If you are enabling FTP, Web (HTTPD), DNS, NFS, NIS, or Samba services on your Fedora or
RHEL system, you should consider leaving SELinux enabled and working with the settings from
the Security Level Configuration window to configure those services. For information on SELinux
that is specific to Fedora, refer to this site:
http://fedoraproject.org/wiki/SELinux
TIP
236
Running the Show Part II
Protecting Web Servers
with Certificates and Encryption
Previous sections told you how to lock the doors to your Linux system to deny access to crackers.
The best dead bolt lock, however, is useless if you are mugged in your own driveway and have
your keys stolen. Likewise, the best computer security can be for naught if you are sending passwords
and other critical data unprotected across the Internet.
A savvy cracker can use a tool called a protocol analyzer or a network sniffer to peek at the data flowing
across a network and pick out passwords, credit card data, and other juicy bits of information. The
cracker does this by breaking into a poorly protected system on the same network and running software,
or by gaining physical access to the same network and plugging in his or her own equipment.
You can combat this sort of theft by using encryption. The two main types of encryption in use
today are symmetric cryptography and public-key cryptography.
Pages:
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510