Security is important on any computer network. All types of crackers are out there searching for vulnerable networks. Some look just for fun, while others break into networks with criminal purposes in mind.
This chapter starts with a general overview of the best practices associated with network security. Some of these practices require good skills with Linux, which you can learn in this book. This chapter covers encryption, firewalls, and passwords and addresses the concepts of physical security. Other important skills require good judgment, which may come only with experience.
Red Hat Linux requires authentication, not only when users log into their accounts, but also when they try to use certain commands or services. The Pluggable Authentication Module (PAM) system is dynamically configurable for any number of situations.
The firewalls that you can configure with iptables help you customize your system for every service, on every TCP/IP channel. These commands are not difficult to understand, once you know how to break them down into their component parts . And once you understand iptables , you can create the firewalls that you need ”that will protect you without denying needed services to your users.
Closely related to firewalls is masquerading , which hides the true identity of the computers on your LAN from others on the Internet. Masquerading is also a function of iptables .
Because no security system is perfect, you ll need to check for break-ins on a regular basis. Tools such as Ethereal let you check what you can see in clear text on the network. You can view log files, such as wtmp , to spot unauthorized users. Other tools, such as Tripwire, help you detect changes to critical files.
Yet it is possible to have too much security. If your users aren t following your password policies, those policies may be too difficult. If your users can t get to needed services, perhaps your firewall is too strong. Several other chapters in this book also address detailed requirements for security, from encryption to appropriate configuration of network services.