20th National Cybersecurity Awareness Month kicks off

As National Cybersecurity Awareness Month kicks off, it’s a good time to reflect on how secure the systems you manage are – whether they’re running Linux, Windows or some other OS. While Linux is considered by many to be more secure due to its open-source nature and because privileges are clearly defined, it still warrants security reviews, and this month’s focus on cybersecurity awareness suggests that an annual review is more than just a good idea.

The designation became official in 2004, when President George W. Bush and Congress declared October to be National Cybersecurity Awareness Month. Keep in mind that in 2004, security practice often involved little more than updating antivirus software. Today, cybersecurity practices are much more intense as the threats have grown to be far more significant and far more challenging.

This post looks into what Linux admins should be doing to protect their systems in the spirit of National Cybersecurity Awareness Month.

What are we protecting?

“Cybersecurity Awareness Month is a critical reminder that effective cybersecurity isn’t solely about building higher walls against external threats. It’s equally about understanding and managing the data you already hold within those walls,” said Carl D’Halluin, CTO of Datadobi, in a statement. D’Halluin went on to point out that “illegal and orphaned data are prime examples of internal vulnerabilities that often go overlooked.”

How serious is the challenge?

“Today, cyber threats are escalating into full-blown crises – making Cybersecurity Awareness Month more than just a gentle reminder, but a stark warning that we must urgently overhaul our digital defenses,” stated Don Boxley, CEO and co-founder of DH2i. “Gone are the days when established security measures like VPNs sufficed. Hackers are continually advancing, rendering traditional methods increasingly obsolete. Proactive security isn’t an option; it’s an absolute necessity if organizations want to survive into the future.”

How important is email security?

Cybersecurity Awareness Month is “a crucial period that calls for our attention on the increasing threats in the digital landscape. Among these threats, one that’s often pushed to the background but deserves center stage, is email security,” stated Seth Blank, CTO at Valimail. “The bottom line is that even if the stats have become easy to ignore – the problem is real, and one misstep can wreak havoc.” Blank added: “This Cybersecurity Awareness Month, don’t just scroll past the warnings – take them to heart. Beef up your email security, or get ready for a world of hurt. The ball is in your court, and it’s ticking.”

Threats involving email include spear-phishing and whaling. Spear-phishing targets a specific group of people in an attempt to get them to click on a malicious link to steal things like login credentials. Whaling attacks target top officials, attempting to take them to a fraudulent website containing malware.

So what should you do?

National Cybersecurity Awareness Month is a time to reflect on all of the things that you do to keep the systems you manage and the data you need to protect secure. It’s a time to review and maybe even enhance your security practices.

Some of the things you need to consider include:

• Researching and adopting best security practices
• Enforcing strong passwords and applying password aging as well as ensuring that no accounts lack passwords (user or services)
• Using OpenSSH server security as needed
• Limiting the use of sudo to tasks that require it
• Disabling root login (anyone who needs root privilege must login as himself)
• Locking accounts after several failed login attempts
• Using two-factor authentication whenever possible
• Limiting listening ports to those that are truly needed
• Keeping your systems up-to-date with patches and updates
• Verifying your firewall settings
• Scanning your systems for security threats
• Briefing workers on the security practices that they should be following
• Configuring disk quotas to ensure that disks do not fill to capacity
• Uninstalling software and tools that are no longer required
• Using encryption to protect sensitive data
• Using VPNs for remote connections
• Routinely backing up servers to guard against data loss
• Deploying security scanning tools (e.g., chkrootkit) to detect and repair vulnerabilities
• Staying informed – the threat landscape is constantly changing

Cybersecurity apps

The following tools are worth looking into. They should be both open source and free. While this list is likely incomplete, the tools described are all highly regarded.

Antivirus

• ClamAV — https://www.clamav.net
• Avast antivirus — https://www.avast.com

Network and server scanning

• Nikto – Linux Web Server Scanner — https://github.com/sullo/nikto
• Nmap – Linux Network Scanner — https://nmap.org
• W3af — Open Source Web Application Security Scanner — /https://github.com/andresriancho/w3af

Rootkit and malware detection

• Rkhunter — Linux rootkit scanner —https://sourceforge.net/projects/rkhunter
• Chkrootkit — locally checks for signs of a rootkit — https://www.chkrootkit.org
• Linux malware detect (LMD) — malware detector —https://github.com/rfxn/linux-malware-detect

Intrusion detection

• Snort — Linux intrusion detection — https://snort.org
• OSSEC — Intrusion detection —https://www.ossec.net
• Crowdsec — protects against attacks on any server by parsing real-time service logs — https://github.com/crowdsecurity/crowdsec

Packet analyzers

• Wireshark – Linux Packet Analyzer — https://www.wireshark.org

Vulnerability scanners

• Nessus Vulnerability Scanner — scans for security vulnerabilities in devices, apps and operating systems — https://www.tenable.com/downloads/nessus
• OpenVAS — OpenVAS, an endpoint scanning application and web application used to identify and detect vulnerabilities — https://openvas.org

Security auditing

• Lynis – security auditing tool — https://github.com/CISOfy/lynis

Penetration testing

• OWASP ZAP — penetration testing tool being maintained under the umbrella of The Software Security Project (SSP) — https://github.com/zaproxy/zaproxy
• Metasploit framework – penetration testing — https://www.metasploit.com

Risk reduction

• Firejail — Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications, included in many Linux distributions — https://github.com/netblue30/firejail

Password auditing

• John the Ripper – Open Source password security auditing and password recovery tool and password cracker — https://www.openwall.com/john

Device identification

• OSQuery — uses basic SQL commands to leverage a relational data-model to describe a device. It gives access to the underlying state of an operating system — https://www.osquery.io

Network defense

• Ettercap — Ettercap can be used by hackers to attack a network or by network administrators to defend it — https://www.ettercap-project.org

Virtual Private Netwokring

• Proton VPN — virtual private networking — https://protonvpn.com
• Windscript — https://windscribe.com/?affid=y45ixar0

Wrap-up

National Cybersecurity Awareness Month is a designated time to review and advance what you do to ensure your systems and your data are as secure as you can make them. Doubling down on cybersecurity every October is more than just a good idea. Detecting, fixing and monitoring potential problems is well worth the time you invest.