Linux: Implementing a Security Test Methodology

By Emmett Dulaney

A key element of a computer security audit that you would use while working in Linux is a security test that checks the technical mechanisms used to secure a host and the network. The security-test methodology follows these high-level steps:

  1. 1.Take stock of the organization’s networks, hosts, network devices (routers, switches, firewalls, and so on), and Internet connection.

  2. 2.If there are many hosts and network connections, determine which are the important hosts and network devices that need to be tested. The importance of a host depends on the kinds of applications it runs. For example, a host that runs the corporate database would be more important than the hosts that serve as desktop systems.

  3. 3.Test the hosts individually. Typically, this step involves logging in as a system administrator and checking various aspects of host security, from passwords to system log files.

  4. 4.Test the network. This step is usually performed by attempting to break through the network defenses from another system on the Internet. If there’s a firewall, the testing checks that the firewall is indeed configured correctly.

  5. 5.Analyze the test results of both host and network tests to determine vulnerabilities and risks.

Each of the two types of testing — host and network — focuses on three areas of overall computer security:

  • Prevention: Includes the mechanisms (nontechnical and technical) that help prevent attacks on the system and the network.

  • Detection: Refers to techniques such as monitoring log files, checking file integrity, and using intrusion detection systems that can detect when someone is about to break into (or has already broken into) your system.

  • Response: Includes the steps for tasks such as reporting an incident to authorities and restoring important files from backup after a computer security incident occurs.

For host and network security, each of these areas has some overlaps. For example, prevention mechanisms for host security (such as good passwords or file permissions) can also provide network security. Nevertheless, thinking in terms of the three areas — prevention, detection, and response — does help.