Many new Linux network administrator, they are hard to find from point to point-and-click Security configuration interface to another based on edit complex and elusive text file interface.
This article lists the seven administrators should be able to do steps, thereby helping them to build more secure Linux server and significantly reduce the risks they face. Please any large institution's network administrator on Linux and network operating system (e.g., WindowsNT or Novell), perhaps he will admit that Linux is an inherently more stable, more scalable solution. He also acknowledged that, in protecting systems from external attacks, Linux is probably the most difficult of the three configuration system. This understanding is quite common — many new Linux network administrator, they are hard to find from point to point-and-click Security configuration interface to another based on edit complex and elusive text file interface. Most administrators to fully realize that they need to manually set up obstacles and barriers to prevent possible hackers, thereby protecting company data safe. Only they are not familiar with Linux, they do not determine their direction correctness, or where to start, this is the purpose of this article. It outlines some simple steps to help the administrator to protect the safety, Linux and significantly reduce the risks they face. This tutorial lists the seven such steps, but you can also discuss Linux manuals and found more in the forums. Protect the root account on a Linux system root account (or a superuser account) is like a Rolling Stones concert on backstage pass — it allows you to access all the content in the system. Therefore, it is worth taking extra steps to protect it. First of all, password command to the account sets a hard to guess password, and modify it, and the password should be limited to companies in several key figures (ideally, only two individuals). And then, on/etc/securetty file for editing, qualified to conduct root access Terminal. To avoid user allow root Terminal "opening up", you can set the TMOUT local variables as inactive root login sets a time; and the HISTFILESIZE local variable set to 0 to ensure that the root command history file (which might contain confidential information) is prohibited. Finally, the development of a mandatory policy that uses this account can only perform specific administrative tasks; and to prevent the user from the default service login as root. Tip: to close these loopholes, and then ask each user must set up a password for the account and to ensure that the password is not easy to identify by the revelation of the password, such as birthday, username, or dictionary to look up words. Install a firewall a firewall helps you filter packets into and out of the server, and to ensure that only those with predefined rules match the packet in order to access the system. There are many excellent for Linux firewalls and firewall code can even be compiled directly into the system kernel. Ipchains or iptables applied first command for entering or leaving the network packet defines input, output and forward rule. Based on IP addresses, network interfaces, ports, protocols, or a combination of these properties make rules. These rules also stipulate match the action (accept, reject, forward). Rule set has been completed, and then on the firewall for detailed examination to ensure that no vulnerabilities exist. Secure firewall is to protect you from distributed denial of service (DDoS) attack such common attacks in the first line of Defense. Using OpenSSH processing network service in network transmission of data security is a client-server architecture to address a key issue. If the network service as plain text, hackers can "smell" of data transmitted across the network to obtain confidential information. You can use OpenSSH for secure shell application for transfer of data to establish an "encrypted" channel, close this loophole. In this form of connection is encrypted, unauthorized users is very difficult to read in network data transmitted between hosts.
No comments:
Post a Comment