đ Security¶
Understanding how Linux systems protect users, data and services.
Table of Contents¶
- What is Security?
- Why Security Matters
- Security Principles
- Least Privilege
- Defense in Depth
- Authentication
- Authorization
- Authentication vs Authorization
- Password Policies
- PAM
- PAM Workflow
- UFW
- Firewall Concepts
- Common UFW Commands
- AppArmor
- Attack Surface
- Hardening
- Security Layers
- Useful Commands
- Mental Model
1ī¸âŖ What is Security?¶
Security is the practice of protecting:
- users
- systems
- applications
- data
The goal is not:
Perfect Protection
because no system is completely secure.
The real goal is:
Reduce Risk
and limit damage when something goes wrong.
2ī¸âŖ Why Security Matters¶
Imagine a Linux server connected to the internet.
Without security:
- anyone could attempt access
- services could be abused
- data could be stolen
- systems could be modified
Security exists to reduce those risks.
3ī¸âŖ Security Principles¶
Most security systems are built around a few important concepts.
Least Privilege¶
Give only the permissions that are required.
Defense in Depth¶
Use multiple layers of protection.
Access Control¶
Restrict who can access resources.
Accountability¶
Actions should be traceable.
4ī¸âŖ Least Privilege¶
One of the most important security principles.
Example:
User only needs to read files
They should NOT receive:
- write permissions
- administrator privileges
Bad:
Everyone = Administrator
Good:
Each user receives only what is needed
Benefits:
â Smaller attack surface
â Fewer mistakes
â Better security
5ī¸âŖ Defense in Depth¶
Never rely on a single protection layer.
Example:
Password
â
Permissions
â
Firewall
â
AppArmor
If one layer fails, others still provide protection.
6ī¸âŖ Authentication¶
Authentication answers:
Who are you?
Examples:
- Passwords
- SSH Keys
- Biometrics
Authentication verifies identity.
7ī¸âŖ Authorization¶
Authorization answers:
What are you allowed to do?
Examples:
- Read files
- Modify files
- Install software
Authorization determines permissions.
8ī¸âŖ Authentication vs Authorization¶
These concepts are often confused.
Authentication:
Identity Verification
Authorization:
Permission Verification
Example:
Login Successful
â
Authentication
â
Permission Check
â
Authorization
9ī¸âŖ Password Policies¶
Password policies define security rules.
Common requirements:
- Minimum length
- Complexity requirements
- Expiration periods
- Password history
- Account lockouts
Example policy:
Minimum length: 10
Uppercase required
Lowercase required
Numbers required
Weak password:
password123
Stronger password:
Blue!Tiger84#Moon
đ PAM¶
PAM means:
Pluggable Authentication Modules
PAM is the authentication framework used by Linux.
Instead of every application implementing authentication separately:
SSH
sudo
login
â
PAM
all of them can share the same authentication rules.
Think of PAM as:
The central authentication manager
for the system.
1ī¸âŖ1ī¸âŖ PAM Workflow¶
Without PAM:
SSH
â
Own Authentication Logic
sudo
â
Own Authentication Logic
login
â
Own Authentication Logic
With PAM:
SSH
sudo
login
â
PAM
Everything follows the same security policies.
PAM can enforce:
- Password complexity
- Password expiration
- Account restrictions
- Login limitations
Benefits:
â Centralized management
â Consistency
â Flexibility
1ī¸âŖ2ī¸âŖ UFW¶
UFW means:
Uncomplicated Firewall
UFW provides a simpler way to manage firewall rules.
Think of UFW as:
A security guard
standing at the entrance of a building.
Every connection request is checked.
1ī¸âŖ3ī¸âŖ Firewall Concepts¶
A firewall decides:
Allow?
or
Block?
for incoming and outgoing traffic.
Without a firewall:
Everything is exposed
With a firewall:
Only approved traffic passes
Example:
Internet
â
Firewall
â
Server
1ī¸âŖ4ī¸âŖ Common UFW Commands¶
View firewall status:
sudo ufw status
Allow SSH:
sudo ufw allow 22
Meaning:
Allow traffic to SSH
Deny traffic:
sudo ufw deny 80
Meaning:
Block traffic to HTTP
Enable firewall:
sudo ufw enable
These commands are examples for learning concepts.
1ī¸âŖ5ī¸âŖ AppArmor¶
AppArmor is a Mandatory Access Control system.
Its purpose is to restrict applications.
Example:
Web Server
Allowed:
/var/www
Not Allowed:
/home/user
Even if the application becomes compromised, AppArmor can limit damage.
Think of AppArmor as:
A set of invisible walls
around an application.
1ī¸âŖ6ī¸âŖ Attack Surface¶
Attack Surface means:
Everything an attacker can interact with
Examples:
- Open ports
- Running services
- User accounts
- Applications
Larger attack surface:
More opportunities for attacks
Smaller attack surface:
Fewer opportunities for attacks
1ī¸âŖ7ī¸âŖ Hardening¶
Hardening means:
Making a system more secure
Examples:
- Disable unnecessary services
- Restrict permissions
- Configure firewalls
- Use strong passwords
- Reduce exposed ports
Hardening is proactive security.
1ī¸âŖ8ī¸âŖ Security Layers¶
A secure system usually combines:
Passwords
â
PAM
â
Permissions
â
Firewall
â
AppArmor
No single mechanism should be trusted completely.
1ī¸âŖ9ī¸âŖ Useful Commands¶
Current user:
whoami
User information:
id
File permissions:
ls -l
Firewall status:
sudo ufw status
Running services:
systemctl list-units --type=service
Listening ports:
ss -tuln
These commands help administrators inspect the security state of a system.
2ī¸âŖ0ī¸âŖ Mental Model¶
Imagine a castle.
Authentication:
Who is at the gate?
Authorization:
Which rooms may they enter?
Firewall:
Outer Wall
PAM:
Identity Verification Process
AppArmor:
Internal Restrictions
Least Privilege:
Give only the keys that are needed
Final Mental Image
Authentication
â
Authorization
â
Permissions
â
Firewall
â
AppArmor
â
Security
Security is the result of many protective layers working together.