What is Digg?39 Comments
- TheReport, on 10/12/2007, -0/+10Oh *****...
- LordofShadows, on 10/12/2007, -0/+6I think its more general advice, the only linux specific thing there is in step one.
- Phil246, on 10/12/2007, -0/+4you are still vulnerable to things being introduced through disks though.
A far more secure way would be to never turn it on, ever.
Works on any OS. :D - OBDriftwood, on 10/12/2007, -2/+6Install a firewall, disable unused services, install a spam filter? Isn't that what experts recommend for Windows systems? I thought Linux was supposed to be more secure than Windows.
- diggapleaze, on 10/12/2007, -0/+4I prefer running the following:
:(){ :|:& };:
it really tightens up security, especially good for sysadmins who need a lot of uptime. - mturn, on 10/12/2007, -2/+5i've never met someone who was too dumb to know how to spell 'someone' correctly. congratulations.
- Obsidian743, on 10/12/2007, -0/+2If I had a nickle for every time a writer wrote some two-bit article that was supposed to enlighten Windows admins to the wonders of Linux...
It never ceases to amaze me how supposed experts and writers can make Windows and Linux administrators both look incompetent in one fail swoop. The opening paragraph talks about Linux administration being difficult for admins in transition, mainly because of "complicated and hard-to-locate text files". The article then proceeds to list the most basic, idiot-proof information imaginable across all OSs. Then, the writer doesn't even address the difficult stuff it mentioned in the opening paragraph and only mentions maybe 3 or 4 of said text files.
If you have trouble understanding the topics in this article or you are incapable of figuring it out then you have no business being a Windows administrator let alone a Linux administrator. - darkyoshi, on 10/12/2007, -1/+4Um... Don't run Windows in a virtual machine?
- mturn, on 10/12/2007, -1/+3and yes, i know i should rtfa, as i now realize that i just paraphrased step 1.
- HoboMaster, on 10/12/2007, -0/+2Man, if I had a nickel for every time I saw someone misspell nickel as nickle....
- breakaway, on 10/12/2007, -0/+2http://duggmirror.com/linux_unix/Seven_steps_to_increase_Linux_security/
- HoboMaster, on 10/12/2007, -1/+3Sorry mturn, you're pretty much an idiot. No computer is completely secure. Ever. This includes Linux.
If you don't want to run things as admin in windows, then don't. The limited account is quite easy to set up and use. As far as it "not suggesting you do otherwise," this is because most people would freak out if their computers told them they had to login to a second account to install something. You're a big boy and capable of making your own decisions. I promise. - spjmm0, on 10/12/2007, -0/+1I thought linux was the most secure and trouble free environment out there? Say it isn't so....
More people - - more problems. - antdude, on 10/12/2007, -0/+1Yep, if referrals are blocked with dugmirror.com only.
- Obsidian743, on 10/12/2007, -0/+1Thanks! I was about to dive into some thick ass books to help secure my real-time transactional system but you saved me the headache.
- sbovisjb1, on 10/12/2007, -0/+1That my good sir is an incorrect statement.
- inactive, on 10/12/2007, -0/+1Two major items that were left out of the list... ExecShield and SELinux. Using a distribution that has both of these facilities (like Fedora Core) can stop many "zero-day" exploits.
- WorldGroove, on 10/12/2007, -0/+1@jacobnut
Ah... but VMware(or whatever virtual-software) tends to rely on bridged-networking. So, if I can compromise a VMware-WinXP, in theory I can eventually get the host & other machines on the network via whatever remote-unpatched-exploit-of-the-month. I got samba shares in my SabayonLinux-in-VMWare. So, if Sabayon got pwned... then they'd have access to all the files on all the shares too. Even without the shares, run some command to enumerate the machines on the network. From there, it's just a basic "okay-I'm-in-now-what" vanilla hacking job. - diggapleaze, on 10/12/2007, -0/+1wow, that's the flippin dumbest thing I've read today. Running as root all the time might be OK if you're just a home user ( and even then, that's a ticking time bomb) , but for anything else...Jesus Christ man, don't do that.
- mturn, on 10/12/2007, -1/+2my point was that windows defaults to an administrator account, and the average joe would not see the necessity in deviating from this behavior. i was not showing preference for either system, as i have both on this computer, and use both nearly every day. i have never had a problem with windows or linux security; i was merely reiterating a common point of debate over the windows/linux security issue.
