How to establish a more reliable Linux system

[Kanakpriya]

Linux System On the root account (or super-user account) is like the Rolling Stones concert at the background of the pass - it allows you to access all the contents of the system. Therefore, it is worth it to take additional steps to protect them. First of all, to this account with the password command to set a password hard to guess and to make changes on a regular basis, and this password should be limited to a few key figures within the company (ideally, only two people) to know, but I want to know how to establish a more reliable Linux system

[Jackson2]

Firewall help you filter out the server's data packets, and to ensure that only those with pre-defined rules for matching data packets in order to access the system. There are many excellent firewalls for Linux, but also firewall code can even be compiled directly into the system kernel. First, application of ipchains or iptables commands in and out of the definition of network data packets input, output and forwarding rules. Based on IP addresses, network interface, port, protocol, or a combination of these attributes is available to make rules. The rule also provides that should be taken to match the action (accept, reject, forward). After setting the rules, then the firewall conduct a detailed inspection to ensure that no loopholes in it. The firewall is your security against distributed denial of service (DoS) Attacks against such common attacks on the first line of defense.

[Techno01]

The data transmitted on the network security is a client - server architecture to be dealt with an important issue. If the network services in plain text form, a hacker could "sniff" the network data transmission, in order to gain confidential information. You can use the OpenSSH secure shell-like application for the transfer of data to build an "encrypted" channel to close this loophole. In this form of connection is encrypted, unauthorized users is difficult to read the data transmitted between network hosts.

[Trio]

Intrusion Detection System (IDS) are some changes to help you understand the network of early warning systems. They are able to accurately identify (and proven) system, intrusion attempts, of course, in order to increase resource consumption and error leads to the price. You can try two kinds of fairly well-known IDS: tripwire, which traces file signatures to detect changes; snort, the instructions it uses rules-based real-time information packet analysis, search and identify the system attempts to detect or attack. Both systems can generate e-mail alerts (and other behavior), when you suspect that your network from security threats which require firm evidence, you can use them.

[deveritt]

There are many tools available to help you carry out such checks: You can try to Crack and John the Ripper password cracker like crack your password file; or use nmap or netstat to find an open port; can also use tcpdump to detect network; In addition, you can also use your installed programs (web server, firewall, Samba) on the open holes, see if we can find a way to enter. If you have managed to find ways to overcome this obstacle, others also can do it, you should take immediate action to close these loopholes.