Specifications
7
Help
Is external access to available resources not functioning? Which services
are affected? Should the resources really be accessible?
Test, using ps, whether the process is available — if it can be accessed.
If services are not accessible, check your log files. Look for messages
about why a particular service was not started or whether an unautho-
rized party has been attempting to make use of the service. Test from
several clients whether the firewall host is accessible and whether the
proxies are responding.
Detecting Attacks
Intrusion Detection and Event Display
A properly configured Linux/UNIX system can, in and of itself, be consid-
ered quite secure. Internal system hazards associated with a complex system
such as Linux or UNIX are more easily recognized than on other operating
systems, because UNIX has been used and developed for over thirty years.
UNIX also forms the basis of the Internet. Nevertheless, configuration er-
rors can occur and security holes can appear. There will always be security
flaws. Security experts and crackers are in perpetual competition to be one
step ahead of the other. What qualifies today as secure may be vulnerable
tomorrow.
Signs of Intrusion
Any abnormal behavior on your firewall system can be considered a sign that
your system is compromised:
increased processor load
unusually heavy network traffic
unusual processes
processes started by nonexistent users
143SuSE Linux – Firewall on CD2