Linux network security policies and protection measures (1)

1. Linux-based network security policies and protection measures
With the increasing popularity of Internet/Intranet networks, more and more users are using Linux network operating systems as servers. This is because Linux is a free and genuine open-source software, on the other hand, compared with Microsoft's WindowsNT network operating system, Linux has better stability, efficiency and security. In a large number of Internet/Intranet applications, the security of the network itself is facing a major challenge, followed by information security issues are becoming increasingly prominent. Take the United States as an example. According to the FBI statistics, the annual economic losses caused by network security problems in the United States are as high as 7.5 billion US dollars, on average, an Internet computer hacker intrusion occurs every 20 seconds. Generally, the security threats of computer network systems come from hacker attacks and computer viruses. Why do hackers often succeed in attacks? The main reason is that many people, especially many network administrators, do not have a minimum awareness of network security and do not adopt effective security policies and security mechanisms for the network operating systems they use to give hackers a chance. In China, network security research started late, so network security technology and network security talents still need to be improved and developed as a whole. This article hopes to make a useful analysis and discussion on this issue.
We know that a network operating system is a system software used to manage various hardware and software resources in a computer network, share resources, and provide services to users in the network to ensure the normal operation of the network system. How to ensure the security of the network operating system is the root of network security. Only when the network operating system is secure and reliable can the security of the entire network be ensured. Therefore, it is necessary to analyze the security mechanism of the Linux system in detail, identify potential security risks, and provide corresponding security policies and protection measures.
2. Basic Security Mechanism of Linux Network Operating System
The Linux network operating system provides basic security mechanisms such as user accounts, file system permissions, and System Log Files. If these security mechanisms are improperly configured, the system may have certain security risks. Therefore, the network system administrator must carefully set these security mechanisms.
Linux User Account
In Linux, a user account is a user's identity sign, which consists of a user name and a user password. In Linux, the system stores the entered user name in the/etc/passwd file, and the entered password is encrypted in the/etc/shadow file. Under normal circumstances, these passwords and other information are protected by the operating system and can only be accessed by the Super User root) and some applications of the operating system. However, this information can be obtained by common users if it is improperly configured or when system operation errors occur. Then, malicious users can use a type of tool called "password cracking" to obtain the pre-encryption password.
Linux File System Permissions
Linux File System security is mainly achieved by setting file permissions. Each Linux file or directory has three sets of attributes, which define the owner of the file or directory respectively, read-only, writable, executable, SUID allowed, and SGID allowed for user groups and others ). Note that the executable files with the SUID and SGID permissions will be granted to the process owner during the running of the program. If they are discovered and exploited by hackers, the system may be compromised.
Rational use of Linux Log Files
Linux Log files are used to record the usage of the entire operating system. As a Linux Network Administrator, make full use of the following log files.
/Var/log/lastlog File
Record the information of the user that finally enters the system, including the logon time, logon success or not. In this way, you only need to use the lastlog command to check the last logon time of the account recorded in the/var/log/lastlog file, then compare it with your machine records to find out whether the account has been stolen by hackers.
/Var/log/secure File
Record the logon time and location of all users since the activation of the system. You can provide more reference to the system administrator.
/Var/log/wtmp file
Record the logon time, location, and logout Time of the current and historical users logging on to the system. You can run the last command to view the logs. To clear the system logon information, you only need to delete the file and the system generates new logon information.
3. Possible Linux network system attacks and security defense policies
The Linux operating system is a type of open-source operating system. Therefore, it is vulnerable to attacks from the underlying layer. The system administrator must be aware of security and take certain security measures for the system, in this way, the security of the Linux system can be improved. For system administrators, it is especially important to clarify possible attack methods for Linux network systems and take necessary measures to protect their systems.
Possible types of attacks on Linux Network
"Denial of Service" Attack
The so-called "Denial of Service" attack means that hackers use destructive methods to block the resources of the target network, temporarily or permanently paralyze the network, so that the Linux network server cannot provide services for normal users. For example, hackers can simultaneously send a large number of consecutive TCP/IP requests to the target computer using a forged source address or multiple computers in a controlled place, thus paralyzing the target server system.
Password cracking attack
Password security is the first line of defense to protect your system security. Password cracking attacks aim to crack users' passwords and obtain encrypted information resources. For example, hackers can use a high-speed computer and a dictionary library to try a combination of various passwords until they finally find the password that can enter the system and open network resources.
"Spoofing users" Attack
A "spoofing user" attack refers to a network hacker disguised as an engineering technician of a network company or computer service provider, who sends a call to the user and requires the user to enter a password when appropriate, this is one of the most difficult ways for users to deal with. Once a user's password is compromised, hackers can use the user's account to access the system.
"Scanner and network listener" Attacks
Many network intrusions start with scanning. Hackers can use scanning tools to identify various vulnerabilities on the target host and use them to launch system attacks.
Network listening is also a common method for hackers. After successfully logging on to a host on the network and obtaining the superuser control of the host, hackers can use network monitoring to collect sensitive data or authentication information, so as to seize control of other hosts on the network in the future.