Chapter 22. General System Security


Linux is an extremely powerful OS for many networking functions. Unfortunately, with that power comes at least the potential for vulnerability. Most major servers have a history of bugs that allow outsiders to gain access, and even those that are without bugs may be vulnerable to abuse if an intruder has obtained a password or if the server is misconfigured. Keeping your system secure is therefore a topic that deserves careful attention; you must configure your system to be as secure as possible, and monitor security developments to ensure that you don't fall victim to a newly discovered security vulnerability.

This chapter begins an investigation of security issues with information on shutting down unnecessary servers, controlling accounts and passwords, keeping your system up to date, checking for evidence of intrusion, and locating additional security information. Some subsequent chapters expand on specific security topics. In particular, Chapter 24, Configuring a chroot Jail, describes a technique that's used by some servers to minimize the risk involved in running a server; Chapter 25, Configuring iptables, describes the Linux packet filter tool that's used to set up firewalls; and Chapter 26, Using a VPN, describes a method of extending a local network across the Internet in an encrypted fashion.

In addition to the security resources described in the upcoming section, "Keeping Abreast of Security Developments," you may want to read a book dedicated to security issues. Examples include Mann and Mitchell's Linux System Security: The Administrator's Guide to Open Source Security Tools (Prentice Hall, 1999) and Garfinkel and Spafford's Practical UNIX & Internet Security, 2nd Edition (O'Reilly, 1996). There are also books dedicated to firewalls, such as Constaintine & Ziegler's Linux Firewalls (New Riders, 2001). If your network includes non-Linux systems, you might want to consider a book with broader scope, such as McClure, Scambray, and Kurtz's Hacking Exposed, 3rd Edition (McGraw-Hill, 2001).



Advanced Linux Networking
Advanced Linux Networking
ISBN: 0201774232
EAN: 2147483647
Year: 2002
Pages: 203

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net