Redhat Linux Network Security
am 03.12.2007 14:34:59 von troy.john78Redhat Linux Network Security
Covering everything about security would take several volumes of
books, so we can only look
at the basics. We can take a quick look at the primary defenses you
need in order to protect
yourself from unauthorized access through telephone lines (modems), as
well as some aspects
of network connections. We won't bother with complex solutions that
are difficult to
implement because they can require a considerable amount of knowledge
and they apply only to
specific configurations.
Instead, we can look at the basic methods of buttoning up your Linux
system, most of which
are downright simple and effective. Many system administrators either
don't know what is
necessary to protect a system from unauthorized access, or they have
discounted the chances
of a break-in happening to them. It happens with alarming frequency,
so take the industry's
advice: Don't take chances. Protect your system.
Weak Passwords
Believe it or not, the most common access method of breaking into a
system through a
network, over a modem connection, or sitting in front of a terminal is
through weak
passwords. Weak (which means easily guessable) passwords are very
common. When these are
used by system users, even the best security systems can't protect
against intrusion.
If you're managing a system that has several users, you should
implement a policy requiring
users to set their passwords at regular intervals (usually six to
eight weeks is a good
idea), and to use non-English words. The best passwords are
combinations of letters and
numbers that are not in the dictionary.
Sometimes, though, having a policy against weak passwords isn't
enough. You might want to
consider forcing stronger password usage by using public domain or
commercial software that
checks potential passwords for susceptibility. These packages are
often available in source
code, so they can be compiled for Linux without a problem.
File Security
Security begins at the file permission level and should be carried out
carefully. Whether
you want to protect a file from snooping by an unauthorized invader or
another user, you
should carefully set your umask (file creation mask) to set your files
for maximum security.
Of course, this is really only important if you have more than one
user on the system or
have to consider hiding information from certain users. However, if
you are on a system with
several users, consider forcing umask settings for everyone and set
read-and-write
permissions only for the user, and no permissions for everyone else.
This is as good as you
can get with file security.
For very sensitive files (such as accounting or employee information),
consider encrypting
them with a simple utility. There are many such programs available.
Most require only a
password to trigger the encryption or decryption.
More information visit http://www.network.79br.com