Redhat Linux Network Security
Covering everything about security would take several volumes of
books, so we can only look at the basics. We can take a quick look at
the primary defenses you need in order to protect yourself from
unauthorized access through telephone lines (modems), as well as some
aspects of network connections. We won't bother with complex solutions
that are difficult to implement because they can require a
considerable amount of knowledge and they apply only to specific
Instead, we can look at the basic methods of buttoning up your Linux
system, most of which are downright simple and effective. Many system
administrators either don't know what is necessary to protect a system
from unauthorized access, or they have discounted the chances of a
break-in happening to them. It happens with alarming frequency, so
take the industry's advice: Don't take chances. Protect your system.
Believe it or not, the most common access method of breaking into a
system through a network, over a modem connection, or sitting in front
of a terminal is through weak passwords. Weak (which means easily
guessable) passwords are very common. When these are used by system
users, even the best security systems can't protect against intrusion.
If you're managing a system that has several users, you should
implement a policy requiring users to set their passwords at regular
intervals (usually six to eight weeks is a good idea), and to use non-
English words. The best passwords are combinations of letters and
numbers that are not in the dictionary.
Sometimes, though, having a policy against weak passwords isn't
enough. You might want to consider forcing stronger password usage by
using public domain or commercial software that checks potential
passwords for susceptibility. These packages are often available in
source code, so they can be compiled for Linux without a problem.
Security begins at the file permission level and should be carried out
carefully. Whether you want to protect a file from snooping by an
unauthorized invader or another user, you should carefully set your
umask (file creation mask) to set your files for maximum security.
Of course, this is really only important if you have more than one
user on the system or have to consider hiding information from certain
users. However, if you are on a system with several users, consider
forcing umask settings for everyone and set read-and-write permissions
only for the user, and no permissions for everyone else. This is as
good as you can get with file security.
For very sensitive files (such as accounting or employee information),
consider encrypting them with a simple utility. There are many such
programs available. Most require only a password to trigger the
encryption or decryption.
More information visit http://www.network.79br.com