Types of attacks that Linux network systems may receive

Types of attacks that Linux network systems may receive

"Denial of service" attack

The so-called "denial of service" attack means that hackers take destructive methods to block the resources of the target network, temporarily or permanently paralyzed the network, so that the Linux network server can not provide services for normal users. For example, a hacker can disable a target server system by making a large, continuous TCP/IP request to the target computer at the same time, using a forged source address or multiple computers from other locations that are controlled.

"Password cracking" attack

Password security is the first line of defense against the security of your own system. The purpose of "password cracking" attack is to break the user's password so that the information resources that have been encrypted can be obtained. For example, hackers can use a high-speed computer, with a dictionary library, try a variety of password combinations, until finally found the password to access the system, open network resources.

"Spoofing users" attack

"Spoofing a user" attack is a network hacker disguised as a network company or computer service provider of engineering and technical personnel, send a call to the user, and when appropriate, ask the user to enter the password, which is the most difficult to deal with the user a way of attack, once the user password is compromised, hackers can use the user's account to enter the system.

"Scanners and network sniffing" attacks

Many network intrusions started from the scan, using the scan tool hackers can identify the target host a wide range of vulnerabilities, and use it to implement attacks on the system.

Network monitoring is also a commonly used method of hackers, when successfully logged on to a host on the network, and access to the host's Super user control, hackers can use the network to monitor the collection of sensitive data or authentication information, so as to capture the control of other hosts in the network later.

Linux Network security precaution strategy

Looking at the history of the network, it can be seen that the attacks on the network may be from illegal users, but also from legitimate users. Therefore, as the administrator of Linux network system, it is necessary to guard against hacker attacks from outside and strengthen the management and education of internal network users, which can adopt the following security policies.

Carefully set permissions for each internal user

In order to protect the resources of Linux network systems, when opening accounts to internal network users, carefully set the permissions of each internal user, should generally follow the "least privilege" principle, that is, only to give each user to complete their specific tasks required by the server access. This will greatly increase the management workload of the system administrator, but should adhere to this principle for the security of the entire network system.

Secure the user password file/etc/shadow

For the network system, the password is more prone to problems, as a system administrator should tell the user to set the password to use the security password (in the password sequence using non-letter, non-numeric and other special characters) and appropriately increase the length of the password (greater than 6 characters). The system administrator protects the security of the two files of/etc/passwd and/etc/shadow so that the two files are not available to unrelated people, so that hackers use programs such as John to/etc/passwd and/etc/ The shadow file has a dictionary attack attempt to obtain a user's password is not possible. System administrator regularly use John and other programs for the system's/etc/passwd and/etc/shadow files to simulate the dictionary attack, once found that there is an unsafe user password, to force users to modify immediately.

Strengthen the monitoring and recording of system operation

The Linux network system administrator should monitor and record the operation of the entire network system, so that by analyzing the data, suspicious network activities can be detected, and measures may be taken to prevent future intrusion behavior in advance. If the offense has been implemented, you can use the data to track and identify the hacker who hacked into the system.

Rationally dividing subnets and setting up firewalls

If your internal network is going to the Internet, you must set up a firewall between the internal network and the interface of the external network to ensure data security on your internal network. For the internal network itself, in order to facilitate management, reasonable allocation of IP address resources, the internal network should be divided into multiple subnets, this can also prevent or delay the hacker to the entire internal network intrusion.

Regular security checks on Linux networks

The operation of Linux network system is dynamic, so its security management is also changing, there is no fixed mode, as the administrator of Linux network system, after setting up a security policy for the system, the system should be regularly security check and try to attack the server that you manage. If you find vulnerabilities in the security mechanism, you should take immediate steps to remedy them without giving the hacker an opportunity.

Develop appropriate data backup plans to ensure the system is foolproof

No one operating system is absolutely reliable, and no security policy is foolproof, so as a Linux system administrator, you must develop appropriate data backup plans for the system, making full use of tape drives, CD burners, dual-machine hot backup and other technical means to save data for the system, Once the system is compromised or hacked into a crash, it can quickly resume work and minimize the loss.

Linux network system may be attacked and security strategy has been introduced to everyone, I hope you have mastered.