Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 46
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
8. Appendix
8.1. Servers, Ports, and Packets
Let's take a quick, non−technical look at some networking concepts, and how they can potentially impact our
own security. We don't need to know much about networking, but a general idea of how things work is
certainly going to help us with firewalls and other related issues.
As you may have noticed Linux is a very network oriented Operating System. Much is done by connecting to
"servers" of one type or another −− X servers, font servers, print servers, etc.
Servers provide "services", which provide various capabilities, both to the local system and potentially other
remote systems. The same server generally provides both functionalities. Some servers work quietly behind
the scenes, and others are more interactive by nature. We may only be aware of a print server when we need
to print something, but it is there running, listening, and waiting for connection requests whether we ever use
it or not (assuming of course we have it enabled). A typical Linux installation will have many, many types of
servers available to it. Default installations often will turn some of these "on".
And even if we are not connected to a real network all the time, we are still "networked" so to speak. Take
our friendly local X server for instance. We may tend to think of this as just providing a GUI interface, which
is only true to a point. It does this by "serving" to client applications, and thus is truly a server. But X
Windows is also capable of serving remote clients over a network −− even large networks like the Internet.
Though we probably don't really want to be doing this ;−)
And yes, if you are not running a firewall or have not taken other precautions, and are connected to the
Internet, it is quite possible that someone −− anyone −− could connect to your X server. X11 "listens" on
TCP "port" 6000 by default. This principle applies to most other servers as well −− they can be easily
connected to, unless something is done to restrict or prevent connections.
In TCP/IP (Transmission Control Protocol/Internet Protocol) networks like we are talking about with Linux
and the Internet, every connected computer has a unique "IP Address". Think of this like a phone number.
You have a phone number, and in order to call someone else, you have to know that phone number, and then
dial it. The phone numbers have to be unique for the system to work. IP address are generally expressed as
"dotted quad" notation, e.g. 152.19.254.81.
On this type of network, servers are said to "listen". This means that they have a "port" opened, and are
awaiting incoming connections to that port. Connections may be local, as is typically the case with our X
server, or remote −− meaning from another computer "somewhere". So servers "listen" on a specific
"port" for incoming connections. Most servers have a default port, such as port 80 for web servers. Or 6000
for X11. See /etc/services for a list of common ports and their associated service.
The "port" is actually just an address in the kernel's networking stack, and is a method that TCP, and other
protocols, use to organize connections and the exchange of data between computers. There are total of 65,536
TCP and UDP ports available, though usually only a relatively few of these are used at any one time. These
are classified as "privileged", those ports below 1024, and "unprivileged", 1024 and above. Most servers use
the privileged ports.
Only one server may listen on, or "bind" to, a port at a time. Though that server may well be able to open
multiple connections via that one port. Computers talk to each other via these "port" connections. One
8. Appendix 43
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.020 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale