Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 22
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
5. Step 3: Firewalls and Setting Access Policies
So what is a "firewall"? It's a vague term that can mean anything that acts as a protective barrier between us
and the outside world. This can be a dedicated system, or a specific application that provides this
functionality. Or it can be a combination of components, including various combinations of hardware and
software. Firewalls are built from "rules" that are used to define what is allowed to enter and exit a given
system or network. Let's look at some of the possible components that are readily available for Linux, and
how we might implement a reasonably safe firewalling strategy.
In Step 1 above, we have turned off all services we don't need. In our example, there were a few we still
needed to have running. In this section, we will take the next step here and decide which we need to leave
open to the world. And which we might be able to restrict in some way. If we can block them all, so much the
better, but this is not always practical.
5.1. Strategy
What we want to do now is restrict connections and traffic so that we only allow the minimum necessary for
whatever our particular situation is. In some cases we may want to block all incoming "new" connection
attempts. Example: we want to run X, but don't want anyone from outside to access it, so we'll block it
completely from outside connections. In other situations, we may want to limit, or restrict, incoming
connections to trusted sources only. The more restrictive, the better. Example: we want to ssh into our system
from outside, but we only ever do this from our workplace. So we'll limit sshd connections to our workplace
address range. There are various ways to do this, and we'll look at the most common ones.
We also will not want to limit our firewall to any one application. There is nothing wrong with a
"layered" defense−in−depth approach. Our front line protection will be a packet filter −− either ipchains or
iptables (see below). Then we can use additional tools and mechanisms to reinforce our firewall.
We will include some brief examples. Our rule of thumb will be to deny everything as the default policy, then
open up just what we need. We'll try to keep this as simple as possible since it can be an involved and
complex topic, and just stick to some of the most basic concepts. See the Links section for further reading on
this topic.
5.2. Packet Filters −− Ipchains and Iptables
"Packet filters" (like ipchains) have the ability to look at individual packets, and make decisions based on
what they find. These can be used for many purposes. One common purpose is to implement a firewall.
Common packet filters on Linux are ipchains which is standard with 2.2 kernels, and iptables which is
available with the more recent 2.4 kernels. iptables has more advanced packet filtering capabilities and is
recommended for anyone running a 2.4 kernel. But either can be effective for our purposes. ipfwadm is a
similar utility for 2.0 kernels (not discussed here).
If constructing your own ipchains or iptables firewall rules seems a bit daunting, there are various sites that
can automate the process. See the Links section. Also the included examples may be used as a starting point.
As of Red Hat 7.1, Red Hat is providing init scripts for ipchains and iptables, and gnome−lokkit for
5. Step 3: Firewalls and Setting Access Policies 19
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.018 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale