Exam 14: Troubleshooting, Performance, and Security

Correct Answer:

Verified

One of the most important security-related practices is to limit access to the physical Linux computer itself. If a malicious user has access to the Linux computer, that user could boot the computer using a floppy disk, USB flash drive, CD, or DVD that contains a small operating system and use it to access files on the partitions on the hard disk of the Linux computer without having to log in to the operating system installed on the hard disk. To prevent this, you should lock important computers, such as Linux servers, in a specific room to which only Linux administrators or trusted users have key access. This room is commonly called a server closet. Unfortunately, some Linux computers, such as Linux workstations, must be located in public areas. For these computers, you should remove the floppy, CD, and DVD drives from the computer. In addition, you should ensure that the boot order listed in the computer BIOS prevents booting from the USB ports, as well as ensure that a system BIOS password is set to prevent other users from changing the boot order.
Another important security consideration for Linux computers is to limit access to graphical desktops and shells. If you walk away from your workstation for a few minutes and leave yourself logged in to the system, another person can use your computer while you are away. To avoid such security breaches, it is good security practice to lock your desktop environment or exit your command-line shell before leaving the computer.
Both the GNOME and KDE desktop environments allow you to lock your screen. For the GNOME desktop, you can click the System menu and choose Lock Screen. To use your desktop again, you need to enter your password.