User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE

Security Updates

Exploit Description Notes

alleviate the burdens of multi-seat

security deployments.

Denial of Service

(DoS) Attacks

Attacker or group of attackers

coordinate against an organization's

network or server resources by

sending unauthorized packets to the

target host (either server, router, or

workstation). This forces the resource

to become unavailable to legitimate

users.

The most reported DoS case in the

US occurred in 2000. Several highly-

trafficked commercial and government

sites were rendered unavailable by

a coordinated ping flood attack using

several compromised systems with

high bandwidth connections acting

as zombies, or redirected broadcast

nodes.

Source packets are usually forged

(as well as rebroadcasted), making

investigation as to the true source of

the attack difficult.

Advances in ingress filtering (IETF

rfc2267) using iptables and

Network Intrusion Detection Systems

such as snort assist administrators

in tracking down and preventing

distributed DoS attacks.

1.5. Security Updates

As security vulnerabilities are discovered, the affected software must be updated in order to limit

any potential security risks. If the software is part of a package within a Red Hat Enterprise Linux

distribution that is currently supported, Red Hat is committed to releasing updated packages that

fix the vulnerability as soon as is possible. Often, announcements about a given security exploit

are accompanied with a patch (or source code that fixes the problem). This patch is then applied to

the Red Hat Enterprise Linux package and tested and released as an errata update. However, if an

announcement does not include a patch, a developer first works with the maintainer of the software to

fix the problem. Once the problem is fixed, the package is tested and released as an errata update.

If an errata update is released for software used on your system, it is highly recommended that you

update the affected packages as soon as possible to minimize the amount of time the system is

potentially vulnerable.

1.5.1. Updating Packages

When updating software on a system, it is important to download the update from a trusted source. An

attacker can easily rebuild a package with the same version number as the one that is supposed to

fix the problem but with a different security exploit and release it on the Internet. If this happens, using

security measures such as verifying files against the original RPM does not detect the exploit. Thus, it

is very important to only download RPMs from trusted sources, such as from Red Hat and to check the

signature of the package to verify its integrity.

Note

Red Hat Enterprise Linux includes a convenient panel icon that displays visible alerts when there

is an update available.