How hackers use Linux

Detect hacker attacks on Linux

A modern server operating system, a well-configured firewall and an administrator who regularly scans the log files - they are considered a guarantee for a secure local network.

But to say it in advance: An absolutely secure system would be in a locked room at Fort Knox and would not have access to the Internet. In other words, no system or network is completely secure. Therefore, paranoia is the best strategy:

  • First, make a system as secure as possible.

  • However, do not trust your security measures, but instead continue to assume the "worst case" - the successful hacker break-in.

Why this paranoia? It's simple: not everything is within your sphere of influence. Weaknesses or bugs in the software used and the ingenuity of hackers can lead to a break-in, no matter how good a security strategy and perfect configuration.

If there is a risk that hacking attacks could be successful, one should think about how to detect them. Nothing is worse than a successful attack that is noticed too late or not at all. The attacker could make changes to files and configurations and then blur them. Finding such changes is like looking for a needle in a haystack.

Quite apart from that, a hacker will use the boarded system as a platform for attacks on other systems. The "captured" server then acts as the "attacking" host. Image damage and the warning costs are often much higher than the direct damage on the server. An administrator quickly finds himself in need of an explanation if he cannot provide a plausible reason for a hacker to stay in the system for several weeks.