tags:linux workstation security
Linux Foundation through GitHub released a Linux workstation security implementations within the guidelines used by the Foundation for corporate information , including lists of hardware , before starting the execution environment , Linux versions do not , installation guidelines , after the installation of security strengthening security checklists personal workstation backup , browser, password management, secure private keys , SELinux and other categories , and describes the relevant security considerations.
Linux workstation security Checklist is classified as a major security project, for example , in the choice of workstation hardware Linux does not recommend the brand or model , but hoped that the hardware should have SecureBoot features to assist or resist Rootkits and other Evil Maid Attack . Major safety recommendations before starting the execution environment include UEFI boot mode , enter UEFI configuration must enter a password , and enable SecureBoot.
In various Linux version of choice , Linux workstation security recommends the use of the industry with a powerful version of the MAC / RBAC function , there should be security bulletin , timely provision of security patches , to provide encrypted authentication function , complete support UEFI and SecureBoot, and Full hard disk encryption support . Installation guidelines will have to use full hard disk encryption and strong passwords, confirm the switch space (swap) is encrypted , you must enter a password to edit the bootloader, the highest authority to set a strong password , use an account without permission , setting another account for general use
Backup Recommendations for individual workstations sucked encrypted workstation backup to additional storage space , other management staff also recommended using two different browsers can be used for a variety of tasks , and another to access work- related needs high security sites and recommend to Chrome to browse general content to Firefox plus a variety of plug-ins to access work-related websites.