Certification Objective 10.02: Basic Host Security

 < Day Day Up > 

A network is only as secure as the most open system in that network. Although no system can be 100 percent secure, you can follow certain basic host measures to enhance the security on any given system and, consequently, your network. When devising security measures, you have to plan for two types of security violations: user accidents and break-ins.

Accidents happen because users lack adequate training or are unwilling to follow procedures. If security is too burdensome, productivity may suffer, and your users will try to get around your rules. Password security falls into this category.

When a cracker breaks into your system, some crackers may be looking for secrets such as credit card information. Others may just want to bring down your system. You can do several things to keep your network secure. Monitor Red Hat errata for the latest issues. With the up2date tool, you can keep your Red Hat system updated with the latest packages.

As you'll see later in this chapter, you can manage your computer's response to certain requests through the /etc/hosts.allow and /etc/hosts.deny files. You can set up protection within the kernel through firewalls based on iptables or ipchains. One simple way to promote security is to uninstall as many network access programs as possible.

Exam Watch 

While this section does not directly relate to Red Hat exam requirements, it is fundamental to the way you secure your system and network. I believe that anyone who wants to be an RHCE should be already following the principles described in this section.

Password Security

Good password security is important. Good passwords include a combination of letters, numbers, and even punctuation that isn't easily guessed. Good password security requires users to change their password on a regular basis.

Exam Watch 

On the Red Hat exams, follow the instructions carefully for any users and passwords. You do want to make sure that the person grading your exam can get into your accounts!

Password security also means disabling or deleting unused accounts. These accounts are a common way for a cracker to try to break into your system.

You can also check system log files for suspicious activity. Login records are kept in a database in /var/log/wtmp. While you can't read this file directly, you can use the utmpdump command to make this file readable. For example, the utmpdump /var/log/wtmp command lists recent login activity. Take a look at Figure 10-2. Note the login from IP address If you don't have any users from a computer with that IP address, you have a reason for concern.

click to expand
Figure 10-2: Suspicious login activity

Security Updates

Another step you can take to keep your RHEL 3 system secure is to install the latest errata releases from Red Hat. These contain patches or fixes for problems in applications or the operating system that could result in security violations. A list of the latest errata is available as of this writing at www.redhat.com/apps/support/errata.

Red Hat provides a built-in service to check for updates called up2date that you can configure if your computer is directly connected to the Internet. Just run up2date from a command line in the X Window of your choice. If you haven't already done so, you'll need to register the settings on your computer. Then follow the prompts; up2date connects to rhn.redhat.com for updates. With Red Hat Enterprise Linux 3, this assumes you've already configured your system for updates through rhn.redhat.com.

Delete Extra Services

One simple way to promote security on your system is to delete the packages associated with network services that you aren't going to use. For example, a cracker can't use Samba to break into your system if the Windows File Server package group is not installed. Any firewall or other configuration that you may add to the service still means that you are theoretically vulnerable to an attack through that service. If you're not going to use a network service, you may want to remove the associated RPM packages.

To review currently installed network services, check the /etc/xinetd.d and /etc/rc.d/init.d directories.

 < Day Day Up > 

RCHE Red Hat Certified Engineer Linux Study Guide[c] Exam (Rh302)
RCHE Red Hat Certified Engineer Linux Study Guide[c] Exam (Rh302)
ISBN: 71765654
Year: 2003
Pages: 194

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net