Security is a system administrator, one of the main issues of concern, however, because of the danger caused by intrusion into the internet become more and more high.
According to statistics, the number of users if you join, the number of hackers increases. Consequently, the security tools an exponential increase. would like to thank once again free software community, because they provide us with we can see the best tools and extensive documentation. At the end of the section of this article references area you will find many interesting joins, obviously, this article is to be mentioned without omission, I mentioned I picked some good tools. This article was not written for the individual user, also is to system administrators, although some tools designed to protect hosts and improve network security specifically designed. most tools can work in many UNIX (if not all, of UNIX), regardless of the unix is commercial or free. Finally, this article is an article entitled "how to make your network or host security" article, which is about what you can (must) use to improve the security of a network or machine tools of introduction. General tools let us put this section referred to as "white hat protection Red Hat, repel Black Hat tool (toolsforwhitehatstoprotectredhatfromblackhats):-). most Linux distributions (not just the redhat) are guaranteed with some good security tools, they are used to make your machine more secure. In these tools, we can count out PAM, TCPWrapper, shadow password tool, and so on, because they are part of the release, you can find on their many things: HOWTO, man man, so we do not want their body of too much time. Let us start from the shadow password tool, simply put, they allow password encryption, file is the file/etc/shadow/etc/passwd instead. More than a shadow password tool is fine, just like the name PAM has said, this is another authentication method that is used to configure access control on the service. You can define the number of documents, so many restrictions can easily manage these files are usually placed in the/etc/pam.d directory. TCPWrapper, put simply, by ip address or hostname to limit service access-rely on the two files have decided to allow access or deny access, the two files is/etc/host.allow and/etc/host.deny TCPWrapper can be configured for two working mode: the process by running the caretaker, or modify/etc/inetd.conf file if your unix system does not contain the TCPWrapper, you can get it from ftp://ftp.porcupine.org/pub/security/. Now, I will tell you why I am not introduce these tools mentioned above, because there is a tool you can complete all of the features on the service, this is Bastille-Linux, if you only want to install a security tool, install it, the current common linux version also does not include it, but you can download the http://bastille-linux.sourceforge.net Web site. By the way, we will not be in this article describes Bastille-Linux, doing nothing, because my colleagues in September LinuxFocus has a very good article has been introduced it has introduced he everything. go take a look, let us put Bastille-Linux join your life indispensable tool! Another commonly used to increase security tools is xinetd, it exists in http://www.xinetd.org, sorry, I do not intend to introduce it, also because my colleagues in the LinuxFocus November on finished this work. Now, let's take a look at some special things. Second, the firewall tools free software Linux with your machine into the firewall software .2.2 kernel is iptables, while 2.0 kernel is ipfwadm. for iptables or ipfwadm work, the kernel must be compiled correctly select the options on this issue, in addition to the HOWTOS, there are many more related articles, therefore, as I do not intend to raise. Simply put, we can put the firewall as a packet filtering tool, the most important part of the work is concerned about the firewall configuration, similarly, an improperly configured firewall can become very dangerous. However, a firewall is important. For example, Bastille-Linux can give you provide an ipchains firewall. If you visit http://www.linuxapps.com, and the search area, type "firewall", at least you can get answers to more than 40-many of which are based on ipchains or ipfwadm management graphical interface, also some really great tool, contains a lot of features, for example, like T.REX, http://www.opensourcefirewall.com tool is such a thing. remind once a firewall in a network is indispensable, but network security cannot only rely on it, tell you that a hacker can break it within 15 minutes. 3. port scanning here we reach the heart of the problem, this idea is: like a hacker to do so, use the same tools to monitor your machine or network weaknesses is located. In this area, we can in two well-Great tool, but also on the benefit of other more. The first is called nmap, you can download from http://www.insecure.org, while much of the information and links, and so on. Use nmap you can check your network or machine which ports are open. of course, you can use other commands to do this, for example lsof or netstat, but you can test your own machine. obvious, nmap, of course, you can check your own machine. Nmap can provide you lots of information, for example, it can tell you are running the operating system, notify you of the danger of an open port, finally, at least, nmap is fairly easy use. Nmap is running under the shell, or by a man called nmapfe graphical interface to run the graphical interface is based on the gtk library, the current version of nmap is 2.53, it can run on many UNIX platforms, providing the original code, RPM package, with or without a graphical interface. Nmap is a system management will not indispensable tool. I would like to thank Mr. Fyodor, and congratulated his great work.
No comments:
Post a Comment