Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux network security strategy     - Java implementation file encryption and decryption (Programming)

- Android basics summary article (Programming)

- Linux disk partition, format, mount the directory (Linux)

- Root of AVL Tree- achieve balanced search trees AVL tree (Programming)

- MySQL multi-master multi-cluster deployment uses alive Galera (Database)

- Java environment to build a number of issues (Linux)

- EChart simple and practical control on chart (Programming)

- JavaScript notes --Objects (Programming)

- Java NIO The Glob mode Detailed (Programming)

- Java memory area (Programming)

- NET Developers need to know some Linux commands (Linux)

- Mounting Windows shared directory system under the Linux (Linux)

- Using Linux command line and execute PHP code (Programming)

- Batch download files using the explorer under Windows Server 2008 R2 (Server)

- Oracle 11g RAC manually playing GI PSU patch (11.2.0.4.8) (Database)

- grub boot error resolution examples (Linux)

- Install OpenGL development environment in Fedora and Ubuntu (Linux)

- PostgreSQL using the system cache to improve operational efficiency (Database)

- Let 32 Linux / CentOS system to support more than 4G memory (Linux)

- Detailed reference Oracle 11g Partition (Database)

 
         
  Linux network security strategy
     
  Add Date : 2018-11-21      
         
         
         
  With the growing popularity of Internet / Intranet network, using the Linux operating system as a network server users more and more, this is because Linux is open source licensed software free of charge, for another, than Microsoft's Windows NT network operating system is concerned, Linux system has better stability, efficiency and safety. In the large number of applications on Internet / Intranet, the network itself is facing major challenges to security, information security problems have cropped up increasingly prominent. In the United States, according to the US Federal Bureau of Investigation (FBI) announced the US annual economic loss because of network security issues caused by up to $ 7.5 billion, while the global average of every 20 seconds along with Internet computer hacking incident occurred. Generally believed that the computer network system security threats mainly from hacker attacks and computer viruses two aspects. Why so hackers can often succeed in it? The main reason is that many people, especially a lot of network administrators without at least a network security awareness, there is no use for the network operating system, adopt effective security policy and security mechanisms, to the hacker to be take the machine. In China, due to network security research started late, so the network security technology and network security personnel have to be improved and the overall development, this paper hope that a useful analysis and discussion on this issue.

We know that the network operating system is used to manage computer networks in a variety of hardware and software resources, sharing resources, and to provide services to users throughout the network to ensure that a system is a network software system normal operation. How to ensure that the network operating system security, network security lies. Only safe and reliable network operating system, in order to ensure that the entire network security. Therefore, a detailed analysis of the security of Linux systems, it is possible to identify potential safety problems, given appropriate security policies and protection measures are very necessary.

Basic security mechanism Linux network operating system

Linux network operating system provides the user accounts, basic security mechanisms file system permissions and system log files, if these security mechanisms configured incorrectly, it will make the system there is a certain security risk. Therefore, the network system administrator must be careful to set these security mechanisms.

2.1 Linux system user account

In the Linux system, the user account is the user's identity logo, which consists of user name and user password composition. In the Linux system, the system will enter the user name stored in / etc / passwd file, and enter the password in encrypted form stored in / etc / shadow file. Under normal circumstances, these passwords and other information protected by the operating system, can be accessed only superuser (root) and some applications of the operating system. However, if configured incorrectly, or in the case of some systems run error, this information can be obtained ordinary users. Furthermore, malicious users can use a class called "password cracking" tools to get the password before encryption.

2.2 Linux file system permissions

Linux file system security mainly through the setting file permissions to achieve. Every Linux file or directory, there are three groups of attributes are defined owner, user groups and others file or directory permissions (read-only, writable, executable, allowing SUID, SGID, etc. allowed). Special attention, SUID and SGID permissions for the executable file, run the process, the process will give the owner permissions, if hackers find and exploit will cause harm to the system.

2.3 rational use of Linux in the log file

Linux log file to record the entire operating system usage. As a Linux network administrator to make full use of the following log files.

2.3.1 / var / log / lastlog file

Record last into the system the user's information, including login time, login is successful and other information. So long as the user after login lastlog command to check / var / log / lastlog file records the last login time with the account, and then with his record compare with the machine it can be found if the account has been stolen by hackers.

2.3.2 / var / log / secure file

Recording system since the opening of all the user's login time and place, can provide more information to the system administrator.

2.3.3 / var / log / wtmp file

Log on to record the user's system login time, place and logoff time information on current and historical. You can use last command to see if they want to clear the system login information, simply delete the file, the system will generate a new login information.

3, Linux network system may be subject to attacks and security policy

Linux operating system is an open source operating system, and therefore more susceptible to attack from the bottom, the system administrator must have awareness of security of the system to take certain safety measures, so as to improve the security of Linux systems. For system administrators, especially in terms of the Linux network system to find out the possible attack methods, and take the necessary measures to protect their systems.

3.1 Linux network system may be the type of attacks

3.1.1 "denial of service" attack

The so-called "denial of service" attack is the hacker to take destructive method of blocking target network resources to the network temporary or permanent paralysis, making Linux web server can not provide normal services to users. For example, multiple computers elsewhere hackers can use forged source address, or also issued a large number of controlled, continuous TCP / IP requests to the target computer, so that the target server system paralyzed.

3.1.2 "password cracking" attacks

Password security system to defend their own safety first line of defense. "Password cracking" the purpose of the attack is to break the user's password, which can obtain the information resources have been encrypted. For example, a hacker can use high-speed computers, with a dictionary database, try a variety of password combinations until you find a password to enter the system, open network resources.

3.1.3 "trick users" attack

"Deceive the user" refers to the network hacker attack disguised as a company or computer network service provider of engineering and technical personnel, a call to the user, and in due course require the user to enter a password, this is a most difficult users attack, once user password has been compromised, the hacker can use the user's account into the system.
     
         
         
         
  More:      
 
- Ubuntu Server security risk checks (Linux)
- Linux operating system Start Tutorial: Xmanager Remote Access Linux graphical interface (Linux)
- Common Linux system performance monitoring command (Linux)
- AngularJS notes --- Data Binding (Programming)
- Oracle Duplicate build DataGuard (Database)
- Java abstract class instantiation (Programming)
- GCC and gfortran write MEX program (Matlab2012a) under Ubuntu 14.04 (Programming)
- OpenSSH version smooth upgrade method (Linux)
- Linux System Tutorial: How to browse the Linux command line, weather forecast (Linux)
- Partition and file system under Linux (Linux)
- System Security: Build Linux with LIDS steel castle (Linux)
- Firewall types and instructions (Linux)
- Spring loaded container finishes executing a method (Programming)
- Scope of variables in Object-C (Programming)
- Use the command line MySQL database backup and recovery (Database)
- ORA-12154: TNS: could not resolve the connect identifier specified solve (Database)
- How to enable fbcon in Debian (Linux)
- Use Visual Studio Code Development TypeScript (Linux)
- Oracle to create an external table (Database)
- Get and Post requests Comments (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.