11.7 Network Security Tips

Anyone who administers a system connected to the Internet needs to know something about network security. It's not uncommon for systems connected to the Internet to be probed by would-be hackers several times daily. If a would-be hacker manages to detect a vulnerability, the hacker can often exploit it in a matter of seconds. Therefore, it's almost certain that a system administrator ignorant of network security will eventually suffer a system break-in.

Network security is a large and sophisticated topic that can be only cursorily surveyed in a book such as this. Concerned readers should consult books such as the following:

  • Building Internet Firewalls, Second Edition, by Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman (O'Reilly)

  • Building Secure Servers with Linux, by Michael D. Bauer (O'Reilly).

  • Computer Security Basics, by Deborah Russell and G.T. Gangemi, Sr. (O'Reilly)

  • Linux Security Cookbook, by Daniel J. Barrett, Richard Silverman, Robert G. Byrnes (O'Reilly).

  • Linux Server Hacks, by Rob Flickenger (O'Reilly).

  • Practical Unix & Internet Security, 3rd. ed., by Simson Garfinkel, Gene Spafford, and Alan Schwartz (O'Reilly).

  • Red Hat Linux Firewalls, by Bill McCarty (Red Hat Press).

If a sufficiently skilled hacker is intent on compromising a system you administer, the hacker will probably succeed. However, here are some tips that can help you avoid falling victim to amateur hackers:

  • Use a network or host firewall to prevent outsiders from accessing services you don't need to make publicly available.

  • Monitor security web sites and mailing lists so that you're aware of recent threats and the associated countermeasures. The CERT Coordination Center, http://www.cert.org, provides many useful resources.

  • Apply bug fixes promptly after Red Hat Network advises you that they are available.