Currently, many small and medium-sized user business development, and constantly update or upgrade network, thereby creating their own user environment larger differences, the entire network system platform, most server-side use of Linux and Unix, PC-use Windows9X/2000/XP so often in the enterprise application is Linux/Unix and Windows operating systems coexist to form a heterogeneous network.
SMEs lack of experienced Linux network administrator and security product procurement funds, so for network security is often a headache, curing foot while foot pain, lack of a lack of comprehensive consideration. Here the author put the SME security is divided into four to propose solutions. Server security, network equipment, security, Internet security and internal network security. I. Server security: 1. turn off unused port any network connection is via an open application port. If we minimize open ports, enable network attacks into water, which greatly reduces the chances of success of the attacker. First check your inetd.conf file. Inetd will wait on certain ports, ready for you to provide the necessary services. If someone developed a special inetd daemon, here there is a security risk. You should be in the inetd.conf file, comment out those who never used services (such as echo, gopher, rsh, rlogin, rexec, ntalk, finger, etc.). Comments unless absolutely necessary, you must comment out the rexec rsh, rlogin and telnet, and recommended that you use the more secure ssh instead, and then kill lnetd process. This machine is no longer monitor your inetd daemons, thereby eliminating some people use it to steal your application port. You'd better download a port scanner to scan your system, if you find that you do not know the open port and immediately found is using its process to determine whether or not to close them. 2. remove unused packages in the system of planning, the general principle is that the service is not required, will be removed. The default Linux is a powerful system, running a lot of services. But there are many services are not needed and easily pose a security risk. This file is the/etc/inetd.conf, it has developed a service that will be listening/usr/sbin/inetd, you may only need two: telnet and FTP, and other classes such as shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, etc., unless you really want to use it, or completely closed. 3. do not set the default route in the host, you should set the default route is strictly prohibited, namely defaultroute. recommendation for a subnet or network settings a route or other machines may access via certain ways that host 4. password management password generally not less than eight characters, password composition shall take no rules of uppercase and lowercase letters, numbers, and symbols, strictly avoid the use of English words or phrases, such as setting passwords and the user password should cultivate the habit of regularly replaced. In addition, the password protection also involves/etc/passwd and/etc/shadow file protection, you must do so only the system administrator can access the 2 files. Install a password filter tool plus npasswd, can help you check your password whether or not to withstand attacks. If you have not installed this tool, it is recommended that you install now. If you are a system administrator, your system has no installed password filtering tools, please immediately check whether all the user's password can be exhaustive search, that is on your file implementation exhaustive search/ect/passwd. 5. partition management a potential attack, it first attempts to buffer overflows. In the past few years, a buffer overflow is a type of vulnerability is the most common form. More seriously, buffer overflow vulnerability accounted for the vast majority of remote network attack, the attacker can easily make an anonymous Internet users have access to a host of part or all of the control power! in order to prevent such an attack, we installed the system should be aware of. If you use root partition record data such as log files, it may cause a denial of service produced a large number of logs or spam, causing the system to crash. It is recommended for the/var partition separately opened, used for storing logs and messages to avoid root partition to be overrun. The best for the particular application to open a separate partition, especially can produce excessive log program, it is also recommended as a separate Division/home, so they can't fill the/partition, which avoids some of the Linux partition overflow against malicious attacks. 6. protection against network sniffer: sniffer technologies are widely applied in network maintenance and management, it work like a passive sonar, quietly receives read a variety of information from the network, through the analysis of these data, a network administrator can gain insight into the current running state of the network to identify vulnerabilities in the network. In the network security is increasingly aware of today. Not only do we have to correctly use a sniffer. Also reasonable precaution sniffer. Sniffer can lead to significant security risks, mainly because they are not easily found. For a safety performance requirements are very strict in the enterprise, while using the secure topology, session encryption, use the static ARP address is necessary. 7. the complete log management log file for your records into your system. When hackers to come, nor can they escape the log method. So hackers tend to attack, to modify the log file, to hide the traces. Therefore we want to restrict access to files,/var/log prohibit general permissions users view the log file. In addition, we can also install aA icmp/tcp log management program, such as to observe those iplogger, suspicious of multiple connection attempts (plus some icmpflood3 or similar circumstances). Also be careful some from unknown hosts to log in. Complete log management to include network data correctness, validity, and legality. On the log file analysis can also prevent intrusion. For example, a user hours of 20 times the registration failure records, most likely an intruder attempting the password for the user. 8. termination of the on-going attacks if you examine the log file, found a user from your unknown host login and you determine that a user in this host does not have an account, you may be attacked. The first thing to do is to lock the account immediately (in the password file or shadow files, this user's password with an Ib or other characters). If an attacker is already connected to the system, you should immediately disconnect from the host is a physical connection with the network. If possible, you should also further view this user's history, view other users are also being fake, attack code that you have the root privileges. Kill all processes for this user and the host's IP address mask to hosts.deny file. 9. use security tools software: Linux has some tools to protect the security of the server. If bastillelinux. for unfamiliar linux security set of users, is a set of very handy software, is aimed at bastillelinux already exists for the linux system, building a secure environment. In addition, with the emergence of Linux viruses, there are already some Linux Server antivirus software, install Linux antivirus software is very urgent. 10. use the reserved IP address: maintaining network security is the simplest method is to ensure the network host different outside contact. The most basic method is a public network isolation. However, this is achieved through the isolation of a security policy in many cases is not acceptable. Then, use the reserved IP address is a simple and feasible method, it allows users to access the Internet while maintaining a certain degree of security. -RFC1918 provides can be used for local TCP/IP network using IP address range, these IP addresses will not be routed on the Internet, you do not have to register these addresses. By the IP address range allocated efficiently network traffic restrictions within the local network. This is a way to deny external access to your computer and allow the internal computer Internet fast and effective method. Reserved IP address range:----10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255 192.168.0.0-— —-192.168.255.255 from reserved IP address for the network traffic will not be through the Internet router, thus reserving an IP address assigned to any computer that cannot be accessed from an external network. However, this approach also does not allow the user to access the external network. IP masquerading can solve this problem. 11. Select the release version: for servers using the Linux version, do not use the latest release version, do not select too old version. Should use a more mature version: previous products last release as Mandrake8.2Linux, etc. After all, for server security and stability are the first. 12, patch problems you should always to your installed system publishers home page looks to find the latest patches.
No comments:
Post a Comment