Currently, many small and medium-sized user business development, and constantly update or upgrade network, thereby creating their own user environment larger differences, the entire network system platform, most server-side use of Linux and Unix, PC-use Windows9X/2000/XP.
So, in enterprise applications often Linux/Unix and Windows operating systems coexist to form a heterogeneous network. SMEs lack of experienced Linux network administrator and security product procurement funds, so for network security is often a headache, curing foot while foot pain, lack of a lack of comprehensive consideration. Here the author put the SME security is divided into four to propose solutions. Server security, network equipment, security, Internet security and internal network security. I. Server security: 1. turn off unused port any network connection is via an open application port. If we minimize open ports, enable network attacks into water, which greatly reduces the chances of success of the attacker. First check your inetd.conf file. Inetd will wait on certain ports, ready for you to provide the necessary services. If someone developed a special inetd daemon, here there is a security risk. You should be in the inetd.conf file, comment out those who never used services (such as echo, gopher, rsh, rlogin, rexec, ntalk, finger, etc.). Comments unless absolutely necessary, you must comment out the rexec rsh, rlogin and telnet, and recommended that you use the more secure ssh instead, and then kill lnetd process. This machine is no longer monitor your inetd daemons, thereby eliminating some people use it to steal your application port. You'd better download a port scanner to scan your system, if you find that you do not know the open port and immediately found is using its process to determine whether or not to close them. 2. remove unused packages in the system of planning, the general principle is that the service is not required, will be removed. The default Linux is a powerful system, running a lot of services. But there are many services are not needed and easily pose a security risk. This file is the/etc/inetd.conf, it has developed a service that will be listening/usr/sbin/inetd, you may only need two: telnet and FTP, and other classes such as shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, etc., unless you really want to use it, or completely closed. 3. do not set the default route in the host, you should set the default route is strictly prohibited, namely defaultroute. Recommendations for each subnet or network settings a route or other machines may access via certain ways that host 4 £ ® password management password General not less than eight characters, password composition shall take no rules of uppercase and lowercase letters, numbers, and symbols, strictly avoid the use of English words or phrases, such as setting passwords and the user password should cultivate the habit of regularly replaced. In addition, the password protection also involves/etc/passwd and/etc/shadow file protection, you must do so only the system administrator can access the 2 files. Install a password filter tool plus npasswd, can help you check your password whether or not to withstand attacks. If you have not installed this tool, it is recommended that you install now. If you are a system administrator, your system has no installed password filtering tools, please immediately check whether all the user's password can be exhaustive search, that is on your file implementation exhaustive search/ect/passwd. 5. partition management a potential attack, it first attempts to buffer overflows. In the past few years, a buffer overflow is a type of vulnerability is the most common form. More seriously, buffer overflow vulnerability accounted for the vast majority of remote network attack, the attacker can easily make an anonymous Internet users have access to a host of part or all of the control power! in order to prevent such an attack, we installed the system should be aware of. If you use root partition record data such as log files, it may cause a denial of service produced a large number of logs or spam, causing the system to crash. It is recommended for the/var partition separately opened, used for storing logs and messages to avoid root partition to be overrun. The best for the particular application to open a separate partition, especially can produce excessive log program, it is also recommended as a separate Division/home, so they can't fill the/partition, which avoids some of the Linux partition overflow against malicious attacks. 6. protection against network sniffer: sniffer technologies are widely applied in network maintenance and management, it work like a passive sonar, quietly receives read a variety of information from the network, through the analysis of these data, a network administrator can gain insight into the current running state of the network to identify vulnerabilities in the network. In the network security is increasingly noticed today we not only to the proper use of sniffer. Another reasonable precaution sniffers harm. sniffer can pose significant security risks, mainly because they are not easily found. For a safety performance requirements are very strict in the enterprise, while using the secure topology, session encryption, use the static ARP address is necessary. 