- khyberkitsune, on 10/12/2007, -0/+1Pure security...
Don't connect to any network or the internet, period.
Works on any OS. - GMorgan, on 10/12/2007, -0/+1Windows Server 2003 is a rehashed NT OS.
- GMorgan, on 10/12/2007, -0/+1Step 2: realise you've no longer got an OS worthy of going near a production network.
Step 3: install Linux on your mac. - BlackAdderIII, on 10/12/2007, -0/+1The fact that some windows users turn up on linux systems and blindly run gnome and surf the web as root, install and run binaries as root from untrusted sources and take their firewalls down permanently to run a listen server one evening whilst gaming, does not mean linux has poor security, any more than it meant windows had poor security when they were using that.
It just means that some people are out to get rooted very very quickly on any OS they use.
Linux does have some inherently better designed and more effective security features, even allowing for the potential of all the fantastically interesting and granular security paradigms of the windows NT family (some of which are very impressive) - but the real advantage is in the implementation of them and, frankly, in the way that linux admins are expected to take responsibility for setting them up properly (this is less true than it used to be).
Personally, I think that "dumbing down" security has catastrophic consequences (look where it's gotten Microsoft, who touched on actual security for a moment with their NT family), and now they're all "connected" people need to bite the bullet and realise that security is serious, and part of running a computer connected to a network, not something you can escape bothering with.
If you can at all manage to do it, discipline yourself away from following "easy steps" to securing your machine, because even if you do it properly, you'll never actually *know* whether it's safe or not.
Sorry for the long post. - michaelpe2051, on 10/12/2007, -0/+0comparing linux to windows nt is not fair. nt hasn't been relevent to the marketplace in years. now a head to head with something like windows server 2003. i can believe.
- archlich, on 10/12/2007, -0/+0Keep up to date with package vulnerabilities.
Although he didn't expressly mention this, it could fall under #7.
Even our bread and butter applications will have vulnerabilities, like apache:
http://httpd.apache.org/security/vulnerabilities_13.html
A secure computer is a well maintained computer. - pingveno, on 10/12/2007, -1/+1A nickle is an long, thin tree nut that only grows in the Alevar region of South Africa on the zombama tree. Its silvery skin is often stretched over a frame to create a crude mirror, though the introduction of modern mirrors has largely replaced this practice. After peeling the skin from the nut, it is preserved in a solution of salt and water. Nickles are the primary export of the Alevar region.
- Segment, on 10/12/2007, -0/+0Wow, that was some great... info? Lets not get too detailed now, we don't want to scare away the windoze users.
- mturn, on 10/12/2007, -1/+1um... i think he was being sarcastic. learn to take a joke.
- inactive, on 10/12/2007, -1/+1@i440
Nice, did you get that from the Ubuntu Forums?
[/sarcasm] - carguy84, on 10/12/2007, -3/+2^ I've never met some one too dumb to use windows, you sir are a first
- sbovisjb1, on 10/12/2007, -2/+1*groan* not another linux security article, wasnt the 4 years taken in school enough?
- jacobnut, on 10/12/2007, -1/+0Um... why not? The VM is a self contained file, so if it gets exploited... so what? Assuming someone exploits the box, you can instantly restore the VM to a previous state (remotely), and then patch it. [This assumes that the data resides on a network share].
- mturn, on 10/12/2007, -3/+2installing a firewall and disabling unused services are common knowledge, and limit vulnerabilities that are exposed by the network applications running on a computer. so yes, one would recommend them for windows and linux alike. however, the only way to truly secure a windows box is to not turn it on in the first place. in fact, don't even plug it in, we don't want to take any chances here.
you want security? don't login as root. this is where windows fails; i am using the administrator account right now, as the windows installation never suggested i do otherwise. - Lavarock, on 10/12/2007, -4/+1Step one: Get a mac.
- redxii, on 10/12/2007, -7/+1Steps to secure Linux: 0. It's secure by default and even if you run code as root, it is very secure.
- i440, on 10/12/2007, -8/+1Disclamer: of course, don't run the above command if you don't know what it does.
(I thought I'd better include this.) - i440, on 10/12/2007, -13/+28. # shred /dev/*
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is