External security can be split into two categories: intrusion
prevention and intrusion detection. Intrusion prevention measures are
taken to prevent unauthorized access to a system. If these measures fail,
intrusion detection may prove useful in determining when unauthorized
access has occurred, and what damage has been done.
A full Linux installation is a large and complex system. It's
difficult to keep track of everything that's installed, and even harder to
configure each package's security features. The problem becomes simpler
when fewer packages are installed. A first step to intrusion prevention
is to remove packages you don't need. Take a look back at Part 4 of the LPI 101 series for a review of packaging systems.