2.2 NETWORK SECURITY

Previous page
Table of content
Next page

2.2 NETWORK SECURITY

There are several kernel options in Red Hat Linux that can be configured to increase the overall network security. Beginning with version 7.0, the kernel can be modified by editing /etc/sysctl.conf and making any necessary changes. This file is loaded whenever the server reboots or an administrator manually restarts the network services. As with any changes to the system, it is highly recommended to make a backup of this file before proceeding with the changes listed below.

2.2.1 Network Parameter Modifications

Edit /etc/sysctl.conf to reflect the following changes: 

 net.ipv4.ip_forward = 0     net.ipv4.conf.all.accept_source_route = 0     net.ipv4.tcp_max_syn_backlog = 4096     net.ipv4.conf.all.rp_filter = 1     net.ipv4.tcp_syncookies = 1     net.ipv4.conf.all.send_redirects = 0     net.ipv4.conf.all.accept_redirects = 0     net.ipv4.conf.default.accept_redirects = 0

Save changes to /etc/sysctl.conf and perform the following functions: 

 [root] # chown root:root /etc/sysctl.conf     [root] # chmod 0600 /etc/sysctl.conf     [root] # /etc/rc.d/init.d/network restart

Brief examples of the changes made are outlined below. The appendix contains URLs that can be used to gain a further understanding of these defined parameters.

  • net.ipv4.ip_forward = 0 “ This parameter disables IP Forwarding. NOTE: IP Forwarding should be enabled (net.ipv4.ip_forward = 1) if the server will be acting as a gateway or router.

  • net.ipv4.conf.all.accept_source_route = 0 “ This parameter disables IP Source Routing.

  • net.ipv4.tcp_max_syn_backlog = 4096 “ This parameter enables SYN flood protection.

  • net.ipv4.conf.all.rp_filter = 1 “ This parameter enables IP Spoofing protection.

  • net.ipv4.tcp_syncookies = 1 “ This parameter enables TCP SYN Flood protection.

  • net.ipv4.conf.all.send_redirects = 0 “ This parameter disables the ability to send ICMP Redirects.

  • net.ipv4.conf.all.accept_redirects = 0 “ This parameter disables ICMP Redirect acceptance.

  • net.ipv4.conf.default.accept_redirects = 0 “ This is another parameter that disables ICMP Redirect acceptance.

2.2.2 Advanced Firewall Configuration

It is highly recommended to use IPTABLES for any type of advanced firewall configuration. Your particular needs will vary depending on your network and the types of services you want to have open . Providing examples for every scenario you may encounter is beyond the scope of this guide, but a few examples are provided in Appendix B. In addition, please utilize the sites listed below for a better understanding of IPTABLES and how it can be of benefit to you:

  • http://www.iptables.org

  • http://www.linux-firewall-tools.com/

  • http://firestarter. sourceforge .net/

  • http://www.fwbuilder.org/

  • http://www.stearns.org/mason



Previous page
Table of content
Next page
Securing Linux. A Survival Guide for Linux Security
Securing Linux: A Survival Guide for Linux Security (Version 2.0)
ISBN: 0974372773
EAN: 2147483647
Year: 2002
Pages: 39
Authors: David Koconis, Jim Murray, Jos Purvis, Darrin Wassom
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
SQL Hacks
Introduction to 80x86 Assembly Language and Computer Architecture
101 Microsoft Visual Basic .NET Applications
Programming Microsoft ASP.NET 3.5
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy