Section 2.14 United We Fall, Divided We Stand

   


2.14 United We Fall, Divided We Stand

graphics/fourdangerlevel.gif

A system is only as secure as its weakest service. It is suggested that you divide up your services so that your less secure services such as FTP and telnet are on separate systems than your more secure and critical services such as SSH and http. Then, if a less secure and less critical service is cracked, this event should not impact your more critical services. You also can put your more confidential and critical data on a separate system than your less confidential data. Similarly, data that you might grant wider access to might be better off on a separate system so that the other systems can have more stringent firewall and TCP Wrappers rules.

It is obvious that if you use this arrangement you will want to ensure that even if the less secure systems are cracked, they will not have any special access to more secure systems. In other words, your firewalls, TCP Wrappers, alerting software, etc. running on your more secure systems should be guarding against cracker attempts launched from your less secure systems. Especially if you run a large site with high bandwidth access to the Internet (T1 or better), you also want to guard against your low security systems getting cracked and then being used to launch attacks on unrelated systems on the Internet. Thoroughly research NIS (Yellow Pages) security before considering its use.

Some suggested divisions of labor are in "Intracompany Firewalls to Contain Fires" on page 84 and "Special Techniques for Web Servers" on page 284.


       
    Top


    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    ISBN: N/A
    EAN: N/A
    Year: 2002
    Pages: 260

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net