
While this may seem to be an inconvenience for you access wise, it is much less of an inconvenience than to have your system compromised and cut off due to it being an issue or worse, requiring you to rebuild the system due to it being hijacked and encrypted.
Please refer to IPTables - Basics on setting up at least IPTables Firewall that is available for most Linux based OS systems.
Keep the system updated
Just like a Windows or Mac, Linux does have security updates that need to be taken care of from time to time.
Make sure your kernel is up to date and still supported.
Double check your security after an Application Install
Always check your system after a new application has been installed.
Some may open up ports to listen to that you did not have open before or set up a new account.
If this is the case, go through Security Checklist and make sure everything is secure.
If you have recently installed an network listening application, please be sure to update your firewall to restrict outside access appropriately and/or accounts related to it.
Check how exposed you are
...
You can use this to check your machine for what ports are open.
nmap may require having sudo or root access at times for some of the functions.
You can also make use of http://nmap.online-domain-tools.com/ to test it from the internet side.
You should do this from time to time, especially after adding a new application to see what is visible.
Special Cases
Occasionally specific operating systems have some security concerns that are specific to said operating systems. for example users of Raspberry PI's have to worry about disabling the default "PI" user on older Raspberry PI's, something that other operating systems do not have to worry about. Likewise Ubuntu users have to worry about turning on their firewall since it comes turned off by default, see UFW - Basics. While we do have specific pages for the most common issues, it is always good to check with the makers of each operating system for system specific security issues. Please note that Debian, Raspberry and Ubuntu are all non-supported operating systems, all help for them is "best effort". If you install these non-supported operating systems on your personal computer, you are essentially taking responsibility for your own security.
Centos - https://wiki.centos.org/HowTos/OS_Protection
Debian - https://www.debian.org/doc/user-manuals#securing
Fedora - https://fedoraproject.org/wiki/SecurityBasics
Raspberry PI - https://raspberrytips.com/security-tips-raspberry-pi/
Ubuntu - https://help.ubuntu.com/lts/serverguide/security.html
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...