Network security is becoming increasingly important because the time of connection to the Internet is increasing. Compromising network security is often much easier than compromising physical or local security, and is much more common. There are a number of good tools to assist in network security and many new ones are included in Linux distributions. At present a security problem of systems plays a huge role for Internet users, which, together with their ample opportunities brought new dangers, such as computer crime, identity theft, and malicious damage to systems that did not previously exist. Need to clearly understand the nature of potential threats to computer security, and it does not matter whether you are a system or network administrator for a large organization or an ordinary user.
The main types of attacks are the following, unauthorized access, i.e. attacker who is not allowed to use the services your host will be able to connect and work with them using the "bugs" in the network services that are vulnerable from the external network; Denial of Service (DoS) v such attacks lead to failure of hardware and / or host software, resulting in a system becomes unavailable to users in the attack on the service goal of the attacker simply v beat host of the network; hoax v when the attacker simulates the connection to the host, credible, plays traffic v attacker configures a network interface such as to obtain all the packets passing the network, not just his system in order to extract user names and passwords.
Reliable ways to combat such attacks are: improving the safety of the kernel and IP-stack, building a firewall (firewall); identification scan, determine the type and version of operating system, invasion, logging, the maximum level of detail, protection from eavesdropping, a complete shutdown of all unsafe services or replacement alternatives. In a series of articles "ensure the safety of OS Linux distribution network for example Red Hat Linux 7.0" to try to figure out ways of struggle against the destructive actions towards intruders.
Assumed that the computer network security, threats mainly from hackers and viruses, has two aspects. Why are so often able to hack it? The main reason for many people, especially many network administrators without, at least on network security, there is no point for a network operating system, to take effective security policy and security mechanisms for hackers. We know that the network operating system used to manage computer networks in a variety of hardware and software resources, sharing resources and users across the network to provide services to ensure the normal functioning of the type of network software system. How to ensure that the network operating system security, network security lies. Only safe and reliable network operating system can guarantee the security of the entire network. Thus, a detailed analysis of system security mechanisms in Linux, you can identify potential security issues, taking into account the relevant security policies and protective measures are needed.
Basic Security
Linux network operating system provides the user accounts, file system permissions and system log files and other basic security mechanisms, if these security mechanisms are configured incorrectly, it will make the system a threat to security. Thus, the network administrator of the system must be careful to set these security mechanisms. Linux is an excellent workstation alone, but usually every Linux machine is connected to a network and is also providing network services. The system has an obligation to ensure the services provided.
Linux system user account
On Linux, the user accounts the user's identity logo, which consists of a user name and password composition. The system Linux, the system will enter a user name stored in / etc / Password file, which will enter the password in encrypted form stored in / etc / Shadow file. Under normal circumstances, these passwords and other information that is protected by operating system and can visit their privileged user (root), and the operating system for some applications. However, if configured incorrectly, or, in some cases, the operating system error, such information may be obtained by ordinary users. In addition, attackers can use a class called "password cracking" tools to get the password before encryption
Linux file system permissions
Linux file system security, mainly through setting file permissions to achieve. Each file or directory Linux, there are 3 sets of attributes, defined file or directory owner, user groups and other permissions (read-only, write, executable, allowing the SUID, SGID, etc. allowed). Particular attention, SUID and SGID permissions on an executable file to start the process, the process will give the owner permission, if hackers found and used for the system will not cause harm.
Type of Attack on Linux
DDoS
The so-called "denial of service attack hacker devastating to block network resources in a network temporary or permanent paralysis, making Linux web server cannot for ordinary users. For example, hackers may use fake source address and other areas controlled by multiple computers simultaneously sent to the target computer a lot, a permanent TCP / IP requests to the target server system is paralyzed.
Password Hack
Password security system to protect their own safety first line of defense. "Password cracking" attacks aimed at breaking the user's password, which you can get the information resources, have been encrypted. For example, a hacker can use high-speed computers, the dictionary database, try different combination of a password until you find a password to log into the system, open network shares.
Trick Users
To trick users refers to the network hacker attacks under the guise of a company or a computer network service provider of engineering and technical personnel, access to the user, and in the prescribed manner require the user to enter a password, this is the hardest attack users when a password has been compromised, the hacker can use user account in the system.
Network Monitor
Many network intrusion begins with the scanning by scanning hackers can find a host to a variety of loopholes and use the attack on the system. Network monitoring the overall method of hacking, when successfully logged into the network host, and made a lot of control the super-user, an attacker can use network monitoring to collect confidential information or authentication information in the future other hosts to seize control over the network right.
Linux Network Security
Throughout the history of this network, we see that the attack on the network may come from illegal users may also be from a legitimate user. Therefore, as a Linux network administrator, we must always guard against attacks by hackers, as well as strengthening the internal management network users and education, in particular, take the following security policy.
Firewall Subnet
If the internal network to access the Internet, internal network and external network interfaces to set the firewall to the internal network to ensure data security. For the internal network itself, in order to facilitate the management and rational allocation of resources, IP-address should be divided into several subnets on the network, it will also help prevent or delay the attackers seized the entire internal network.
Bookmarks