Red Hat Enterprise Linux 3 Security Guide

Red Hat Enterprise Linux 3 Security Guide

Red Hat Enterprise Linux 3 Security Guide Red Hat Enterprise Linux 3: Security Guide Copyright © 2003 by Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA rhel-sg(EN)-3-Print-RHI (2003-07-25T17:12) Copyright © 2003 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder. Red Hat, Red Hat Network, the Red Hat "Shadow Man" logo, RPM, Maximum RPM, the RPM logo, Linux Library, PowerTools, Linux Undercover, RHmember, RHmember More, Rough Cuts, Rawhide and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc. in the United States and other countries. Linux is a registered trademark of Linus Torvalds. Motif and UNIX are registered trademarks of The Open Group. XFree86 is a trademark of The XFree86 Project, Inc, and is pending registration. Intel and Pentium are registered trademarks of Intel Corporation. Itanium and Celeron are trademarks of Intel Corporation. AMD, Opteron, Athlon, Duron, and K6 are registered trademarks of Advanced Micro Devices, Inc. Netscape is a registered trademark of Netscape Communications Corporation in the United States and other countries. Java and Swing are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. or other countries. Oracle is a registered trademark, and Oracle8i, Oracle9i, and interMedia are trademarks or registered trademarks of Oracle Corporation. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. SSH and Secure Shell are trademarks of SSH Communications Security, Inc. FireWire is a trademark of Apple Computer Corporation. IBM, AS/400, OS/400, RS/6000, S/390, and zSeries are registered trademarks of International Business Machines Corporation. eServer, iSeries, and pSeries are trademarks of International Business Machines Corporation. All other trademarks and copyrights referred to are the property of their respective owners. The GPG fingerprint of the [email protected] key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E Table of Contents Introduction..........................................................................................................................................i 1. Document Conventions.........................................................................................................ii 2. More to Come ...................................................................................................................... iv 2.1. Send in Your Feedback ......................................................................................... iv I. A General Introduction to Security ................................................................................................i 1. Security Overview................................................................................................................. 1 1.1. What is Computer Security? .................................................................................. 1 1.2. Security Controls ................................................................................................... 5 1.3. Conclusion ............................................................................................................. 6 2. Attackers and Vulnerabilities................................................................................................ 7 2.1. A Quick History of Hackers .................................................................................. 7 2.2. Threats to Network Security .................................................................................. 7 2.3. Threats to Server Security...................................................................................... 8 2.4. Threats to Workstation and Home PC Security ................................................... 10 II. Configuring Red Hat Enterprise Linux for Security................................................................ 11 3. Security Updates ................................................................................................................. 13 3.1. Updating Packages............................................................................................... 13 4. Workstation Security........................................................................................................... 19 4.1. Evaluating Workstation Security ......................................................................... 19 4.2. BIOS and Boot Loader Security .......................................................................... 19 4.3. Password Security................................................................................................ 22 4.4. Administrative Controls....................................................................................... 27 4.5. Available Network Services................................................................................. 33 4.6. Personal Firewalls................................................................................................ 35 4.7. Security Enhanced Communication Tools........................................................... 36 5. Server Security.................................................................................................................... 37 5.1. Securing Services With TCP Wrappers and xinetd .......................................... 37 5.2. Securing Portmap................................................................................................. 40 5.3. Securing NIS........................................................................................................ 40 5.4. Securing NFS....................................................................................................... 42 5.5. Securing the Apache HTTP Server...................................................................... 43 5.6. Securing FTP ....................................................................................................... 44 5.7. Securing Sendmail ............................................................................................... 47 5.8. Verifying Which Ports Are Listening .................................................................. 48 6. Virtual Private Networks..................................................................................................... 51 6.1. VPNs and Red Hat Enterprise Linux................................................................... 51 6.2. Crypto IP Encapsulation (CIPE).......................................................................... 51 6.3. Why Use CIPE? ................................................................................................... 52 6.4. CIPE Installation.................................................................................................. 53 6.5. CIPE Server Configuration .................................................................................. 53 6.6. Configuring Clients for CIPE .............................................................................. 54 6.7. Customizing CIPE ............................................................................................... 56 6.8. CIPE Key Management ....................................................................................... 57 6.9. IPsec..................................................................................................................... 57 6.10. IPsec Installation................................................................................................ 58 6.11. IPsec Host-to-Host Configuration...................................................................... 58 6.12. IPsec Network-to-Network configuration.......................................................... 60 7. Firewalls.............................................................................................................................. 65 7.1. Netfilter and IPTables .......................................................................................... 66 7.2. Using IPTables ..................................................................................................... 66 7.3. Common iptables Filtering.............................................................................. 68 7.4. FORWARD and NAT Rules..................................................................................... 69 7.5. DMZs and iptables .......................................................................................... 70 7.6. Viruses and Spoofed IP Addresses ...................................................................... 70 7.7. IP6Tables.............................................................................................................. 70 7.8. Additional Resources........................................................................................... 71 III. Assessing Your Security............................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    136 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us