Electronic Books

For example, if you want
to log in to a computer over the Internet, the Secure Shell service (ssh) is considered more
secure than rlogin or telnet services (which pass clear-text passwords). Also, some services
that are thought to be insecure if you expose them on the Internet (such as Samba and
NFS) can be used more securely over the Internet through VPN tunnels (such as IPSec
or CIPE).
 Use restrictive firewalls. A primary job of a firewall is to accept requests for services
from a network that you want to allow and turn away requests that you don??™t (based
primarily on port numbers requested). A desktop system should refuse requests that
come in on most ports. A server system should allow requests for a controlled set of
ports. See Chapter 18 for information on how to set up a firewall using iptables.
 Enable only services you need. To offer services in Linux (such as Web, file, or mail
services), a daemon process will listen on a particular port number. Don??™t enable services
you don??™t need. In fact, don??™t even install server software you don??™t need.
A program that runs quietly in the background handling service requests (such as sendmail)
is called a daemon. Usually, daemons are started automatically when your system
boots up, and they keep running until your system is shut down.


Pages:
430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454