Many users put most of their security emphasis in restricting the number
of users that can gain root access on their system. While this is
obviously a very good and an important first step, much more must be done
to make a system secure. For one thing, security is only one part of the
larger issue of system stability. Security issues are often intertwined
with larger points of stability, and a successful system balances
methods and tools used for security protection with an awareness of
alternate ways in which similar damage can be inflicted.
First of all, if your system is used by multiple users and those users
change, be sure to delete the accounts of old users immediately after
those accounts are no longer being used. Better still, develop a clear
and concise checklist of items that must be done when a user account or group is
no longer required.
Limit physical access to your system. If you have valuable files on your
secure system, someone looking to access them may find that this job is
easier if they can walk off with the hard drive and try to get in at
their own pace. Things can be made much harder for an attacker if they
are kept unaware of the physical aspects of a machine they wish to
compromise.
Above all, think beyond the most basic ways to get around your security
methods. Consider that you shouldn't protect one possible way to access
the system only to leave another avenue far more susceptible. Of course,
how you go about doing this is dependent on you or your users'
needs. Just be sure not to focus too much on one way in which your
system can be attacked.