7. the complete log management log file for your records into your system. When hackers to come, nor can they escape the log method. So hackers tend to attack, to modify the log file, to hide the traces.Therefore we want to restrict access to files,/var/log prohibit general permissions users view the log file. In addition, we can also install an icmp/tcp log management program, such as to observe those iplogger, suspicious of multiple connection attempts (plus icmpflood3 or similar circumstances). Also be careful some from unknown hosts to log in. Complete log management to include network data correctness, validity, and legality. On the log file analysis can also prevent intrusion. For example, a user hours of 20 times the registration failure records, most likely an intruder attempting the password for the user. 8. termination of the on-going attacks if you examine the log file, found a user from your unknown host login and you determine that a user in this host does not have an account, you may be attacked. The first thing to do is to lock the account immediately (in the password file or shadow files, this user's password with an Ib or other characters). If an attacker is already connected to the system, you should immediately disconnect from the host is a physical connection with the network. If possible, you should also further view this user's history, view other users are also being fake, attack code that you have the root privileges. Kill all processes for this user and the host's IP address mask to hosts.deny file. 9. use security tools software: Linux has some tools to protect the security of the server. If bastillelinux. For unfamiliar linux security set of users, is a set of very handy software, is aimed at bastillelinux already exists for the linux system, building a secure environment. In addition, with the emergence of Linux viruses, there are already some Linux Server antivirus software, install Linux antivirus software is very urgent. 10. use the reserved IP address:----maintaining network security is the simplest method is to ensure the network host different outside contact. The most basic method is a public network isolation. However, this is achieved through the isolation of a security policy in many cases is not acceptable. Then, use the reserved IP address is a simple and feasible method, it allows users to access the Internet while maintaining a certain degree of security. -RFC1918 provides can be used for local TCP/IP network using IP address range, these IP addresses will not be routed on the Internet, you do not have to register these addresses. By the IP address range allocated efficiently network traffic restrictions within the local network. This is a way to deny external access to your computer and allow the internal computer Internet fast and effective method. Reserved IP address range:----10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255----192.168.0.0-192.168.255.255 from reserved IP address for the network traffic will not be through the Internet router, thus reserving an IP address assigned to any computer that cannot be accessed from an external network. However, this approach also does not allow the user to access the external network. IP masquerading can solve this problem. 11. Select the release version: for servers using the Linux version, do not use the latest release version, do not select too old version. Should use a more mature version: previous products last release as Mandrake8.2Linux, etc. After all, for server security and stability are the first. 12, patch problems you should always to your installed system publishers home page looks to find the latest patches. Second, network security equipment: 1. switches enable VLAN technology of security: switch on the definition of a port VLAN, all connected to the specific port terminal is part of the virtual network, and the entire network can support multiple VLANs. VLAN through the establishment of a network firewall makes unnecessary data traffic to a minimum, to isolate individual transmission between VLAN and possible problems, greatly increasing the network throughput, reduce network latency. In the virtual network environment, you can divide the different virtual network to control in the same physical network segment of the communications between users. This effectively enables data confidential, and configure it not to trouble, a network administrator can logically reconfigure networks, rapid, simple, effectively balance the load flow, easily add, delete and modify user, without having to physically resize the network configuration. 2. the router security: security configuration under routing principles is the entire network router router of the core and heart, the protection of the router security also requires network management in the configuration and management of the router process take appropriate security measures. 1. plug security loopholes to limit physical access to the system is to ensure that the router security one of the most effective method. Restrict physical access to the system of one of the methods is the console and Terminal sessions configured in a relatively short idle time automatically exit the system. Avoid connect a modem to the router auxiliary port is also very important. Once the limit physical access to the router, the user must ensure that the router security patches are up-to-date. 2. avoid identity crisis intruder often use weak passwords or default password attacks. Longer passwords, selection of 30 to 60 days of the validity period of passwords and other measures to help prevent this type of vulnerability. In addition, once important it staff resigns, the user should immediately replace the password. The user should be enabled on the router password encryption functionality. 3. disable unnecessary services recently many security incidents are the disabled do not need the importance of local services. Note that a user's consideration is scheduled. Scheduled on the effective operation of the network is essential. Even if theThe user ensures that time synchronization during deployment, over time, the clock may gradually lose synchronization. Users can take advantage of a network
No comments:
Post a Comment