As the system administrator, your primary concern is the security of your Red Hat Linux system and the local network. You may also have to worry about securing it from unwanted access from the Internet. This chapter introduces you to the subjects of system and network security and shows you how to use some of the security features of Red Hat Linux.
By reading this chapter, you learn the following:
It is helpful to think of an organization-wide security framework. In such a framework, you first establish a security policy based on business requirements and risk analysis. Then, you develop an overall security solution based on security policy, business requirements, and available technology. Finally, you put in place the management practices to continually monitor, detect, and respond to any security problems.
Risk analysis means identifying threats and vulnerabilities. Then, you can assess the probability and impact of each vulnerability and decide to mitigate those vulnerabilities that are most likely to be exploited and whose exploitation will cause the most harm.
To secure the Red Hat Linux system, you have to secure the passwords and the network services, such as FTP, NFS, and HTTP. You can use the chkconfig command to disable unnecessary services. For services started by xinetd you can also edit the configuration files in /etc/xinetd.d directory to turn services off or on.
Use secure shell (SSH) for secure remote logins. This chapter shows you how to use SSH.
For a system connected to the Internet (including a local network), you can meet network security needs by setting up a firewall between the internal network and the Internet. Any publicly accessible servers, such as Web and FTP servers, should be placed outside the firewall in a perimeter network or the demilitarized zone (DMZ).
There are many kinds of firewalls-packet filters, dual-homed hosts, and application gateways (or proxy servers). This chapter provides an overview of firewalls. You can implement a packet-filtering firewall by using the iptables software that comes with Red Hat Linux.
You can monitor the integrity of system files and directories by installing and setting up the Tripwire software that comes on the companion CD-ROMs.
You should periodically review the log files in the /var/log directory of your Red Hat Linux system for any signs of intrusion attempts.
You should also perform a periodic security audit of your system and network. You can use some automated tools such as nmap and Nessus to test your network security.
The chapter provides some online resources from which you can learn more about securing your Red Hat Linux system. You can use these online resources to keep up with late-breaking security news.