Linux Security - What's a good place for n00bs to start learning?

[corinthos]

Are there good books or online resources for learning about how (and why) to configure your hardware and Linux system to make it secure, especially when connected to the Internet (perhaps even 24/7)? I'd appreciate it if you could point a n00b in a good direction to get started. Thanks.

 

[n0cmonkey]

It largely depends on what the system will be doing. Plenty of applicaions have enough settings that writing a single document with all of the tips and tricks would be ridiculous.

My first suggestion is to make sure you understand what you are doing. Read the man pages for the software you want to run. Understand how to configure them correctly.

 

[xtknight]

Closing up unneeded ports and isolating yourself from the WAN directly (by a NAT router) are a good start.

Don't worry about listening ports bound to 127.0.0.1 though. Only your own PC can access that. No one else, period. Be suspicious of anything else bound to something other than 127.x.x.x. Chances are it's an exploit waiting to happen. Of course, not ALL ports will expose you to an app with exploits. It depends on the application and how secure it is. Shut down ssh,ftpd,httpd,smtpd,cupsd, and any other daemons if you don't use them!

However you don't need to worry about this if a NAT router seals you from the outside. It does by nature. However, if you forward a port or set yourself up as DMZ, you are vulnerable again to that specific port, or to all ports, respectively.