Part III. Applied Theory
Prev   Next

Applied Theory

Security And Network Issues

Up until now in this manual, you have been reading very practical information. You should be able to efficiently configure your server and be happy with it by now.

However, all that is just a glimpse of your Mandrake Linux system's possibilities. In order to dig in a little deeper, we chose to add two chapters to complete your Mandrake Linux knowledge:

  • Chapter 10: this is a must read for any system administrator. Even though you can make your Mandrake Linux system quite secure with default tools, efficient security can only be achieved through active administration, taking care of both physical and logical global system security;

  • Chapter 11: a server is meant to bring services to a network. This manual would have been incomplete without a chapter dedicated to networking. The configuration of the network itself and the different protocols are tackled.

Table of Contents

10. Security Under GNU/Linux
Preamble
Copyright Information
Introduction
Overview
Why Do we Need Security?
How Secure Is Secure?
What Are You Trying to Protect?
Developing a Security Policy
Means of Securing your Site
Organization of This Chapter
Physical Security
Computer Locks
BIOS Security
OpenBoot Security
Boot Loader Security
xlock and vlock
Security of Local Devices
Detecting Physical Security Compromises
Local Security
Creating New Accounts
Root Security
Files and File-System Security
umask Settings
File Permissions
Integrity Checking
Trojan Horses
Password Security and Encryption
PGP And Public-Key Cryptography
SSL, S-HTTP and S/MIME
IPSEC Implementations
ssh (Secure SHell) And stelnet
PAM - Pluggable Authentication Modules
Cryptographic IP Encapsulation (CIPE)
Kerberos
Crack and John the Ripper
CFS – Cryptographic File System And TCFS – Transparent Cryptographic File System
X11, SVGA And Display Security
Kernel Security
Kernel Compile Options
Kernel Devices
Network Security
Packet Sniffers
System Services and tcp_wrappers
Verify Your DNS Information
identd
Configuring And Securing The Postfix MTA
SATAN, ISS, And Other Network Scanners
Sendmail, qmail and MTA's
Denial of Service (DoS) Attacks
NFS (Network File System) Security
NIS (Network Information Service)
Firewalls
IP Chains – GNU/Linux Kernel 2.2.x Firewalling
Netfilter – Linux Kernel 2.4.x Firewalling
VPNs – Virtual Private Networks
Security Preparation (Before You Go On-Line)
Make a Full Backup of Your Computer
Choosing a Good Backup Schedule
Testing Your Backups
Backup Your RPM File Database
Keep Track of your System Accounting Data
Apply All New System Updates
What to Do During and After a Breaking
Security Compromise Underway
Security Compromise Has Already Happened
Security Sources
LinuxSecurity.com References
FTP Sites
Web Sites
Mailing Lists
Books – Printed Reading Material
Frequently Asked Questions
Conclusion
11. Networking Overview
Copyright
How to Use this Chapter
Conventions Used in this Document
General Information about Linux Networking
Linux Networking Resources
Where to Get some non Linux-Specific Network Information
Generic Network Configuration Information
What Do I Need to Start?
Routing
Ethernet Information
Supported Ethernet Cards
General Ethernet Information
Using 2 or More Ethernet Cards in The Same Machine
IP-Related Information
DNS
DHCP And DHCPD
Using Common PC Hardware
ISDN
PLIP
PPP
Other Network Technologies
ARCNet
Appletalk (AF_APPLETALK)
ATM
AX25 (AF_AX25)
DECNet
FDDI
Frame Relay
IPX (AF_IPX)
NetRom (AF_NETROM)
Rose Protocol (AF_ROSE)
Samba - NetBEUI, NetBios, CIFS Support
STRIP Support (Starmode Radio IP)
Token Ring
X.25
WaveLan Card
Cables and Cabling
Serial NULL Modem cable
Parallel Port Cable (PLIP Cable)
10base2 (Thin Coax) Ethernet Cabling
Twisted-Pair Ethernet Cable
Prev Up Next
Advanced Configuration Home Chapter 10. Security Under GNU/Linux
Hosted by Internet News Unlimited