User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE

Security Guide

2.4.2. Openswan ....................................................................................................... 67

2.5. Firewalls .................................................................................................................... 69

2.5.1. Netfilter and IPTables ....................................................................................... 71

2.5.2. Basic Firewall Configuration ............................................................................. 71

2.5.3. Using IPTables ................................................................................................ 74

2.5.4. Common IPTables Filtering .............................................................................. 75

2.5.5. FORWARD and NAT Rules ................................................................................. 76

2.5.6. Malicious Software and Spoofed IP Addresses .................................................. 79

2.5.7. IPTables and Connection Tracking .................................................................... 79

2.5.8. IPv6 ................................................................................................................ 80

2.5.9. Additional Resources ....................................................................................... 80

2.6. IPTables ..................................................................................................................... 81

2.6.1. Packet Filtering ................................................................................................ 81

2.6.2. Command Options for IPTables ........................................................................ 83

2.6.3. Saving IPTables Rules ..................................................................................... 91

2.6.4. IPTables Control Scripts ................................................................................... 92

2.6.5. IPTables and IPv6 ........................................................................................... 94

2.6.6. Additional Resources ....................................................................................... 94

3. Encryption 95

3.1. Data at Rest .............................................................................................................. 95

3.2. Full Disk Encryption .................................................................................................... 95

3.3. File Based Encryption ................................................................................................. 95

3.4. Data in Motion ........................................................................................................... 95

3.5. Virtual Private Networks .............................................................................................. 96

3.6. Secure Shell .............................................................................................................. 96

3.7. OpenSSL PadLock Engine .......................................................................................... 96

3.8. LUKS Disk Encryption ................................................................................................ 97

3.8.1. LUKS Implementation in Red Hat Enterprise Linux ............................................ 97

3.8.2. Manually Encrypting Directories ........................................................................ 98

3.8.3. Step-by-Step Instructions ................................................................................. 98

3.8.4. What you have just accomplished. .................................................................... 99

3.8.5. Links of Interest ............................................................................................... 99

3.9. Using GNU Privacy Guard (GnuPG) ............................................................................ 99

3.9.1. Creating GPG Keys in GNOME ........................................................................ 99

3.9.2. Creating GPG Keys in KDE ............................................................................. 99

3.9.3. Creating GPG Keys Using the Command Line ................................................. 100

3.9.4. About Public Key Encryption .......................................................................... 101

4. General Principles of Information Security 103

4.1. Tips, Guides, and Tools ............................................................................................ 103

5. Secure Installation 105

5.1. Disk Partitions .......................................................................................................... 105

5.2. Utilize LUKS Partition Encryption ............................................................................... 105

6. Software Maintenance 107

6.1. Install Minimal Software ............................................................................................ 107

6.2. Plan and Configure Security Updates ........................................................................ 107

6.3. Adjusting Automatic Updates ..................................................................................... 107

6.4. Install Signed Packages from Well Known Repositories .............................................. 107

7. Federal Standards and Regulations 109

7.1. Introduction .............................................................................................................. 109

7.2. Federal Information Processing Standard (FIPS) ........................................................ 109

7.3. National Industrial Security Program Operating Manual (NISPOM) ............................... 110