Beyond the proper installation and configuration of your Red Hat Linux system,
it is critical that you secure the system to an acceptable level of
risk given its role, importance, and expected use. Security is an
incredibly complex subject that constantly involves emerging
problems, as well as potential ones.
Due to its amorphous and intricate nature, many system administrators and
users make the mistake of tackling small, isolated problems while letting
much larger and dangerous issues slip by. True system security goes far
beyond the installation of the latest update, the configuration
of a certain file, or the careful administration of user access to system
resources. It is a way of looking at the various threats to
your system and the lengths you will go to prevent them.
No system is completely secure unless it is turned off (and even then, it
is susceptible to being stolen). Any time the
system is on, it is susceptible to attack, ranging from a harmless prank
to a hardware-destroying virus to data being erased. But all is not
lost. With the proper outlook, as well as some good tools, you can enjoy
many years without experiencing a single security problem. The following sections
are designed to outline a way to approach system security and potential
threats, a context within which to consider various security tools,
costs, and benefits when running Red Hat Linux.
All users of any operating system face a common dilemma when
constructing a security paradigm for their system. On one hand, they
seek to avoid making the system so secure that nothing will run on it
properly. But on the other hand, they also try to avoid making the
system so insecure that anyone can (and will) do anything on it they
they wish to, including deleting the work of others or much worse scenarios.
There is no one right way to solve this dilemma. Some systems, either by
the nature of their purpose or the importance of the data they protect,
fall on one side of the dilemma while other systems, whether because of
the wide variety of users utilizing them or the fact that they are test
machines, fall on the other side.
The most important thing you can do when configuring the security of
your system is to determine where on the security dilemma spectrum your
particular system lies. This may be done for you by company policy. Or,
you may be a researcher with a system that you never connect to public networks, and no
one other than you has physical access to the machine. Or, you may be a
home user that is connected to a broadband connection and (rightfully)
concerned about ways malicious users a world away could damage your
data.
Regardless which of the countless possible scenarios you may
fit in, you bear the responsibility to determine your proper exposure to
risk versus the goals your system must accomplish. Then, once you make
this determination, use this knowledge as a guide of how to set up and
maintain security guidelines on your system.
