<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2815180&amp;fmt=gif">
Alienvault USM Anywhere Logo
Skip to content

Top Linux Security Mistakes and How to Avoid Them: Part 2

Find out what mistakes Linux system administrators commonly make and prevent your organization from falling into the same routines.

Linux provides enterprises with a great degree of freedom as an open-source operating system. Linux enables development teams to innovate and adapt to changing business needs with agility. 

At the same time, the Linux platform is an ideal place to run mission-critical applications without compromising security or availability. A customized Linux environment can offer the benefits of a proprietary enterprise resource planning system but at a fraction of the cost. 

However, this approach gives additional responsibilities to Linux system administrators. Misconfigured enterprise Linux deployments can introduce more problems than they solve. It should come as no surprise that many of these problems revolve around a small list of predictable causes.


Top Linux Security Mistakes and How to Avoid Them: Part 1



Protect Your Linux Systems From These Easy-to-Make Mistakes

In Part One of this series, we covered some of the most common security mistakes that Linux system administrators make, including VLAN misconfiguration and overreliance on privilege escalations. Now we’ll cover an additional five mistakes that are generally less visible, but just as preventable.


1. IP Address Conflicts

If two devices share the same IP address, it may prevent users from connecting to the network. This often happens because of a Dynamic Host Configuration Protocol (DHCP) misconfiguration on a router, or due to simple human error. 

IP address conflicts can frustrate users and impact enterprise productivity. Having a reliable DHCP server on your network protects it from IP address conflicts. Unreliable servers may assign IP addresses incorrectly during dynamic IP allocation, creating discrepancies that demand manual attention. This can happen when new mobile devices join the network and fail to receive the proper IP address. 

System administrators need to closely monitor new devices joining enterprise networks and ensure they are being used according to the organization’s Bring-Your-Own-Device (BYOD) policies. IP address conflicts should be investigated promptly, to eliminate the possibility of unsecured device connections.


2. DNS Failures

The Domain Name System (DNS) is an integral part of any enterprise network. It enables users to identify devices, services, and other resources accessible through the Internet. Users can no longer access critical applications hosted on external domains when it fails. 

Failed connection errors happen when client devices fail to use DNS to resolve the IP address they are looking for. This might indicate cybercriminal activity like cache poisoning, DNS rebinding, or a distributed denial-of-service (DDoS) attack. It may simply be a sign of an extremely active network overloading your router through DNS traversal. 

It takes time to investigate these issues and determine whether an active cyberattack is underway. System administrators should prepare for DNS issues beforehand by establishing a DNS failover solution and making sure DHCP settings are properly configured.


3. Irregular Security Audits

Regular audits are an important part of any robust enterprise security policy. If security rules are not regularly tested, there is no way to be sure they’ll hold up against a real-world cyberattack.  

Information security best practices are constantly changing in response to incoming threat intelligence. Security audits provide system administrators an opportunity to identify areas that need improvement. 

A thorough security audit should examine every aspect of your IT infrastructure. It should methodically look through operating systems, server configuration, communications applications, data storage, and more. 

Having a reputable third party conduct your security audits is the best way to ensure your policies and processes are up-to-date. For enterprises that process large volumes of sensitive or confidential data, these audits may be required by law. 

Organizations that can’t go through a full third-party audit process can still run computer-assisted audit techniques (CAATs) using audit management software as an internal tool. This helps automate the data gathering process that good auditing relies on, making it easier to generate and review actionable reports.


4. Secure Shell (SSH) Key Mismanagement

The secure shell protocol is frequently used to connect to Linux servers. It establishes a remote shell and provides a text-based user interface. The protocol transfers commands to the remote server using an encrypted connection and execute them there for the length of the session.  

Establishing this encrypted connection requires managing a set of SSH keys. Every major enterprise and data center follows industry-wide regulations like NIST IR 7966 on SSH key management. These regulations specify how system administrators should provision, manage, and terminate SSH keys to limit unauthorized access to remote shell servers. 

Despite the importance of adhering to these regulations, it’s surprisingly common for Linux system administrators to hand out SSH keys to employees on-demand, with little or no authentication. Similarly, some administrators assign SSH keys to generic accounts that multiple people can use, which is a mistake.


5.  Improper Port Configuration

Since ports allow devices to communicate with one another, system administrators need to know which ones open and which ones are not. This seems simple in theory, but it can become a complex task in practice. 

For example, administrators often open ports to fulfill specific requests and then forget about them entirely. Some applications can automatically change firewall configurations, leaving ports open without warning.  

Given the sheer number of possible port configurations in an enterprise environment and the speed at which they can change, system administrators can’t reliably secure them manually. Vulnerability scanners can help identify ports that might not need to be open, and comprehensive log monitoring solutions can identify when suspicious activity passes through an open port.


Rely On Castra Expertise to Support Enterprise Linux Security 

Castra’s team of expert security analysts can help you identify points of improvement in your enterprise Linux network. We customize SIEM deployments to meet our customer’s individual needs, providing 24x7 managed detection and response services they can rely on. 


Speak to an information security expert about your enterprise Linux infrastructure to find out how we can help.