Differences between revisions 60 and 61
Revision 60 as of 2019-09-30 19:09:05
Size: 4347
Editor: vauss
Comment: typo
Revision 61 as of 2019-09-30 19:19:52
Size: 4352
Editor: vauss
Comment: typo
Deletions are marked like this. Additions are marked like this.
Line 41: Line 41:
 * Read the [[https://www.debian.org/doc/manuals/securing-debian-howto/|Securing Debian manual]]  * Read the [[https://www.debian.org/doc/manuals/securing-debian-howto/|Securing Debian manual]].
Line 45: Line 45:
 * Minimize running software - check for running processes that you do not need ({{{ps}}}, {{{top}}}, monitoring systems...), minimize running [[systemd|services]]
 * Use a [[Firewall]] to restrict network access to and from your system. Close any ports that you do not need open. check for unwanted open ports/services ({{{ss}}}, {{{netstat}}}...). Disable networking in applications that do not need it.
 * Use strong [[Cryptography]] (encrypted network protocols)
 * Prevent data loss with a good [[Backup]] strategy
 * Increase availability by adding redundancy/failover mechanisms ([[Storage#RAID|RAID]]...)		  * Minimize running software - check for running processes that you do not need ({{{ps}}}, {{{top}}}, monitoring systems...), minimize running [[systemd|services]].
 * Use a [[Firewall]] to restrict network access to and from your system. Close any ports that you do not need open. Check for unwanted open ports/services ({{{ss}}}, {{{netstat}}}...). Disable networking in applications that do not need it.
 * Use strong [[Cryptography]] (encrypted network protocols).
 * Prevent data loss with a good [[Backup]] strategy.
 * Increase availability by adding redundancy/failover mechanisms ([[Storage#RAID|RAID]]...).

Translation(s): English - Français - Italiano


https://www.debian.org/logos/openlogo-nd-50.png https://www.debian.org/Pics/debian.png

Portal/IDB/logo_portal.png Welcome to Debian security management

Portal/IDB/icon-security-32x32.png This portal talk about managing security on your system. Technical language could be used.

https://www.debian.org/doc/manuals/securing-debian-howto/ - Securing Debian Manual
https://www.debian.org/security/ - Information about Debian Security

  • Computer security, cybersecurity or information technology security (IT security) is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. The field is becoming more important due to increased reliance on computer systems, the Internet, wireless networks, the growth of "smart"/"Internet of things" devices.

Some common principles of computer security include:

  • Threat models: Some will only want to prevent access to their computer/account when leaving it a few minutes to make coffee - this is simply dealt with (installing a screen locker). Some may want to stop sophisticated gangs from breaking into their systems - this requires a whole shift in thinking so that everything you do has security in mind.

  • Defense in depth: building layer upon layer of security measures - hence not only relying on one layer of security, but many different measures which would all have to be circumvented in order to compromise the system.

  • A weakest link is any component in a system, that will cause the whole security strategy to fail if defeated.

  • Security is a process, not a product: just buying or setting up a technology solution will not provide you security on its own - security is an ongoing technological and human process.

The Securing Debian manual describes security in Debian, securing and hardening the default Debian GNU/Linux installation, common tasks to set up a secure network environment, and additional information on available security tools.

Security checklist

This covers only some aspects of securing a system:

  • Read the Securing Debian manual.

  • Subscribe to the debian-security-announce mailing list for information on security advisories, and/or the higher traffic debian-security list.

  • Only install software from trusted sources. Use SecureApt to validate package signatures. Minimize installed software.

  • Enforce privilege separation using Linux users/groups, ?Sandboxing or Virtualization methods.

  • Minimize running software - check for running processes that you do not need (ps, top, monitoring systems...), minimize running services.

  • Use a ?Firewall to restrict network access to and from your system. Close any ports that you do not need open. Check for unwanted open ports/services (ss, netstat...). Disable networking in applications that do not need it.

  • Use strong Cryptography (encrypted network protocols).

  • Prevent data loss with a good Backup strategy.

  • Increase availability by adding redundancy/failover mechanisms (RAID...).

Wiki pages

List of pages related to security management in Debian:

  1. AppArmor
  2. AppArmor/Contribute
  3. AppArmor/HowToUse
  4. AppArmor/Reportbug
  5. AppArmor/UserStories
  6. CategorySystemSecurity
  7. CryptoPolicy
  8. Cryptography
  9. Cryptsetup
  10. DebianEdu/HowTo/LtspBootchart (ltsp-build-client.log-0.82-2-20060309.txt)
  11. DebianFirewall
  12. Doas
  13. Firewalls
  14. OpenPGP
  15. Permissions
  16. ReleaseGoals/SystemdAnalyzeSecurity
  17. Root
  18. SSH
  19. SSLkeys
  20. Seahorse
  21. SecuringNFS
  22. SecurityManagement
  23. SecurityManagement/fingerprint authentication
  24. Self-Signed_Certificate
  25. ServiceSandboxing
  26. Sprints/2016/DebianCloudNov2016 (Minutes.txt)
  27. SystemGroups
  28. UntrustedDebs
  29. UserAccounts
  30. UserPrivateGroups
  31. UsersAndGroups
  32. UsingSCAP
  33. WHEEL/PAM
  34. pamusb
  35. sudo
  36. suricata
  37. zh_CN/AppArmor/HowToUse

CategoryPortal | CategorySystemAdministration | CategorySystemSecurity | CategoryNetwork