Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux network security strategy     - Oracle study notes view (Database)

- Linux script commands - terminal recorder (Linux)

- About Leetcode on Binary Tree Algorithm summary (Programming)

- Linux 64-bit porting (Programming)

- error 1819 (HY000): your password does not satisfy the current policy requirements (Database)

- RHEL 6.5 x86_64 CentOS yum configuration source (Linux)

- Ubuntu 14.04 can be used to create a WIFI hotspot for Android (Linux)

- Debian (Wheezy) were installed wxPython GUI development (Linux)

- Linux cron job (Linux)

- Linux, modify / retrieve the root password (Linux)

- Java JDK has been able to compile without warning (Programming)

- Automatic and Manual Proxy Settings Switch GNOME Shell Extension Proxy Switcher Recommend (Linux)

- Installation configuration CUDA under Ubuntu 14.04 (Linux)

- Xshell configure SSH free password (Server)

- Linux Samba server-side structures and the use of the client (Server)

- Linux dmidecode command detail (Linux)

- MySQL performance comparison of large amounts of data storage (Database)

- How to install the client sqlplus under linux (Database)

- Some security configuration of Linux systems (Linux)

- Stunning exclamation point at the Linux command line (Linux)

 
         
  Linux network security strategy
     
  Add Date : 2018-11-21      
         
         
         
  With the growing popularity of Internet / Intranet network, using the Linux operating system as a network server users more and more, this is because Linux is open source licensed software free of charge, for another, than Microsoft's Windows NT network operating system is concerned, Linux system has better stability, efficiency and safety. In the large number of applications on Internet / Intranet, the network itself is facing major challenges to security, information security problems have cropped up increasingly prominent. In the United States, according to the US Federal Bureau of Investigation (FBI) announced the US annual economic loss because of network security issues caused by up to $ 7.5 billion, while the global average of every 20 seconds along with Internet computer hacking incident occurred. Generally believed that the computer network system security threats mainly from hacker attacks and computer viruses two aspects. Why so hackers can often succeed in it? The main reason is that many people, especially a lot of network administrators without at least a network security awareness, there is no use for the network operating system, adopt effective security policy and security mechanisms, to the hacker to be take the machine. In China, due to network security research started late, so the network security technology and network security personnel have to be improved and the overall development, this paper hope that a useful analysis and discussion on this issue.

We know that the network operating system is used to manage computer networks in a variety of hardware and software resources, sharing resources, and to provide services to users throughout the network to ensure that a system is a network software system normal operation. How to ensure that the network operating system security, network security lies. Only safe and reliable network operating system, in order to ensure that the entire network security. Therefore, a detailed analysis of the security of Linux systems, it is possible to identify potential safety problems, given appropriate security policies and protection measures are very necessary.

Basic security mechanism Linux network operating system

Linux network operating system provides the user accounts, basic security mechanisms file system permissions and system log files, if these security mechanisms configured incorrectly, it will make the system there is a certain security risk. Therefore, the network system administrator must be careful to set these security mechanisms.

2.1 Linux system user account

In the Linux system, the user account is the user's identity logo, which consists of user name and user password composition. In the Linux system, the system will enter the user name stored in / etc / passwd file, and enter the password in encrypted form stored in / etc / shadow file. Under normal circumstances, these passwords and other information protected by the operating system, can be accessed only superuser (root) and some applications of the operating system. However, if configured incorrectly, or in the case of some systems run error, this information can be obtained ordinary users. Furthermore, malicious users can use a class called "password cracking" tools to get the password before encryption.

2.2 Linux file system permissions

Linux file system security mainly through the setting file permissions to achieve. Every Linux file or directory, there are three groups of attributes are defined owner, user groups and others file or directory permissions (read-only, writable, executable, allowing SUID, SGID, etc. allowed). Special attention, SUID and SGID permissions for the executable file, run the process, the process will give the owner permissions, if hackers find and exploit will cause harm to the system.

2.3 rational use of Linux in the log file

Linux log file to record the entire operating system usage. As a Linux network administrator to make full use of the following log files.

2.3.1 / var / log / lastlog file

Record last into the system the user's information, including login time, login is successful and other information. So long as the user after login lastlog command to check / var / log / lastlog file records the last login time with the account, and then with his record compare with the machine it can be found if the account has been stolen by hackers.

2.3.2 / var / log / secure file

Recording system since the opening of all the user's login time and place, can provide more information to the system administrator.

2.3.3 / var / log / wtmp file

Log on to record the user's system login time, place and logoff time information on current and historical. You can use last command to see if they want to clear the system login information, simply delete the file, the system will generate a new login information.

3, Linux network system may be subject to attacks and security policy

Linux operating system is an open source operating system, and therefore more susceptible to attack from the bottom, the system administrator must have awareness of security of the system to take certain safety measures, so as to improve the security of Linux systems. For system administrators, especially in terms of the Linux network system to find out the possible attack methods, and take the necessary measures to protect their systems.

3.1 Linux network system may be the type of attacks

3.1.1 "denial of service" attack

The so-called "denial of service" attack is the hacker to take destructive method of blocking target network resources to the network temporary or permanent paralysis, making Linux web server can not provide normal services to users. For example, multiple computers elsewhere hackers can use forged source address, or also issued a large number of controlled, continuous TCP / IP requests to the target computer, so that the target server system paralyzed.

3.1.2 "password cracking" attacks

Password security system to defend their own safety first line of defense. "Password cracking" the purpose of the attack is to break the user's password, which can obtain the information resources have been encrypted. For example, a hacker can use high-speed computers, with a dictionary database, try a variety of password combinations until you find a password to enter the system, open network resources.

3.1.3 "trick users" attack

"Deceive the user" refers to the network hacker attack disguised as a company or computer network service provider of engineering and technical personnel, a call to the user, and in due course require the user to enter a password, this is a most difficult users attack, once user password has been compromised, the hacker can use the user's account into the system.
     
         
         
         
  More:      
 
- Linux System Administrator Network Security Experience (Linux)
- MongoDB 3.2 to upgrade from 3.0.7 (Database)
- After reloading the cinder-volume OpenStack not start properly (Server)
- Android memory optimization of the optimal load Bitmap (Linux)
- VirtualBox virtual machine can not start to solve under Ubuntu (Linux)
- To disable the function by pressing Ctrl-Alt-Del to restart the system in RHEL / CentOS 5/6 (Linux)
- Linux remote wake the computer original code [C] (Linux)
- shell script error dirname: invalid option - b (Database)
- The Zabbix2.4.5 source compiler installation under Ubuntu 14.04 (Server)
- Linux Oracle delete archived logs (Database)
- Use LVM partition on Ubuntu and easily adjust the snapshot (Linux)
- Java data structures - order linear form of table ArrayList (Programming)
- ORA-01000 Solution (Database)
- Run two MySQL service on one server (Database)
- JavaScript object - Flexible and dangerous (Programming)
- How a lot of blocking malicious IP address in Linux (Linux)
- Oracle to use full-text indexing (Database)
- How Vim playing a mature IDE (Linux)
- CentOS 5.8 (64) Python 2.7.5 installation error resolved (Linux)
- Win7 + Ubuntu Kylin + CentOS 6.5 installed three systems (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.