Improving your Linux server security is necessary to secure your time, intellectual property, and data from intruders. Probably, more than 50% of the internet’s servers run some tasks on Linux.
Consequently, intruders have learned to hack the Linux servers on a large scale to steal network bandwidth and storage. They push malware, scams, spam, and phishing campaigns into these hacked servers onto users worldwide.
At the same time, only 2% of desktop computers worldwide run on Linux. Therefore, it does not get the attention of hackers. But, this does not mean that Linux is entirely safe. Linux malware does exist, laptops can get phished, stolen, lost, or hacked.
Here are some of the ways to improve the security of your Linux server and Linux desktop system:
1. Enable Your Firewall
It is one of the security measures that every Linux kernel user should carry out. Linux has locked ports by default, even when the firewall is disabled. But hardening your security is something you should always do to keep yourself out of many sorts of cyberattacks.
To enable this, run the following command on the terminal:
→ sudo apt-get install guf
Here, GUFW stands for “Graphical Uncomplicated Firewall.” This command will install the firewall. To open this, you should type the following command in your terminal and hit enter:
→ gufw
Once done, You will see its simple user interface. You can simply turn it “on” by sliding the “status” button.
2. Encrypt Data Communication For Server
Any data transmitted through the network is open for monitoring. When you encrypt this transmitted data using keys/certificates or with a password, you are improving the security of your system. Here are some of the ways:
- Using a VPN is a cost-effective way. It takes care of your online privacy and protects your data by encrypting your connection. An intruder will not be able to track your IP address and location. A USA VPN will let you enjoy blazing speed for Linux.
- Use commands like sftp, rsync, ssh, or scp for transferring files. You can also mount your home directory or remote server file system using fuse tools and special sshfs.
- GnuPG allows you to encrypt your communication and data and sign it. It features access modules and a versatile key management system for all kinds of public key directories.
3. Keep Software Up to Date
A critical step of maintaining a Linux server is applying security patches. Linux lets you upgrade between the versions easily and provides all the necessary tools to keep your systems updated. You should apply all the security updates as soon as they are available. You can use RPM package managers like dpkg, apt-get, and yum to apply security updates.
You can apply these security updates via a cron job or configure the Fedora/CentOS/Red hat Linux to send yum package update notification via email.
4. Improve Your Browsing Security
Web browsers are the most overlooked aspect of online security. It is the most common way malware like worms, drive-by downloads, and JavaScripts can enter your device.
You can improve Linux browser security by multiple methods. These browser extensions can prevent attacks from suspicious third parties and contribute to improving security. Here are a few add-ons that you can use:
- NoScript: This is the most useful browser add-on for Firefox. It blocks scripts executed from a website that you do not trust. It white-lists sites that you often visit, and any new websites are blocked, increasing the security significantly.
- Privacy Badger: Created by the Electronic Frontier Foundation, this add-on blocks tracking technologies and malicious adverts and categorizes the danger of a site by marking them green, red, or yellow.
- Disconnect: This browser extension makes your web browsing private by blocking any third-party aiming to track your browsing history.
- Adblock Plus: It is available for most browsers that disable any advertisements, redirects, and pop-ups.
5. Choose Full Disk Encryption (FDE)
Irrespective of the operating system that you use, you must encrypt your entire hard disk. If your laptop is stolen or lost, simple login data will not be able to protect your data. An intruder will boot into Linux easily by using a USB key and can read your data without knowing the password.
When you encrypt your hard disk, you safeguard your remaining data because the intruder will not be able to access your data without the FDE password.
When you are using FDE over encrypting, you are making sure that not only your home folder and the files are safe, but also other directories, temporary files, and swap files are also secured.
6. Disable USB Mount
An important method through which you can ensure higher security against anyone who can tamper physically with your computer is to ban them from using USB to attack it. A lot of USB-based malware is automatically activated when the pen drive is inserted into the USB port. Thus, it is necessary to heighten the security of your system.
The drawback of this method is that you will have to quit using USB drives and find a different way to transfer data safely. The following steps will help you with disabling the USB mount:
- Open the editor and run the following command
→ install usb-storage /bin/true
- Save it as a .conf file and save it in the following location:
→ /etc/modprobe.d/
- Restart your system and test if you can still use the USB drive on your system.