Best Practice Linux Guide: Data Security

In this era of ‘big data’ Linux data security is of paramount importance. Here are best practice tips to make sure your data is secure by design.

People new to Open Source Software sometimes wonder if openness is a security problem. Others have suggested that the proliferation of Linux distributions means that there is no standardisation, and no best practice standards for secure architectures and systems management.

In fact, openness and the proliferation of different projects are strengths. Open Source projects from the Linux operating system down to the smallest applications are constantly examined by developers looking to improve their own projects. This means many pairs of eyes scrutinising the code, all of them with a vested interest in it working well. Vulnerabilities are patched and upgrades are released to users very quickly.

There are standards for Linux data security too, not least the Security Enhanced Linux (SELinux) tools originally developed by the US National Security Agency and released to the public in 2000, which have been incorporated into the standard Linux kernel since 2003. Other standards such as ISO 27001 (covering information security) and PCI DSS (covering online payment security) are platform agnostic. But there’s no point having the tools if you don’t use them.

How to get Linux data security by design

A common problem is that configuration variances arise when Linux is deployed by different teams, at different times, for various purposes across the data centre. This makes it tricky to implement and maintain the appropriate security measures.That’s risky, particularly in today’s IT infrastructures which reside on widely distributed networks that provide intruders with readily available entry points to corporate systems and data.

Standardisation is the key; ensuring security standards are consistently applied in the design, deployment and maintenance of Linux. There are three fundamentals:

1) A Standard Operating Environment (SOE)

An SOE is a carefully defined core build specification that helps organisations develop a repeatable process for implementing secure and optimised Linux system builds across their diverse hardware platforms, business applications and workloads. A core build allows systems to be deployed rapidly and consistently in a secure manner.

2) A Standard Operating Environment Management Platform (SOEMP)

An SOEMP is a set of technologies such as Red Hat’s Satellite Server and Puppet that gives system administrators the power to easily automate repetitive tasks and quickly deploy and actively manage the SOE and its security. An SOEMP significantly reduces the cost of maintaining a core build’s security, quality assurance, deployment and maintenance cycle.

3) Best practice systems management processes

In order to maintain Linux data security, security management must form a key component of any management methodology such as FCAPS.

Alongside the SOEMP, technologies like Centrify provide an organised approach to identity and access management that results in stronger security, improved compliance and reduced operational costs.

What you need to do

• Design and configure Linux builds with security a priority.
• Create and maintain the optimal security configuration.
• Apply support patches and security updates promptly.
• Monitor and report on security configuration variances.
• Tighten networking and user access.
• Use centralised management and authentication services.
• Use logging and auditing to deliver quality assurance and standards compliance.
• Review policies and procedures at regular intervals.
• Select systems management tools like Puppet and Satellite Server for core build configuration management and deployment, Centrify for user authentication and Nagios for monitoring.

To find out more about why you should be switching to OSS and Linux read our free eGuide: Avoid vendor lock in: take the power back.