Network security and network security problems

Network security and network security problems
Zookeeper

1. prevent intruders from conducting ping detection on the host and prohibit the Linux host from responding to the ICMP packet.
Echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all
Reply
Echo 0>/proc/sys/net/ipv4/icmp_echo_ignore_all

Disable ICMP response on iptables Firewall

2. Service port
Disable unnecessary ports and Check Network Ports frequently.
Nmap can scan ports
/Usr/bin/nmap-sS-O-PT 127.0.0.1
 
Prevents host port scanning
Disable unnecessary services and ports
Specify a non-standard port for the network service
Enable the firewall and only allow authorized users to access the corresponding service port
 
3. Attack rejection
Attack methods that consume available server resources
Main ()
{
While (1)
Fork ();
}
 
Restrict user resources to/etc/security/limits. conf
 
Soft limit is only a warning limit. If this value is exceeded, the system will issue a warning.
Hard limit is the actual limit
You can run ulimit to view your resource limits.
Ulimit-

4. Use secure network services
Traditional network service programs such as telnet, ftp, pop, rsh, and rlogin are inherently insecure, because these services transmit passwords and data in plain text on the network, attackers can easily intercept passwords by using tools such as sniffer.
Man in the middle)

5. Enhanced Xinetd Security
Xinetd is a traditional network daemon that can listen to multiple specified ports at the same time. When receiving user requests, Xinetd depends on the user request port, start a network service process to respond to user requests
Xinetd is called a super server. network services such as telnet, rlogin, rsh, rcp, and tftp are started through it.
To reduce potential system vulnerabilities, disable useless network services in xinetd.