|
Requirements for Securing a Linux (Red Hat) Computer that Processes
Sensitive Information |
|
Minimum requirements
to ensure that your Linux computer
is compliant with the University Sensitive Information Protection
Policy.
|
|
1.
Install
antivirus software. Symantec
Antivirus 2.
Use
a firewall. You must
minimize the risk of a network service exploit by properly configuring a
firewall. One option is to properly
configure Red Hat’s built in firewall via the Security Level Configuration Tool during installation (can also
type the redhat-config-securitylevel command in a shell prompt to launch
it).
3.
Choose
a secure password. Passwords should: - be changed at
least every 90 days Hint: A strong password might look
something like: P@$$w0r$ 4. Critical software and operating system
updates will be installed in a timely manner. Red Hat Network (https://rhn.redhat.com) can
be configured to provide automatic updates to specific systems via the
website. -
Log into the RHN website at: https://rhn.redhat.com/ -
Click the "Systems" tab. -
Click the desired system name to view it's details. -
Click the "Properties" subtab under the System Details page.
-
Select the "Auto Errata Update" checkbox. -
Click the "Update Properties" button. 5.
Operate
an Operating System Screen Saver Password on the computer. First,
log in as a user (other than root) and use xscreensaver to set the
appropriate screensaver and screen lock settings that you wish to be applied
to all users. When you configure these settings, a file is created in this
user's home directory called .xscreensaver. Now log in as root and copy this
file to the directory /etc/skel. Change the ownership of this file to root by
executing: # chown root:root
/etc/skel/.xscreensaver Now,
every new user that is created will have this file in their home directory,
so they will inherit these settings automatically. For existing users, copy
this file to their home directory and then execute: # chown username:username
~username/.xscreensaver This
will set the correct permissions on the file so that these settings will take
effect. Please note that this will overwrite any screensaver customizations
the existing user has made. 6.
Check
the credentials of anyone asking for information about your computer. 7.
With
the exception of non university Instant Messaging (IM), peer to peer (P2P), and
Internet Relay Chat (IRC) software, users can install software/applications that
have been approved by the organization’s technology representative and/or information
technology manager. 8.
In
accordance with the principle of least privilege, users will only use minimal
user profile privileges on computers that are based on users' job necessities
(default is to deny access). 9.
File
an Incident Report to report any suspicious activity on your machine by
sending an email that contains the following information to help.gsu.edu. a)
Type "Security Incident - High Priority" in the
subject line of the email. b)
Give the date the incident occurred. c)
Describe the incident. d)
Optional: If you know your IP address, or the IP address
of your attacker, please include. e)
Provide contact information such as your name, phone
number, and department.
Help: If you have questions, or need assistance,
please contact Information Security (security@gsu.edu) or the |
