Security & Ethics: Installation and First Steps

19 September 2025
Özet: This article explains how to set up a system based on security and ethical principles. It provides step-by-step security measures, practical CLI commands, configuration files, and real-world scenarios.
Security & Ethics: Installation and First Steps

Introduction

In modern information technology, security and ethics are not just technical requirements but also critical elements of corporate reputation, user trust, and legal compliance.
In this article, within the framework of security and ethics, we will:

  • Implement basic security measures,
  • Discuss ethical data management,
  • Learn from real-world breaches,
  • Apply best practices using CLI commands and config files.

Prerequisites

Before you begin, you will need:

  • A Linux-based system (Ubuntu 22.04 recommended)
  • Root or sudo privileges
  • Basic networking knowledge (IP address, ports)
  • Familiarity with security tools (nmap, openssl, ufw)

Step 1 – Basic Security Setup

1.1 Strong Password Policies

Passwords are the first line of defense. Requirements include:

  • At least 12 characters
  • Combination of upper/lowercase, numbers, and symbols
  • Avoid reuse of old passwords

Set password policy in Linux: 

sudo apt install libpam-pwquality -y
sudo nano /etc/security/pwquality.conf

Content: 

minlen = 12
dcredit = -1
ucredit = -1
ocredit = -1
lcredit = -1

1.2 SSH Hardening

Default SSH settings are vulnerable. Modify /etc/ssh/sshd_config: 

Port 2222
PermitRootLogin no
PasswordAuthentication no

Restart SSH service: 

sudo systemctl restart sshd

1.3 Firewall Setup (UFW)

sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp
sudo ufw enable
sudo ufw status verbose

Step 2 – Ethical Principles and Data Privacy

2.1 Privacy by Design

Regulations like GDPR and CCPA enforce a “privacy by design” approach. Applications should minimize data collection from the start.

2.2 Encrypting User Data

# Encrypt a file
openssl enc -aes-256-cbc -salt -in data.txt -out data.enc

# Decrypt a file
openssl enc -d -aes-256-cbc -in data.enc -out data.txt

2.3 Ethical Scenarios

  • Collecting data without explicit consent is unethical.
  • “Opt-in by default” is considered a violation of user trust.

Step 3 – Monitoring and Auditing

3.1 Using Auditd

Auditd records system calls for forensic analysis. 

sudo apt install auditd -y
sudo systemctl enable auditd
sudo auditctl -w /etc/passwd -p war -k passwd_changes

View logs: 

ausearch -k passwd_changes

3.2 Centralized Logging with Syslog

sudo nano /etc/rsyslog.conf
*.* @@192.168.1.100:514
sudo systemctl restart rsyslog

Step 4 – Security Tools and Tests

4.1 Network Scanning with Nmap

nmap -sV -p 1-65535 192.168.1.10

4.2 Web Security Testing with Nikto

nikto -h http://example.com

4.3 Preventing Brute-Force with Fail2ban

sudo apt install fail2ban -y
sudo systemctl enable fail2ban

Configuration: /etc/fail2ban/jail.local 

[sshd]
enabled = true
port = 2222
filter = sshd
maxretry = 5

Step 5 – Ethical Hacking and Penetration Testing

5.1 Stages of a Penetration Test

  1. Reconnaissance
  2. Scanning
  3. Exploitation
  4. Persistence
  5. Covering Tracks

5.2 Common Tools

  • Metasploit
  • Burp Suite
  • Aircrack-ng

Conclusion

In this article, we combined security and ethics to:

  • Configure Linux system security,
  • Apply ethical data management,
  • Implement monitoring and auditing,
  • Explore real-world tools and practices.
Makale Sayfasına Dön