With the growing popularity of Internet / Intranet network, using the Linux operating system as a network server users more and more, this is because Linux is open source licensed software free of charge, for another, than Microsoft's Windows NT network operating system is concerned, Linux system has better stability, efficiency and safety. In the large number of applications on Internet / Intranet, the network itself is facing major challenges to security, information security problems have cropped up increasingly prominent. In the United States, according to the US Federal Bureau of Investigation (FBI) announced the US annual economic loss because of network security issues caused by up to $ 7.5 billion, while the global average of every 20 seconds along with Internet computer hacking incident occurred. Generally believed that the computer network system security threats mainly from hacker attacks and computer viruses two aspects. Why so hackers can often succeed in it? The main reason is that many people, especially a lot of network administrators without at least a network security awareness, there is no use for the network operating system, adopt effective security policy and security mechanisms, to the hacker to be take the machine. In China, due to network security research started late, so the network security technology and network security personnel have to be improved and the overall development, this paper hope that a useful analysis and discussion on this issue.
We know that the network operating system is used to manage computer networks in a variety of hardware and software resources, sharing resources, and to provide services to users throughout the network to ensure that a system is a network software system normal operation. How to ensure that the network operating system security, network security lies. Only safe and reliable network operating system, in order to ensure that the entire network security. Therefore, a detailed analysis of the security of Linux systems, it is possible to identify potential safety problems, given appropriate security policies and protection measures are very necessary.
Basic security mechanism Linux network operating system
Linux network operating system provides the user accounts, basic security mechanisms file system permissions and system log files, if these security mechanisms configured incorrectly, it will make the system there is a certain security risk. Therefore, the network system administrator must be careful to set these security mechanisms.
2.1 Linux system user account
In the Linux system, the user account is the user's identity logo, which consists of user name and user password composition. In the Linux system, the system will enter the user name stored in / etc / passwd file, and enter the password in encrypted form stored in / etc / shadow file. Under normal circumstances, these passwords and other information protected by the operating system, can be accessed only superuser (root) and some applications of the operating system. However, if configured incorrectly, or in the case of some systems run error, this information can be obtained ordinary users. Furthermore, malicious users can use a class called "password cracking" tools to get the password before encryption.
2.2 Linux file system permissions
Linux file system security mainly through the setting file permissions to achieve. Every Linux file or directory, there are three groups of attributes are defined owner, user groups and others file or directory permissions (read-only, writable, executable, allowing SUID, SGID, etc. allowed). Special attention, SUID and SGID permissions for the executable file, run the process, the process will give the owner permissions, if hackers find and exploit will cause harm to the system.
2.3 rational use of Linux in the log file
Linux log file to record the entire operating system usage. As a Linux network administrator to make full use of the following log files.
2.3.1 / var / log / lastlog file
Record last into the system the user's information, including login time, login is successful and other information. So long as the user after login lastlog command to check / var / log / lastlog file records the last login time with the account, and then with his record compare with the machine it can be found if the account has been stolen by hackers.
2.3.2 / var / log / secure file
Recording system since the opening of all the user's login time and place, can provide more information to the system administrator.
2.3.3 / var / log / wtmp file
Log on to record the user's system login time, place and logoff time information on current and historical. You can use last command to see if they want to clear the system login information, simply delete the file, the system will generate a new login information.
3, Linux network system may be subject to attacks and security policy
Linux operating system is an open source operating system, and therefore more susceptible to attack from the bottom, the system administrator must have awareness of security of the system to take certain safety measures, so as to improve the security of Linux systems. For system administrators, especially in terms of the Linux network system to find out the possible attack methods, and take the necessary measures to protect their systems.
3.1 Linux network system may be the type of attacks
3.1.1 "denial of service" attack
The so-called "denial of service" attack is the hacker to take destructive method of blocking target network resources to the network temporary or permanent paralysis, making Linux web server can not provide normal services to users. For example, multiple computers elsewhere hackers can use forged source address, or also issued a large number of controlled, continuous TCP / IP requests to the target computer, so that the target server system paralyzed.
3.1.2 "password cracking" attacks
Password security system to defend their own safety first line of defense. "Password cracking" the purpose of the attack is to break the user's password, which can obtain the information resources have been encrypted. For example, a hacker can use high-speed computers, with a dictionary database, try a variety of password combinations until you find a password to enter the system, open network resources.
3.1.3 "trick users" attack
"Deceive the user" refers to the network hacker attack disguised as a company or computer network service provider of engineering and technical personnel, a call to the user, and in due course require the user to enter a password, this is a most difficult users attack, once user password has been compromised, the hacker can use the user's account into the system.