Chapter 4.
Workstation Security
Securing a Linux environment begins with the workstation. Whether you are locking down your own
personal machine or securing an enterprise system, sound security policy begins with the individual
computer. After all, a computer network is only as secure as the weakest node.
4.1. Evaluating Workstation Security
When evaluating the security of a Red Hat Linux workstation, consider the following:
BIOS and Boot Loader Security   Can an unauthorized user physically access the machine and
boot into single user or rescue mode without a password?
Password Security   How secure are the user account passwords on the machine?
Administrative Controls   Who has an account on the system and how much administrative control
do they have?
Available Network Services   What services are listening for requests from the network and should
they be running at all?
Personal Firewalls   What type of firewall, if any, is necessary?
Security Enhanced Communication Tools   What tools should be used to communicate between
workstations and what should be avoided?
4.2. BIOS and Boot Loader Security
Password protection for the BIOS and the boot loader can prevent unauthorized users who have phys 
ical access to your systems from booting from removable media or attaining root through single user
mode. But the security measures one should take to protect against such attacks depends both on the
sensitivity of the information the workstation holds and the location of the machine.
For instance, if a machine is used in a trade show and contains no sensitive information, than it may
not be critical to prevent such attacks. However, if an employee's laptop with private, non password
protected SSH keys for the corporate network is left unattended at that same trade show, it can lead to
a major security breech with ramifications for the entire company.
On the other hand, if the workstation is located in a place where only authorized or trusted people
have access, then securing the BIOS or the boot loader may not be necessary at all.
4.2.1. BIOS Passwords
The following are the two primary reasons for password protecting the BIOS of a computer
1
:
1. Prevent Changes To BIOS Settings    If an intruder has access to the BIOS, they can set it to
boot off of a diskette or CD ROM. This makes it possible for them to enter rescue mode or
single user mode, which in turn allows them to seed nefarious programs on the system or copy
sensitive data.
1. Since system BIOSes differ between manufacturers, some may not support password protection of either
type, while others may support one type and not the other.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved