Beyond Protecting Root

Many users put most of their security emphasis in restricting the number of users that can gain root access on their system. While this is obviously a very good and an important first step, much more must be done to make a system secure. For one thing, security is only one part of the larger issue of system stability. Security issues are often intertwined with larger points of stability, and a successful system balances methods and tools used for security protection with an awareness of alternate ways in which similar damage can be inflicted.

First of all, if your system is used by multiple users and those users change, be sure to delete the accounts of old users immediately after those accounts are no longer being used. Better still, develop a clear and concise checklist of items that must be done when a user account or group is no longer required.

Limit physical access to your system. If you have valuable files on your secure system, someone looking to access them may find that this job is easier if they can walk off with the hard drive and try to get in at their own pace. Things can be made much harder for an attacker if they are kept unaware of the physical aspects of a machine they wish to compromise.

Above all, think beyond the most basic ways to get around your security methods. Consider that you shouldn't protect one possible way to access the system only to leave another avenue far more susceptible. Of course, how you go about doing this is dependent on you or your users' needs. Just be sure not to focus too much on one way in which your system can be attacked.