|< Day Day Up >|| |
I divide network security in Linux into four basic categories. Security by computer can help you manage what computers can send messages into and out of your network. Security by port can help you manage the services that others can use to break into your network. Security by address translation can help you hide the computers inside your network. And finally, security by rule can help you manage the type of data allowed into your network in excruciating detail. Red Hat Enterprise Linux includes two different tools to help you configure a firewall on your computer, lokkit and redhat-config-securitylevel (also known as the Red Hat Firewall Configuration tool). Security issues are discussed in more detail in Chapter 10.
The /etc/hosts.allow and /etc/hosts.deny files can help you manage what computers are allowed into your network. You can specify computers by name, IP address, network, or domain name in each file. This can help you limit access to a trusted few computers such as those within your company, or it can protect you from computers that you know may pose a problem.
TCP/IP has 65,536 ports, which work sort of like TV channels. If you leave all ports open, you're leaving a lot of options for a cracker who wants to break into your network. With a firewall, you can create a solid barrier and then open only the ports that you need.
Most LAN administrators set up Network Address Translation (NAT) as a matter of course on an IPv4 network. Since IPv4 addresses are scarce, it is typical to use private IP addresses inside a LAN, with a regular IP address only on the gateway computer that is directly connected to an outside network such as the Internet.
For example, when a computer inside a LAN wants access to a Web page, NAT sends the IP address of the gateway to the Internet. Nobody outside the LAN need know the real source of the Web page request.
There are two basic services for filtering information in and out of a network, based on the ipchains and iptables commands. Red Hat has recently implemented iptables as the firewall tool of choice in RHEL 3. Once you've configured a firewall and loaded it, the rules are stored in the /etc/sysconfig/iptables file.
The iptables command has three basic ways to look at a data packet: input, output, or forward. Within these and other parameters, you can set up your firewall with instructions to let the packet pass, let it drop, or direct it someplace else.
iptables is covered in more detail in Chapter 10.
|< Day Day Up >|| |