Howto secure an operation system? – Securitytips for every environment (Linux, Window, Solaris…)
„HEARTBLEED“ was a great security issue, but it wasn’t the first and it wont be the last.
There isn’t a guarantee that you will never be affected by such a security hole, but if you spent a little time in security – the chance for an attack will significant reduced.
So…here we are
5.) AUTOMATIC OS UPDATE
turn on the automatic update on your os.
I know – many people don’t want let the system take over the control, but the alternative is, that you have to do this manually everyday (even if there are no updates available, you have to check it) . You might say: Hey i have running services like databases, ftpserver…etc and i don’t want update that automatically , well we talk later (Point 1) about this.
4.) CHOOSE THE RIGHT OS
i don’t want to say: „Hey take Linux – its open source and so – it is a secure operating system„. After „Heartbleed“ that sentence isn’t really believable :D.
My Opinion is: choose the OS, where do you have the most knowledge. It makes no sense, if you use for example Linux, and you don’t know how to update or how to disable / enable services.
3.) DON’T WORK AS AN ADMIN
i know, it is comfortable to work as an admin or as the root user – but forget it. If you want to do administrative things, than use the „as administrator“ / „sudo“ functions.
If you ran the wrong program (e.g. a nice email attachment with a trojan) as an admin, you lost your OS with one click.
2.) IT IS YOUR OS (not for family and friends)
If you have only one computer for your family / friends, think about to give them there own OS on a different partition. Sure, Windows and Linux have a good rights-management, but friends and kids are clever – if they want the admin-rights, they will get it.
1.) OUTSOURCE YOUR SERVICES
Most of OS-Security-Holes affects services, like SSL (Heartbleed), MSSQL (SLAMMER), IIS…etc. Don’t install all these unnecessary services on your main OS.
Use virtual machines for it instead, and separate the access with a firewall. The main rule is: u can access all virtual machines – but the virtual machines cant access the host os. This practice has not only a security advantage – the os will boot much faster, if it hasn’t to start database, webservers….and other unnecessary services. I know, you cant outsource all services, but one service less on the main OS is better than no service less ;).
If you have further questions to build a secure operating system or need help so ask me: firstname.lastname@example.org
Have fun with these tips