Chapter 4. General Principles of Information Security
The following general principles provide an overview of good security practices:
- Encrypt all data transmitted over networks to help prevent man-in-the-middle attacks and eavesdropping. It is important to encrypt authentication information, such as passwords.
- Minimize the amount of software installed and running services.
- Use security-enhancing software and tools, for example, Security-Enhanced Linux (SELinux) for Mandatory Access Control (MAC), Netfilter iptables for packet filtering (firewall), and the GNU Privacy Guard (GPG) for encrypting files.
- If possible, run each network service on a separate system to minimize the risk of one compromised service being used to compromise other services.
- Maintain user accounts: create and enforce a strong password policy; delete unused user accounts.
- Routinely review system and application logs. By default, security-relevant system logs are written to
/var/log/audit/audit.log. Note: sending logs to a dedicated log server helps prevent attackers from easily modifying local logs to avoid detection.
- Never log in as the root user unless absolutely necessary. It is recommended that administrators use
sudoto execute commands as root when required. Users capable of running
sudoare specified in
/etc/sudoers. Use the
visudoutility to edit