Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100

211

212

213

214

215

216

217

218

219

220

Network Security

intended to be available in the ﬁrst place (the legacy problem). Open

ports, with the socket state LISTEN, can be found with the program

netstat. As for the options, we suggest using netstat -ap or

netstat -anp. The -p option allows you to see which process is oc-

cupying a port under which name.

Compare the netstat results with those of a thorough port scan done

from outside your host. An excellent program for this job is nmap,

which not only checks out the ports of your machine, but also draws

some conclusions as to which services are waiting behind them. How-

ever, port scanning may be interpreted as an aggressive act, so do not

do this on a host without the explicit approval of the administrator.

Finally, remember that it is important not only to scan TCP ports, but

also UDP ports (options -sS and -sU).

To monitor the integrity of the ﬁles of your system in a reliable

way, use the program tripwire. Encrypt the database created by

tripwire to prevent someone from tampering with it. Furthermore,

keep a backup of this database available outside your machine, stored

on an external data medium not connected to it by a network link.

Take proper care when installing any third-party software. There have

been cases where a hacker had built a trojan horse into the tar archive

of a security software package, which was fortunately discovered very

quickly. Only install a binary package, if you have no doubts about the

site from which you downloaded it.

SuSE’s RPM packages are gpg-signed. The key used by SuSE for sign-

ing reads as follows:

ID:9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

Key ﬁngerprint = 79C1 79B2 E1C8 20C1 890F 9994 A84E DAE8 9C80

0ACA

The command rpm -checksig package.rpm shows whether the

checksum and the signature of an uninstalled package are correct. Find

the key on the ﬁrst CD of the distribution and on most key servers

worldwide.

Check your backups of user and system ﬁles regularly. Consider that

if you do not test whether the backup will work, it might actually be

worthless.

Check your log ﬁles. Whenever possible, write a small script to search

for suspicious entries. Admittedly, this is not exactly a trivial task. In

207SuSE Linux – Firewall on CD2