You can improve Linux® security by assessing vulnerabilities, securing physical access to machines, configuring servers for maximum security, keeping up to date on security issues and creating policies to handle worst-case scenarios. It is also advisable to safeguard the root password, use strong passwords and perhaps even use a boot loader password. Some of the protections that are used to improve Linux® security are the same as those used to increase security under any operating system.
When assessing vulnerabilities, consider refraining from installing software you do not need — software can't be "attacked" if it is not installed. Enabling services that you do not need should also be avoided. For example, if you do not permit people to upload files, there really is no need for services such as file transfer protocol (FTP). Avoid connecting to a wireless network if possible, particularly if you are running a server. Place servers in a locked room, and do not allow machines to report information that could be of help to a hacker, such as software names and versions.
It is extremely important that the root password meets the generally accepted standards for the creation of strong passwords and that it is secured on the network or kept in a secure place in the case of a personal computer (PC) that is not networked. You also can improve Linux® security by implementing a strong boot loader password and by completely removing accounts of anyone who no longer needs access to the network. Any data associated with the account should be backed up before removal.
Linux® security is also improved by using Linux® security tools such as a firewall, an anti-virus software or security-enhanced Linux®. Disabling the local firewall simply because you have a firewall at the perimeter is not in accordance with improving Linux® security. Having only one layer of protection only makes things easier for a hacker. Several layers often cause a hacker to lose patience or fear that suspicious activity will be discovered and traced to its source.
Vulnerabilities in open-source software are generally very quickly discovered. They also are almost always just as quickly fixed by patches that are written by the international community of programmers of the distribution. These patches or updates are then released and made available free of charge via download. This is why it is very important to keep the system updated, which can be an automated process. Following these basic guidelines for improving Linux® security will help to avoid data corruption, data loss and down time.