Securing Network Services

Previous page
Table of content
Next page

SUSE Linux uses xinetd, the eXtended Internet Services Daemon, to secure network services and keep the bad guys out.

xinetd is a more secure version of the original Internet Services Daemon, inetd. It is designed in particular to protect your network from denial of service (DoS) attacks. A DoS attack occurs when someone tries to saturate a server's resources with repeated requests for services. You can limit the number of incoming connections with xinetd to something manageable.

To configure xinetd, go to the YaST Network Services page and select the xinetd module. YaST is actually reading from and writing to the /etc/xinetd.conf configuration file. Here you can set up your access control lists to allow (or deny) particular IP addresses and domain names from making requests on your network.

You can also restrict access to only some services with xinetd.

As an administrator, you should always know the services that you are offering the reason for such. Security on a server and security on a workstation are often approached from two different angles this need not be the case, but it does provide two opposing views of how to approach the issue.

On a server, often all services are turned off and then only the ones that are needed are turned on. For example, as the server needs to host a web, appropriate services for that are turned on. If someone balks that they cannot access something they have a legitimate need to, and it is ascertained that they should be able to do so, then the appropriate services for that are turned on as well. Services are enabled one at a time as needed until it is known exactly what the server needs and this becomes the set of offerings.

With a workstation, often you start with a host of services enabled. You then start turning them off one a time until you get to the point where you are unable to do a task and enable the one in question once more.

Both approaches work and are useful in different scenarios. The key to both is careful research and good documentation.


Previous page
Table of content
Next page
SUSE Linux 10 Unleashed
SUSE Linux 10.0 Unleashed
ISBN: 0672327260
EAN: 2147483647
Year: 2003
Pages: 332
Authors: Mike McCallister
BUY ON AMAZON
Systematic Software Testing (Artech House Computer Library)
C++ GUI Programming with Qt 3
Managing Enterprise Systems with the Windows Script Host
Visual C# 2005 How to Program (2nd Edition)
Data Structures and Algorithms in Java
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy