Skip to content

🔐 Security

Understanding how Linux systems protect users, data and services.


Table of Contents

  1. What is Security?
  2. Why Security Matters
  3. Security Principles
  4. Least Privilege
  5. Defense in Depth
  6. Authentication
  7. Authorization
  8. Authentication vs Authorization
  9. Password Policies
  10. PAM
  11. PAM Workflow
  12. UFW
  13. Firewall Concepts
  14. Common UFW Commands
  15. AppArmor
  16. Attack Surface
  17. Hardening
  18. Security Layers
  19. Useful Commands
  20. Mental Model

1ī¸âƒŖ What is Security?

Security is the practice of protecting:

  • users
  • systems
  • applications
  • data

The goal is not:

Perfect Protection

because no system is completely secure.

The real goal is:

Reduce Risk

and limit damage when something goes wrong.


2ī¸âƒŖ Why Security Matters

Imagine a Linux server connected to the internet.

Without security:

  • anyone could attempt access
  • services could be abused
  • data could be stolen
  • systems could be modified

Security exists to reduce those risks.


3ī¸âƒŖ Security Principles

Most security systems are built around a few important concepts.

Least Privilege

Give only the permissions that are required.

Defense in Depth

Use multiple layers of protection.

Access Control

Restrict who can access resources.

Accountability

Actions should be traceable.


4ī¸âƒŖ Least Privilege

One of the most important security principles.

Example:

User only needs to read files

They should NOT receive:

  • write permissions
  • administrator privileges

Bad:

Everyone = Administrator

Good:

Each user receives only what is needed

Benefits:

✅ Smaller attack surface

✅ Fewer mistakes

✅ Better security


5ī¸âƒŖ Defense in Depth

Never rely on a single protection layer.

Example:

Password
    ↓
Permissions
    ↓
Firewall
    ↓
AppArmor

If one layer fails, others still provide protection.


6ī¸âƒŖ Authentication

Authentication answers:

Who are you?

Examples:

  • Passwords
  • SSH Keys
  • Biometrics

Authentication verifies identity.


7ī¸âƒŖ Authorization

Authorization answers:

What are you allowed to do?

Examples:

  • Read files
  • Modify files
  • Install software

Authorization determines permissions.


8ī¸âƒŖ Authentication vs Authorization

These concepts are often confused.

Authentication:

Identity Verification

Authorization:

Permission Verification

Example:

Login Successful
      ↓
Authentication
      ↓
Permission Check
      ↓
Authorization

9ī¸âƒŖ Password Policies

Password policies define security rules.

Common requirements:

  • Minimum length
  • Complexity requirements
  • Expiration periods
  • Password history
  • Account lockouts

Example policy:

Minimum length: 10
Uppercase required
Lowercase required
Numbers required

Weak password:

password123

Stronger password:

Blue!Tiger84#Moon

🔟 PAM

PAM means:

Pluggable Authentication Modules

PAM is the authentication framework used by Linux.

Instead of every application implementing authentication separately:

SSH
sudo
login
   ↓
  PAM

all of them can share the same authentication rules.


Think of PAM as:

The central authentication manager

for the system.


1ī¸âƒŖ1ī¸âƒŖ PAM Workflow

Without PAM:

SSH
  ↓
Own Authentication Logic

sudo
  ↓
Own Authentication Logic

login
  ↓
Own Authentication Logic

With PAM:

SSH
sudo
login
   ↓
  PAM

Everything follows the same security policies.


PAM can enforce:

  • Password complexity
  • Password expiration
  • Account restrictions
  • Login limitations

Benefits:

✅ Centralized management

✅ Consistency

✅ Flexibility


1ī¸âƒŖ2ī¸âƒŖ UFW

UFW means:

Uncomplicated Firewall

UFW provides a simpler way to manage firewall rules.


Think of UFW as:

A security guard

standing at the entrance of a building.

Every connection request is checked.


1ī¸âƒŖ3ī¸âƒŖ Firewall Concepts

A firewall decides:

Allow?
or
Block?

for incoming and outgoing traffic.


Without a firewall:

Everything is exposed

With a firewall:

Only approved traffic passes

Example:

Internet
    ↓
Firewall
    ↓
Server

1ī¸âƒŖ4ī¸âƒŖ Common UFW Commands

View firewall status:

sudo ufw status

Allow SSH:

sudo ufw allow 22

Meaning:

Allow traffic to SSH

Deny traffic:

sudo ufw deny 80

Meaning:

Block traffic to HTTP

Enable firewall:

sudo ufw enable

These commands are examples for learning concepts.


1ī¸âƒŖ5ī¸âƒŖ AppArmor

AppArmor is a Mandatory Access Control system.

Its purpose is to restrict applications.


Example:

Web Server

Allowed:

/var/www

Not Allowed:

/home/user

Even if the application becomes compromised, AppArmor can limit damage.


Think of AppArmor as:

A set of invisible walls

around an application.


1ī¸âƒŖ6ī¸âƒŖ Attack Surface

Attack Surface means:

Everything an attacker can interact with

Examples:

  • Open ports
  • Running services
  • User accounts
  • Applications

Larger attack surface:

More opportunities for attacks

Smaller attack surface:

Fewer opportunities for attacks

1ī¸âƒŖ7ī¸âƒŖ Hardening

Hardening means:

Making a system more secure

Examples:

  • Disable unnecessary services
  • Restrict permissions
  • Configure firewalls
  • Use strong passwords
  • Reduce exposed ports

Hardening is proactive security.


1ī¸âƒŖ8ī¸âƒŖ Security Layers

A secure system usually combines:

Passwords
      ↓
PAM
      ↓
Permissions
      ↓
Firewall
      ↓
AppArmor

No single mechanism should be trusted completely.


1ī¸âƒŖ9ī¸âƒŖ Useful Commands

Current user:

whoami

User information:

id

File permissions:

ls -l

Firewall status:

sudo ufw status

Running services:

systemctl list-units --type=service

Listening ports:

ss -tuln

These commands help administrators inspect the security state of a system.


2ī¸âƒŖ0ī¸âƒŖ Mental Model

Imagine a castle.

Authentication:

Who is at the gate?

Authorization:

Which rooms may they enter?

Firewall:

Outer Wall

PAM:

Identity Verification Process

AppArmor:

Internal Restrictions

Least Privilege:

Give only the keys that are needed

Final Mental Image

Authentication
      ↓
Authorization
      ↓
Permissions
      ↓
Firewall
      ↓
AppArmor
      ↓
Security

Security is the result of many protective layers working together.