Redhat Linux Network Security
Covering everything about security would take several volumes of books, so we can only look
at the basics. We can take a quick look at the primary defenses you need in order to protect
yourself from unauthorized access through telephone lines (modems), as well as some aspects
of network connections. We won't bother with complex solutions that are difficult to
implement because they can require a considerable amount of knowledge and they apply only to
specific configurations.
Instead, we can look at the basic methods of buttoning up your Linux system, most of which
are downright simple and effective. Many system administrators either don't know what is
necessary to protect a system from unauthorized access, or they have discounted the chances
of a break-in happening to them. It happens with alarming frequency, so take the industry's
advice: Don't take chances. Protect your system.
Weak Passwords
Believe it or not, the most common access method of breaking into a system through a
network, over a modem connection, or sitting in front of a terminal is through weak
passwords. Weak (which means easily guessable) passwords are very common. When these are
used by system users, even the best security systems can't protect against intrusion.
If you're managing a system that has several users, you should implement a policy requiring
users to set their passwords at regular intervals (usually six to eight weeks is a good
idea), and to use non-English words. The best passwords are combinations of letters and
numbers that are not in the dictionary.
Sometimes, though, having a policy against weak passwords isn't enough. You might want to
consider forcing stronger password usage by using public domain or commercial software that
checks potential passwords for susceptibility. These packages are often available in source
code, so they can be compiled for Linux without a problem.
File Security
Security begins at the file permission level and should be carried out carefully. Whether
you want to protect a file from snooping by an unauthorized invader or another user, you
should carefully set your umask (file creation mask) to set your files for maximum security.
Of course, this is really only important if you have more than one user on the system or
have to consider hiding information from certain users. However, if you are on a system with
several users, consider forcing umask settings for everyone and set read-and-write
permissions only for the user, and no permissions for everyone else. This is as good as you
can get with file security.
For very sensitive files (such as accounting or employee information), consider encrypting
them with a simple utility. There are many such programs available. Most require only a
password to trigger the encryption or decryption.
More information visit