Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux network security strategy     - Oracle Data Pump Example (Database)

- Notebook computer forget password solution (Linux)

- 10 important Linux ps command combat (Linux)

- Java enum use (Programming)

- Use chattr and lsattr command to manage linux files and directory attributes (Linux)

- Squid proxy server (Server)

- Oracle PLS-00231 error analysis (Database)

- Debian 8 (amd64) installation deployment Memcached management tools MemAdmin (Server)

- ORA-27054 NFS problem solving (Database)

- CentOS 6.6 running level (Linux)

- Orabbix binding Python send graphical reports (Linux)

- Linux file permissions to modify the command: chmod (Linux)

- Ubuntu 14.04 VirtualBox can not start solution (Linux)

- Analysis of Java exception (Programming)

- VMware difference in three network connection (Linux)

- KVM virtualization of nested virtualization (Linux)

- Redis 3.0.3 Cluster Setup (Database)

- Installation of Python2.7.8 and iPython under CentOS6.5 (Linux)

- Getting Started with Linux system to learn: how to check memory usage of Linux (Linux)

- Linux Network Programming --TCP and UDP datagram type Explanation (Programming)

 
         
  Linux network security strategy
     
  Add Date : 2018-11-21      
         
         
         
  With the growing popularity of Internet / Intranet network, using the Linux operating system as a network server users more and more, this is because Linux is open source licensed software free of charge, for another, than Microsoft's Windows NT network operating system is concerned, Linux system has better stability, efficiency and safety. In the large number of applications on Internet / Intranet, the network itself is facing major challenges to security, information security problems have cropped up increasingly prominent. In the United States, according to the US Federal Bureau of Investigation (FBI) announced the US annual economic loss because of network security issues caused by up to $ 7.5 billion, while the global average of every 20 seconds along with Internet computer hacking incident occurred. Generally believed that the computer network system security threats mainly from hacker attacks and computer viruses two aspects. Why so hackers can often succeed in it? The main reason is that many people, especially a lot of network administrators without at least a network security awareness, there is no use for the network operating system, adopt effective security policy and security mechanisms, to the hacker to be take the machine. In China, due to network security research started late, so the network security technology and network security personnel have to be improved and the overall development, this paper hope that a useful analysis and discussion on this issue.

We know that the network operating system is used to manage computer networks in a variety of hardware and software resources, sharing resources, and to provide services to users throughout the network to ensure that a system is a network software system normal operation. How to ensure that the network operating system security, network security lies. Only safe and reliable network operating system, in order to ensure that the entire network security. Therefore, a detailed analysis of the security of Linux systems, it is possible to identify potential safety problems, given appropriate security policies and protection measures are very necessary.

Basic security mechanism Linux network operating system

Linux network operating system provides the user accounts, basic security mechanisms file system permissions and system log files, if these security mechanisms configured incorrectly, it will make the system there is a certain security risk. Therefore, the network system administrator must be careful to set these security mechanisms.

2.1 Linux system user account

In the Linux system, the user account is the user's identity logo, which consists of user name and user password composition. In the Linux system, the system will enter the user name stored in / etc / passwd file, and enter the password in encrypted form stored in / etc / shadow file. Under normal circumstances, these passwords and other information protected by the operating system, can be accessed only superuser (root) and some applications of the operating system. However, if configured incorrectly, or in the case of some systems run error, this information can be obtained ordinary users. Furthermore, malicious users can use a class called "password cracking" tools to get the password before encryption.

2.2 Linux file system permissions

Linux file system security mainly through the setting file permissions to achieve. Every Linux file or directory, there are three groups of attributes are defined owner, user groups and others file or directory permissions (read-only, writable, executable, allowing SUID, SGID, etc. allowed). Special attention, SUID and SGID permissions for the executable file, run the process, the process will give the owner permissions, if hackers find and exploit will cause harm to the system.

2.3 rational use of Linux in the log file

Linux log file to record the entire operating system usage. As a Linux network administrator to make full use of the following log files.

2.3.1 / var / log / lastlog file

Record last into the system the user's information, including login time, login is successful and other information. So long as the user after login lastlog command to check / var / log / lastlog file records the last login time with the account, and then with his record compare with the machine it can be found if the account has been stolen by hackers.

2.3.2 / var / log / secure file

Recording system since the opening of all the user's login time and place, can provide more information to the system administrator.

2.3.3 / var / log / wtmp file

Log on to record the user's system login time, place and logoff time information on current and historical. You can use last command to see if they want to clear the system login information, simply delete the file, the system will generate a new login information.

3, Linux network system may be subject to attacks and security policy

Linux operating system is an open source operating system, and therefore more susceptible to attack from the bottom, the system administrator must have awareness of security of the system to take certain safety measures, so as to improve the security of Linux systems. For system administrators, especially in terms of the Linux network system to find out the possible attack methods, and take the necessary measures to protect their systems.

3.1 Linux network system may be the type of attacks

3.1.1 "denial of service" attack

The so-called "denial of service" attack is the hacker to take destructive method of blocking target network resources to the network temporary or permanent paralysis, making Linux web server can not provide normal services to users. For example, multiple computers elsewhere hackers can use forged source address, or also issued a large number of controlled, continuous TCP / IP requests to the target computer, so that the target server system paralyzed.

3.1.2 "password cracking" attacks

Password security system to defend their own safety first line of defense. "Password cracking" the purpose of the attack is to break the user's password, which can obtain the information resources have been encrypted. For example, a hacker can use high-speed computers, with a dictionary database, try a variety of password combinations until you find a password to enter the system, open network resources.

3.1.3 "trick users" attack

"Deceive the user" refers to the network hacker attack disguised as a company or computer network service provider of engineering and technical personnel, a call to the user, and in due course require the user to enter a password, this is a most difficult users attack, once user password has been compromised, the hacker can use the user's account into the system.
     
         
         
         
  More:      
 
- Hazelcast integration with MongoDB (Database)
- The sublime into IDE (Linux)
- Oracle EBS R12 for Linux installation (Database)
- How to modify the SQL Server auto-increment value and the corresponding solution (Database)
- Oracle ordinary users show parameter method (Database)
- DataGuard Standby backup error RMAN-06820 ORA-17629 to solve (Database)
- Hackers is how the invasion and control of Things devices? (Linux)
- Web server security policy (Linux)
- Ubuntu user use PPA to install Uget 2.0.5 (Linux)
- Java regular expressions examples (Programming)
- Linux see whether there is a hacker program (Linux)
- How to use the on-screen keyboard in Linux (Linux)
- Oracle 11g upgrade PSU detailed steps (Database)
- RabbitMQ tutorial examples: the Hello RabbitMQ World Java realization (Linux)
- Docker use Dockerfile created since the launch of the service support SSH container mirror (Server)
- C ++ Supplements - malloc free and new delete the same and different (Programming)
- Spring multi data source configuration (Programming)
- Java memory-mapped file MappedByteBuffer (Programming)
- OpenResty load balancing MySQL (Database)
- Fedora 22 how to play rmvb mp4 mkv video files (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.