Linux security may seem daunting, but there are a host of best practices to simplify the maze. Recently, Steve Grubb of Red Hat Inc. outlined some important security principles, including minimizing admin access, the increasing sophistication of SELinux and the importance of auditing systems.

Where should IT managers focus attention, and what are more casual concerns?

I think [the priority list] flows like this: You need a good, secure configuration. If that's done and deployed, you focus on understanding updates to programs. In other words, you want to look at all package updates and know what was fixed and if you need to update for it. Aside from that you need a good monitoring technique to ensure the systems you so carefully configured stay that way. Having a good handle on monitoring the security events being generated is one of the more important things to do assuming that a system is properly configured. You need to understand what's recorded in the security logs so that one day, when something odd shows up, you can spot it immediately.

What is the most immediate threat to system security in business settings?

It all depends on risks. If they have lots of non-Linux machines that users or malware can install programs on, they need to address that issue. If, on the other hand, users are confined to where they can't install apps, I would look at ensuring that machines stay in configuration.

More here