Since 2004, October is National Cybersecurity Awareness Month. Here's a review of what that means, plus a list of open-source and free cybersecurity tools to consider. Credit: CIS As National Cybersecurity Awareness Month kicks off, it’s a good time to reflect on how secure the systems you manage are – whether they’re running Linux, Windows or some other OS. While Linux is considered by many to be more secure due to its open-source nature and because privileges are clearly defined, it still warrants security reviews, and this month’s focus on cybersecurity awareness suggests that an annual review is more than just a good idea. The designation became official in 2004, when President George W. Bush and Congress declared October to be National Cybersecurity Awareness Month. Keep in mind that in 2004, security practice often involved little more than updating antivirus software. Today, cybersecurity practices are much more intense as the threats have grown to be far more significant and far more challenging. This post looks into what Linux admins should be doing to protect their systems in the spirit of National Cybersecurity Awareness Month. What are we protecting? “Cybersecurity Awareness Month is a critical reminder that effective cybersecurity isn’t solely about building higher walls against external threats. It’s equally about understanding and managing the data you already hold within those walls,” said Carl D’Halluin, CTO of Datadobi, in a statement. D’Halluin went on to point out that “illegal and orphaned data are prime examples of internal vulnerabilities that often go overlooked.” How serious is the challenge? “Today, cyber threats are escalating into full-blown crises – making Cybersecurity Awareness Month more than just a gentle reminder, but a stark warning that we must urgently overhaul our digital defenses,” stated Don Boxley, CEO and co-founder of DH2i. “Gone are the days when established security measures like VPNs sufficed. Hackers are continually advancing, rendering traditional methods increasingly obsolete. Proactive security isn’t an option; it’s an absolute necessity if organizations want to survive into the future.” How important is email security? Cybersecurity Awareness Month is “a crucial period that calls for our attention on the increasing threats in the digital landscape. Among these threats, one that’s often pushed to the background but deserves center stage, is email security,” stated Seth Blank, CTO at Valimail. “The bottom line is that even if the stats have become easy to ignore – the problem is real, and one misstep can wreak havoc.” Blank added: “This Cybersecurity Awareness Month, don’t just scroll past the warnings – take them to heart. Beef up your email security, or get ready for a world of hurt. The ball is in your court, and it’s ticking.” Threats involving email include spear-phishing and whaling. Spear-phishing targets a specific group of people in an attempt to get them to click on a malicious link to steal things like login credentials. Whaling attacks target top officials, attempting to take them to a fraudulent website containing malware. So what should you do? National Cybersecurity Awareness Month is a time to reflect on all of the things that you do to keep the systems you manage and the data you need to protect secure. It’s a time to review and maybe even enhance your security practices. Some of the things you need to consider include: Researching and adopting best security practices Enforcing strong passwords and applying password aging as well as ensuring that no accounts lack passwords (user or services) Using OpenSSH server security as needed Limiting the use of sudo to tasks that require it Disabling root login (anyone who needs root privilege must login as himself) Locking accounts after several failed login attempts Using two-factor authentication whenever possible Limiting listening ports to those that are truly needed Keeping your systems up-to-date with patches and updates Verifying your firewall settings Scanning your systems for security threats Briefing workers on the security practices that they should be following Configuring disk quotas to ensure that disks do not fill to capacity Uninstalling software and tools that are no longer required Using encryption to protect sensitive data Using VPNs for remote connections Routinely backing up servers to guard against data loss Deploying security scanning tools (e.g., chkrootkit) to detect and repair vulnerabilities Staying informed – the threat landscape is constantly changing Cybersecurity apps The following tools are worth looking into. They should be both open source and free. While this list is likely incomplete, the tools described are all highly regarded. Antivirus ClamAV — https://www.clamav.net Avast antivirus — https://www.avast.com Network and server scanning Nikto – Linux Web Server Scanner — https://github.com/sullo/nikto Nmap – Linux Network Scanner — https://nmap.org W3af — Open Source Web Application Security Scanner — /https://github.com/andresriancho/w3af Rootkit and malware detection Rkhunter — Linux rootkit scanner —https://sourceforge.net/projects/rkhunter Chkrootkit — locally checks for signs of a rootkit — https://www.chkrootkit.org Linux malware detect (LMD) — malware detector —https://github.com/rfxn/linux-malware-detect Intrusion detection Snort — Linux intrusion detection — https://snort.org OSSEC — Intrusion detection —https://www.ossec.net Crowdsec — protects against attacks on any server by parsing real-time service logs — https://github.com/crowdsecurity/crowdsec Packet analyzers Wireshark – Linux Packet Analyzer — https://www.wireshark.org Vulnerability scanners Nessus Vulnerability Scanner — scans for security vulnerabilities in devices, apps and operating systems — https://www.tenable.com/downloads/nessus OpenVAS — OpenVAS, an endpoint scanning application and web application used to identify and detect vulnerabilities — https://openvas.org Security auditing Lynis – security auditing tool — https://github.com/CISOfy/lynis Penetration testing OWASP ZAP — penetration testing tool being maintained under the umbrella of The Software Security Project (SSP) — https://github.com/zaproxy/zaproxy Metasploit framework – penetration testing — https://www.metasploit.com Risk reduction Firejail — Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications, included in many Linux distributions — https://github.com/netblue30/firejail Password auditing John the Ripper – Open Source password security auditing and password recovery tool and password cracker — https://www.openwall.com/john Device identification OSQuery — uses basic SQL commands to leverage a relational data-model to describe a device. It gives access to the underlying state of an operating system — https://www.osquery.io Network defense Ettercap — Ettercap can be used by hackers to attack a network or by network administrators to defend it — https://www.ettercap-project.org Virtual Private Netwokring Proton VPN — virtual private networking — https://protonvpn.com Windscript — https://windscribe.com/?affid=y45ixar0 Wrap-up National Cybersecurity Awareness Month is a designated time to review and advance what you do to ensure your systems and your data are as secure as you can make them. Doubling down on cybersecurity every October is more than just a good idea. Detecting, fixing and monitoring potential problems is well worth the time you invest. Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to The logic of && and || on Linux These AND and OR equivalents can be used in scripts to determine next actions. By Sandra Henry-Stocker May 02, 2024 4 mins Linux how-to Using the apropos command on Linux By Sandra Henry-Stocker Apr 24, 2024 3 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe