Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 689 — #715
i
i
i
i
i
i
i
i
26
Security in the Network
on IP addresses or host names. The attacker needs a good understanding of
the actual structure of the trust relationships among hosts to disguise itself
as one of the trusted hosts. Usually, the attacker analyzes some packets re-
ceived from the server to get the necessary information. The attacker often
needs to target a well-timed DoS attack at the name server as well. Protect
yourself by using encrypted connections that are able to verify the identity
of the hosts to which to connect.
Worms
Worms are often confused with viruses, but there is a clear difference be-
tween the two. Unlike viruses, worms do not need to infect a host pro-
gram to live. Rather, they are specialized to spread as quickly as possible on
network structures. The worms that appeared in the past, such as Ramen,
Lion, or Adore, make use of well-known security holes in server programs
like bind8 or lprNG. Protection against worms is relatively easy. Given that
some time elapses between the discovery of a security hole and the mo-
ment the worm hits your server, there is a good chance that an updated
version of the affected program is available on time. That is only useful if
the administrator actually installs the security updates on the systems in
question.
26.7.2 Some General Security Tips and Tricks
To handle security competently, it is important to keep up with new de-
velopments and to stay informed about the latest security issues. One
very good way to protect your systems against problems of all kinds is
to get and install the updated packages recommended by security an-
nouncements as quickly as possible. SUSE security announcements are
published on a mailing list to which you can subscribe by following the
link http://www.suse.de/security. The list suse-security-
announce@suse.de is a first-hand source of information regarding up-
dated packages and includes members of SUSE’s security team among its
active contributors.
The mailing list suse-security@suse.de is a good place to discuss any
security issues of interest. Subscribe to it under the URL as given above for
suse-security-announce@suse.de.
bugtraq@securityfocus.com is one of the best-known security mail-
ing lists worldwide. Reading this list, which receives between fifteen and
twenty postings per day, is recommended. More information can be found
at http://www.securityfocus.com.
689SUSE LINUX Enterprise Server