Linux security strategy server and network equipment maintenance

Source: Internet
Author: User
Tags password protection
Article title: Linux security strategy server and network equipment maintenance. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

At present, many small and medium users are constantly updating or upgrading their networks due to business development, which leads to great differences in their user environments. The entire network system platform is uneven, and most of them use Linux and Unix on the server side, the PC end uses Windows 9X/2000/XP. therefore, in enterprise applications, Linux/Unix and Windows operating systems coexist to form a heterogeneous network. Small and medium-sized enterprises lack experienced Linux network administrators and security product procurement funds, so network security is often a headache and a lack of comprehensive consideration.

Here, the author divides the security of small and medium-sized enterprises into four types to propose solutions. Server security, network device security, Internet access security, and internal network security.

I. server security:

1. Disable useless ports

Any network connection is implemented through open application ports. If we open the port as few as possible, we will turn the network attack into the source water, which greatly reduces the chance of successful attackers.

First check your inetd. conf file. Inetd monitors certain ports to provide necessary services. If someone develops a special inetd daemon, there is a security risk. You should comment out the services that will never be used in the inetd. conf file (such as echo, gopher, rsh, rlogin, rexec, ntalk, and finger ). Note: Unless absolutely required, you must comment out rsh, rlogin, and rexec. telnet recommends that you use a more secure ssh instead and then kill the lnetd process. In this way, inetd no longer monitors the Daemon on your machine, so that no one can use it to steal your application port. You 'd better download a port scanner to scan your system. if you find an open port that you don't know, immediately find the process using it to determine whether to close it.

2. delete unused software packages

During system planning, the general principle is to remove all unnecessary services. By default, Linux is a powerful system that runs many services. However, many services are not required and may cause security risks. This file is/etc/inetd. conf, which defines the services to be listened to by/usr/sbin/inetd. you may only need two of them: telnet and ftp, other classes such as shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, and auth are all disabled unless you really want to use it.

3. do not set the default route

In the host, you must strictly disable the default route, that is, the default route. we recommend that you set a route for each subnet or CIDR block. otherwise, other machines may access the host in a certain way.

4. password management

Generally, the password length should not be less than 8 characters. the composition of the password should be a combination of uppercase and lowercase letters, numbers and symbols with no rules, and password should be strictly avoided using English words or phrases, in addition, the passwords of various users should be changed regularly. In addition, password protection also involves the protection of/etc/passwd and/etc/shadow files. only the system administrator can access these two files. Installing a password filtering tool and npasswd can help you check whether your password can withstand attacks. If you have not installed such tools before, we recommend that you install them now. If you are a system administrator and you have not installed a password filtering tool in your system, please immediately check whether all users' passwords can be searched in full, that is, your/ect/passwd file is fully searched.

5. partition management

A potential attack first tries to buffer overflow. In the past few years, buffer overflow is the most common form of security vulnerabilities. More seriously, the buffer overflow vulnerability accounts for the vast majority of remote network attacks. such attacks can easily give an anonymous Internet user the opportunity to gain some or all control over a host!

To prevent such attacks, we should pay attention to them when installing the system. If you use the root partition to record data, such as log files, a large number of logs or spam may be generated due to denial of service, resulting in system crash. Therefore, we recommend that you create separate partitions for/var to store logs and emails to avoid overflow of the root partition. It is best to separate a partition for a special application, especially for programs that can generate a large number of logs. We also recommend that you separate a partition for/home so that they cannot fill up/partition, this avoids some malicious attacks against Linux partition overflow.

6. prevent network sniffing:

Sniffer is widely used in network maintenance and management. It works like a passive sonar. it silently receives various information from the network and analyzes the data, the network administrator can gain an in-depth understanding of the current running status of the network to identify vulnerabilities in the network. Today, network security is becoming increasingly important. We should not only use the sniffer correctly. We also need to properly prevent the dangers of the sniffer. Sniffer can cause great security hazards, mainly because they are not easily discovered. For an enterprise with strict security performance requirements, it is necessary to use a secure topology, session encryption, and static ARP Address.

7. complete log management

Log files always record the running status of your system. The hacker cannot escape the log. Therefore, hackers often modify log files to hide traces during attacks. Therefore, we need to restrict access to/var/log files and prohibit users with general permissions from viewing log files.

In addition, we can install an icmp/tcp Log Manager, such as iplogger, to observe the suspicious multiple connection attempts (add icmp flood3 or similar situations ). Be careful with logon from unknown hosts.

Complete log management includes the correctness, validity, and validity of network data. Log file analysis can also prevent intrusion. For example, a user's 20 failed registration records within a few hours may be the attacker trying the user's password.

8. stop ongoing attacks

If you find a user logging on from your unknown host while checking the log file, and you are sure that this user does not have an account on this host, you may be attacked. First, you need to lock the account immediately (in the password file or shadow file, add an Ib or other character before the user's password ). If the attacker has been connected to the system, you should immediately disconnect the physical connection between the host and the network. If possible, you need to further check the user's history to see if other users have been impersonated and whether the attacker has the root permission. Kill all processes of the user and add the IP address mask of the host to the file hosts. deny.

9. use security tool software:

Linux already has some tools to ensure the security of the server. Such as bastille linux. for users who are not familiar with linux security settings, it is quite convenient. bastille linux aims to build a secure environment on an existing linux system. In addition, with the emergence of the Linux virus, there are already some anti-virus software for Linux servers, and installing the Linux anti-virus software is very urgent.

10. use the reserved IP address:

The simplest way to maintain network security is to ensure that hosts in the network are exposed to different external sources. The most basic method is to isolate it from the public network. However, this isolation-based security policy is unacceptable in many cases. At this time, using Reserved IP addresses is a simple and feasible method, which allows users to access the Internet while ensuring a certain degree of security. -RFC 1918 specifies the range of IP addresses that can be used for local TCP/IP networks. these IP addresses are not routed over the Internet and therefore do not need to be registered. By assigning IP addresses in this range, you can effectively limit network traffic to the local network. This is a fast and effective way to allow computers to communicate with each other by rejecting access from external computers.

Reserved IP address range:

---- 10.0.0.0-10.20.255.255
---- 172.16.0.0-172.31.255.255

-- 192.168.0.0-192.168.255.255

The network traffic from the reserved IP address does not pass through the Internet router, so any computer assigned with the reserved IP address cannot access from the external network. However, this method also does not allow users to access external networks. IP spoofing can solve this problem.

11. select the release version:

For the Linux version used by the server, neither the latest release version nor the old version is used. Mature versions should be used: the final release version of the previous product, such as Mandrake 8.2 Linux. After all, security and stability are the top priority for servers.

12. patch issues

You should always go to the home page of the system publisher you have installed to find the latest patch.

[1] [2] Next page

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.