Chapter 4.


Workstation Security


Securing a Linux environment begins with the workstation. Whether you are locking down your own


personal machine or securing an enterprise system, sound security policy begins with the individual


computer. After all, a computer network is only as secure as the weakest node.


4.1. Evaluating Workstation Security


When evaluating the security of a Red Hat Linux workstation, consider the following:


BIOS and Boot Loader Security   Can an unauthorized user physically access the machine and


boot into single user or rescue mode without a password?


Password Security   How secure are the user account passwords on the machine?


Administrative Controls   Who has an account on the system and how much administrative control


do they have?


Available Network Services   What services are listening for requests from the network and should


they be running at all?


Personal Firewalls   What type of firewall, if any, is necessary?


Security Enhanced Communication Tools   What tools should be used to communicate between


workstations and what should be avoided?


4.2. BIOS and Boot Loader Security


Password protection for the BIOS and the boot loader can prevent unauthorized users who have phys 


ical access to your systems from booting from removable media or attaining root through single user


mode. But the security measures one should take to protect against such attacks depends both on the


sensitivity of the information the workstation holds and the location of the machine.


For instance, if a machine is used in a trade show and contains no sensitive information, than it may


not be critical to prevent such attacks. However, if an employee's laptop with private, non password


protected SSH keys for the corporate network is left unattended at that same trade show, it can lead to


a major security breech with ramifications for the entire company.


On the other hand, if the workstation is located in a place where only authorized or trusted people


have access, then securing the BIOS or the boot loader may not be necessary at all.


4.2.1. BIOS Passwords


The following are the two primary reasons for password protecting the BIOS of a computer


1


:


1. Prevent Changes To BIOS Settings    If an intruder has access to the BIOS, they can set it to


boot off of a diskette or CD ROM. This makes it possible for them to enter rescue mode or


single user mode, which in turn allows them to seed nefarious programs on the system or copy


sensitive data.


1. Since system BIOSes differ between manufacturers, some may not support password protection of either


type, while others may support one type and not the other.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved