Red Hat Linux 7.1: The Official Red Hat Linux Reference Guide | ||
---|---|---|
Prev | Chapter 7. Red Hat Security Primer | Next |
If you use your Red Hat Linux system on a network (such as a local area network, wide area network, or the Internet), you must be aware that your system is at a greater degree of risk than if you were not connected to that network. Beyond brute attacks on password files and users having inappropriate access, the presence of your system on a larger network widens the opportunity for a security problem and the possible form it may appear.
A number of network security measures have been built into Red Hat Linux, and many open source security tools are also included with the primary distribution. However, despite your preparedness, network security problems may occur, due in part to your network topology or a dozen other factors. To help you determine the source and method of a network security problem, consider the the most likely ways such a problem can occur:
Sniffing for authentication data — Many default authentication methods in Linux and other operating systems depend on sending your authentication information "in the clear," where your username and password is sent over the network in plain text or unencrypted. Tools are widely available for those with access to your network (or the Internet, if you are accessing your system using it) to "sniff" or detect your password by recording all data transferred over the network and sifting through it to find common login statements. This method can be used to find any information you send unencrypted, even your root password. It is imperative that you implement and utilize tools like Kerberos 5 and OpenSSH to prevent passwords and other sensitive data form being sent without encryption. If, for whatever reason, these tools cannot be used with your system, then definitely never log in as root unless you are at the console.
Frontal attack — Denial of Service (DoS) attacks and the like can cripple even a secure system by flooding it with improper or malformed requests that overwhelm it or create processes that put your system and its data, as well as other systems that communicate with it, at risk. A number of different protections are available to help stop the attack and minimize the damage, such as packet-filtering firewalls. However, frontal attacks are best handled with a comprehensive look at ways in which untrusted systems communicate with your trusted systems, putting protective barriers between the two, and developing a way to quickly respond to any event so that the disruption and possible damage is limited.
Exploiting a security bug or loophole — Occasionally, bugs are found in software that, if exploited, could do grievous damage to an unprotected system. For that reason, run as few processes as root as possible. Also, use the various tools available to you, such as the Red Hat Network for package updates and security alerts, to fix security problems as soon as they are discovered. Also, make sure that your system has no unnecessary programs starting up at boot time. The fewer programs you have started, the fewer possible security bugs can affect you.