Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
41424344454647484950
Chapter 2. Securing Your Network
38
firewall). This tool creates broad iptables rules for a general-purpose firewall using a control
panel interface.
Refer to Section 2.5.2, “Basic Firewall Configuration” for more information about using this application
and its available options.
For advanced users and server administrators, manually configuring a firewall with iptables is
probably a better option. Refer to Section 2.5, “Firewalls” for more information. Refer to Section 2.6,
“IPTables” for a comprehensive guide to the iptables command.
2.1.7. Security Enhanced Communication Tools
As the size and popularity of the Internet has grown, so has the threat of communication interception.
Over the years, tools have been developed to encrypt communications as they are transferred over
the network.
Red Hat Enterprise Linux 6 ships with two basic tools that use high-level, public-key-cryptography-
based encryption algorithms to protect information as it travels over the network.
OpenSSH — A free implementation of the SSH protocol for encrypting network communication.
Gnu Privacy Guard (GPG) — A free implementation of the PGP (Pretty Good Privacy) encryption
application for encrypting data.
OpenSSH is a safer way to access a remote machine and replaces older, unencrypted services like
telnet and rsh. OpenSSH includes a network service called sshd and three command line client
applications:
ssh — A secure remote console access client.
scp — A secure remote copy command.
sftp — A secure pseudo-ftp client that allows interactive file transfer sessions.
Refer to Section 3.6, “Secure Shell” for more information regarding OpenSSH.
Important
Although the sshd service is inherently secure, the service must be kept up-to-date to prevent
security threats. Refer to Section 1.5, “Security Updates” for more information.
GPG is one way to ensure private email communication. It can be used both to email sensitive data
over public networks and to protect sensitive data on hard drives.
2.2. Server Security
When a system is used as a server on a public network, it becomes a target for attacks. Hardening the
system and locking down services is therefore of paramount importance for the system administrator.
Before delving into specific issues, review the following general tips for enhancing server security:
Keep all services current, to protect against the latest threats.
Use secure protocols whenever possible.