Why Security Basics Matter
Most breaches don't exploit sophisticated zero-days. They exploit missing basics: unpatched systems, weak passwords, no logging, no backups. Fix these first.
1. Centralized Logging
If you can't see what's happening, you can't respond to incidents. Every system should log to a central location.
- Use
rsyslogorjournaldto forward logs - Set up a log aggregator (Loki, Elasticsearch, or even a simple syslog server)
- Keep logs for at least 90 days
- Alert on failed logins and sudo usage
2. Automated Security Updates
Unpatched systems are the #1 attack vector. Automate updates for security patches.
- Enable
unattended-upgradeson Debian/Ubuntu - Use
dnf-automaticon RHEL/Fedora - Schedule reboots for kernel updates
- Test updates in staging first for production systems
3. Proper Backup Strategy
Backups are your last line of defense against ransomware and disasters.
- Follow the 3-2-1 rule: 3 copies, 2 different media, 1 offsite
- Test restores regularly (untested backups are not backups)
- Keep at least one backup offline or immutable
- Document your recovery procedure
4. Access Control
Limit who can do what. The principle of least privilege saves you from both accidents and attacks.
- No shared accounts - every person gets their own
- Use SSH keys, not passwords
- Implement 2FA for critical systems
- Review access quarterly and remove unused accounts
5. Network Segmentation
Don't let a breach in one system compromise everything.
- Separate public-facing services from internal systems
- Use VLANs or separate networks for different trust levels
- Firewall between segments with explicit allow rules
- Consider a VPN for internal admin access
Getting Started
You don't need to implement everything at once. Start with:
1. Week 1: Set up centralized logging
2. Week 2: Enable automated security updates
3. Week 3: Implement proper backups
4. Week 4: Review and fix access control
Each step significantly improves your security posture.