Linux Security mechanisms

1. Firewalls

A firewall is a part or a series of parts that is restricted between the protected network and the Internet, or between other networks.

The Linux Firewall system provides the following features:

Access control, which can enforce access control policies based on address (source and destination), user, and time, thereby eliminating unauthorized access while protecting the legitimate access of internal users from being affected.

Audit, to record through its network access, to establish a complete log, audit and tracking network access records, and can generate reports as needed.

Anti-attack, the firewall system directly exposed to the non-trust network, the external sector, the internal network protected by the firewall like a point, all attacks are directed against it, the point is called the Fortress machine, therefore requires a bastion machine with high security and the ability to withstand various attacks.

Other ancillary functions, such as audit-related alarms and intrusion detection, authentication, encryption and authentication associated with access control, and even VPNs

Iptables and firewall firewall differences?

Iptables is used to filter packets and belongs to the network layer firewall.

Firewall can allow which services are available, those ports are available .... Belong to a higher layer of firewalls.

The bottom of the firewall is data filtering using Iptables, built on top of the iptables.

Restarting the iptables after setting the iptables will reload the firewall module, and the module's load will break the stateful firewall and established connections. will break the program that has already provided data links to the outside. You may need to restart the program.

Firewall is a dynamic firewall that uses the D-bus method to modify the configuration without destroying existing data links.

2.PAM mechanism      

Pam (pluggable authentication Modules) is a set of shared libraries designed to provide a framework and a set of programming interfaces that will be delegated to administrators by programmers, and Pam allows administrators to choose between multiple authentication methods, It can change the local authentication method without recompiling the application related to authentication.

The features of Pam include:

Encrypted passwords (including algorithms other than DES);

Restrict the user's resources to prevent Dos attacks;

Allow arbitrary shadow password;

Restrict a specific user from being logged in at a specified point in time;

3. Intrusion Detection System

Intrusion detection technology is a relatively new technology, few operating systems have installed intrusion detection tools, in fact, the standard Linux release is also recently equipped with this tool. Although the history of intrusion detection system is very short, but the development is very fast, at present the more popular intrusion detection system has snort, portsentry, lids and so on.

4. Intrusion Detection System

Intrusion detection technology is a relatively new technology, few operating systems have installed intrusion detection tools, in fact, the standard Linux release is also recently equipped with this tool. Although the history of intrusion detection system is very short, but the development is very fast, at present the more popular intrusion detection system has snort, portsentry, lids and so on.

5. Security audits

Even if system administrators are smart enough to take various security measures, they will unfortunately find some new vulnerabilities. An attacker would quickly seize the opportunity to compromise as many machines as possible before the vulnerability could be patched.  Although Linux cannot predict when a host will be attacked, it can record an attacker's whereabouts. Linux can also detect, record time information, and network connectivity.  This information will be redirected to the log for future reference. Logs are an important part of the Linux security architecture and are the only real evidence that the attack has occurred. Linux provides network, host, and user-level log information because of the variety of attack methods available today

6. Mandatory access Control  

Mandatory access Control (Mac,mandatory access controls) is an access control defined and implemented by system administrators from a system-wide perspective, which, by marking the subject and object of the system, enforces the restriction of the sharing and flow of information so that different users can access only the Specify the scope of information to fundamentally prevent the loss of information and access to chaotic phenomena.

This article from the "Technology life, Simple not simple" blog, please be sure to keep this source http://willis.blog.51cto.com/11907152/1854218

Linux Security mechanisms