Posted by troy.john78 on 12/03/07 13:34

Redhat Linux Network Security

Covering everything about security would take several volumes of
books, so we can only look

at the basics. We can take a quick look at the primary defenses you
need in order to protect

yourself from unauthorized access through telephone lines (modems), as
well as some aspects

of network connections. We won't bother with complex solutions that
are difficult to

implement because they can require a considerable amount of knowledge
and they apply only to

specific configurations.

Instead, we can look at the basic methods of buttoning up your Linux
system, most of which

are downright simple and effective. Many system administrators either
don't know what is

necessary to protect a system from unauthorized access, or they have
discounted the chances

of a break-in happening to them. It happens with alarming frequency,
so take the industry's

advice: Don't take chances. Protect your system.

Weak Passwords

Believe it or not, the most common access method of breaking into a
system through a

network, over a modem connection, or sitting in front of a terminal is
through weak

passwords. Weak (which means easily guessable) passwords are very
common. When these are

used by system users, even the best security systems can't protect
against intrusion.

If you're managing a system that has several users, you should
implement a policy requiring

users to set their passwords at regular intervals (usually six to
eight weeks is a good

idea), and to use non-English words. The best passwords are
combinations of letters and

numbers that are not in the dictionary.

Sometimes, though, having a policy against weak passwords isn't
enough. You might want to

consider forcing stronger password usage by using public domain or
commercial software that

checks potential passwords for susceptibility. These packages are
often available in source

code, so they can be compiled for Linux without a problem.


File Security

Security begins at the file permission level and should be carried out
carefully. Whether

you want to protect a file from snooping by an unauthorized invader or
another user, you

should carefully set your umask (file creation mask) to set your files
for maximum security.

Of course, this is really only important if you have more than one
user on the system or

have to consider hiding information from certain users. However, if
you are on a system with

several users, consider forcing umask settings for everyone and set
read-and-write

permissions only for the user, and no permissions for everyone else.
This is as good as you

can get with file security.

For very sensitive files (such as accounting or employee information),
consider encrypting

them with a simple utility. There are many such programs available.
Most require only a

password to trigger the encryption or decryption.

More information visit http://www.network.79br.com

[Back to original message]