User guide
iii
Preface vii
1. Document Conventions .................................................................................................. vii
1.1. Typographic Conventions .................................................................................... vii
1.2. Pull-quote Conventions ....................................................................................... viii
1.3. Notes and Warnings ............................................................................................ ix
2. We Need Feedback! ....................................................................................................... ix
1. Security Overview 1
1.1. Introduction to Security ................................................................................................. 1
1.1.1. What is Computer Security? ............................................................................... 1
1.1.2. SELinux ............................................................................................................ 3
1.1.3. Security Controls ............................................................................................... 3
1.1.4. Conclusion ........................................................................................................ 4
1.2. Vulnerability Assessment .............................................................................................. 5
1.2.1. Thinking Like the Enemy ................................................................................... 5
1.2.2. Defining Assessment and Testing ....................................................................... 6
1.2.3. Evaluating the Tools .......................................................................................... 7
1.3. Attackers and Vulnerabilities ......................................................................................... 9
1.3.1. A Quick History of Hackers ................................................................................ 9
1.3.2. Threats to Network Security ............................................................................. 10
1.3.3. Threats to Server Security ............................................................................... 10
1.3.4. Threats to Workstation and Home PC Security .................................................. 12
1.4. Common Exploits and Attacks ..................................................................................... 12
1.5. Security Updates ........................................................................................................ 15
1.5.1. Updating Packages .......................................................................................... 15
1.5.2. Verifying Signed Packages ............................................................................... 16
1.5.3. Installing Signed Packages .............................................................................. 16
1.5.4. Applying the Changes ...................................................................................... 17
2. Securing Your Network 21
2.1. Workstation Security ................................................................................................... 21
2.1.1. Evaluating Workstation Security ........................................................................ 21
2.1.2. BIOS and Boot Loader Security ........................................................................ 21
2.1.3. Password Security ........................................................................................... 23
2.1.4. Administrative Controls .................................................................................... 28
2.1.5. Available Network Services .............................................................................. 34
2.1.6. Personal Firewalls ........................................................................................... 37
2.1.7. Security Enhanced Communication Tools .......................................................... 38
2.2. Server Security .......................................................................................................... 38
2.2.1. Securing Services With TCP Wrappers and xinetd ............................................. 39
2.2.2. Securing Portmap ............................................................................................ 42
2.2.3. Securing NIS ................................................................................................... 42
2.2.4. Securing NFS .................................................................................................. 45
2.2.5. Securing the Apache HTTP Server ................................................................... 46
2.2.6. Securing FTP .................................................................................................. 47
2.2.7. Securing Sendmail ........................................................................................... 49
2.2.8. Verifying Which Ports Are Listening .................................................................. 50
2.3. TCP Wrappers and xinetd ........................................................................................... 51
2.3.1. TCP Wrappers ................................................................................................. 52
2.3.2. TCP Wrappers Configuration Files .................................................................... 53
2.3.3. xinetd .............................................................................................................. 60
2.3.4. xinetd Configuration Files ................................................................................. 60
2.3.5. Additional Resources ....................................................................................... 65
2.4. Virtual Private Networks (VPNs) .................................................................................. 66
2.4.1. How Does a VPN Work? ................................................................................. 67