Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
71727374757677787980
Chapter 2. Securing Your Network
66
/usr/share/doc/tcp_wrappers-<version>/ — This directory contains a README file that
discusses how TCP Wrappers work and the various hostname and host address spoofing risks that
exist.
/usr/share/doc/xinetd-<version>/ — This directory contains a README file that discusses
aspects of access control and a sample.conf file with various ideas for modifying service-specific
configuration files in the /etc/xinetd.d/ directory.
TCP Wrappers and xinetd-related man pages — A number of man pages exist for the various
applications and configuration files involved with TCP Wrappers and xinetd. The following are
some of the more important man pages:
Server Applications
man xinetd — The man page for xinetd.
Configuration Files
man 5 hosts_access — The man page for the TCP Wrappers hosts access control files.
man hosts_options — The man page for the TCP Wrappers options fields.
man xinetd.conf — The man page listing xinetd configuration options.
2.3.5.2. Useful TCP Wrappers Websites
http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial — A thorough tutorial that
discusses many different ways to optimize default xinetd configuration files to meet specific
security goals.
2.3.5.3. Related Books
Hacking Linux Exposed by Brian Hatch, James Lee, and George Kurtz; Osbourne/McGraw-Hill —
An excellent security resource with information about TCP Wrappers and xinetd.
2.4. Virtual Private Networks (VPNs)
Organizations with several satellite offices often connect to each other with dedicated lines for
efficiency and protection of sensitive data in transit. For example, many businesses use frame relay or
Asynchronous Transfer Mode (ATM) lines as an end-to-end networking solution to link one office with
others. This can be an expensive proposition, especially for small to medium sized businesses (SMBs)
that want to expand without paying the high costs associated with enterprise-level, dedicated digital
circuits.
To address this need, Virtual Private Networks (VPNs) were developed. Following the same functional
principles as dedicated circuits, VPNs allow for secured digital communication between two parties (or
networks), creating a Wide Area Network (WAN) from existing Local Area Networks (LANs). Where
it differs from frame relay or ATM is in its transport medium. VPNs transmit over IP using datagrams
as the transport layer, making it a secure conduit through the Internet to an intended destination. Most
free software VPN implementations incorporate open standard encryption methods to further mask
data in transit.
Some organizations employ hardware VPN solutions to augment security, while others use software
or protocol-based implementations. Several vendors provide hardware VPN solutions, such as Cisco,
Nortel, IBM, and Checkpoint. There is a free software-based VPN solution for Linux called FreeS/Wan
that utilizes a standardized Internet Protocol Security (IPsec) implementation. These VPN solutions,
irrespective of whether they are hardware or software based, act as specialized routers that exist
between the IP connection from one office to another.