Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux network security strategy     - How to use GRUB2 files directly from the hard disk to run ISO (Linux)

- Install RAID 6 (Striping double distributed parity) (Linux)

- STL source code analysis - iterator each container classification (Programming)

- Linux raw socket (Programming)

- OGG-01496 OGG-01031 Error Resolution (Database)

- How to install Git client in Ubuntu (Linux)

- To use Java arrays implement the order form (Programming)

- Linux System Getting Started Learning: In RedHat Linux driver compiled Ixgbe (Linux)

- Linux shared libraries .so file name and Dynamic Link (Linux)

- Android studio multi-channel ultra-compact version of the package (Programming)

- Android shutdown (reboot) process (Programming)

- Spacewalk Linux system configuration and installation (Linux)

- VMware installed Linux system and JDK deployment (Linux)

- CentOS-based Kickstart automated installation practice (Linux)

- Dual system Linux (Ubuntu) into the Windows NTFS partition's mount error (Linux)

- Linux bash: scp: command not found the problem (Linux)

- Linux initialization init systems - Systemd (Linux)

- How common Linux automation tasks (Server)

- Zabbix monitoring tool deployment under Ubuntu server (Server)

- LVM basic concepts, management (Linux)

 
         
  Linux network security strategy
     
  Add Date : 2018-11-21      
         
         
         
  With the growing popularity of Internet / Intranet network, using the Linux operating system as a network server users more and more, this is because Linux is open source licensed software free of charge, for another, than Microsoft's Windows NT network operating system is concerned, Linux system has better stability, efficiency and safety. In the large number of applications on Internet / Intranet, the network itself is facing major challenges to security, information security problems have cropped up increasingly prominent. In the United States, according to the US Federal Bureau of Investigation (FBI) announced the US annual economic loss because of network security issues caused by up to $ 7.5 billion, while the global average of every 20 seconds along with Internet computer hacking incident occurred. Generally believed that the computer network system security threats mainly from hacker attacks and computer viruses two aspects. Why so hackers can often succeed in it? The main reason is that many people, especially a lot of network administrators without at least a network security awareness, there is no use for the network operating system, adopt effective security policy and security mechanisms, to the hacker to be take the machine. In China, due to network security research started late, so the network security technology and network security personnel have to be improved and the overall development, this paper hope that a useful analysis and discussion on this issue.

We know that the network operating system is used to manage computer networks in a variety of hardware and software resources, sharing resources, and to provide services to users throughout the network to ensure that a system is a network software system normal operation. How to ensure that the network operating system security, network security lies. Only safe and reliable network operating system, in order to ensure that the entire network security. Therefore, a detailed analysis of the security of Linux systems, it is possible to identify potential safety problems, given appropriate security policies and protection measures are very necessary.

Basic security mechanism Linux network operating system

Linux network operating system provides the user accounts, basic security mechanisms file system permissions and system log files, if these security mechanisms configured incorrectly, it will make the system there is a certain security risk. Therefore, the network system administrator must be careful to set these security mechanisms.

2.1 Linux system user account

In the Linux system, the user account is the user's identity logo, which consists of user name and user password composition. In the Linux system, the system will enter the user name stored in / etc / passwd file, and enter the password in encrypted form stored in / etc / shadow file. Under normal circumstances, these passwords and other information protected by the operating system, can be accessed only superuser (root) and some applications of the operating system. However, if configured incorrectly, or in the case of some systems run error, this information can be obtained ordinary users. Furthermore, malicious users can use a class called "password cracking" tools to get the password before encryption.

2.2 Linux file system permissions

Linux file system security mainly through the setting file permissions to achieve. Every Linux file or directory, there are three groups of attributes are defined owner, user groups and others file or directory permissions (read-only, writable, executable, allowing SUID, SGID, etc. allowed). Special attention, SUID and SGID permissions for the executable file, run the process, the process will give the owner permissions, if hackers find and exploit will cause harm to the system.

2.3 rational use of Linux in the log file

Linux log file to record the entire operating system usage. As a Linux network administrator to make full use of the following log files.

2.3.1 / var / log / lastlog file

Record last into the system the user's information, including login time, login is successful and other information. So long as the user after login lastlog command to check / var / log / lastlog file records the last login time with the account, and then with his record compare with the machine it can be found if the account has been stolen by hackers.

2.3.2 / var / log / secure file

Recording system since the opening of all the user's login time and place, can provide more information to the system administrator.

2.3.3 / var / log / wtmp file

Log on to record the user's system login time, place and logoff time information on current and historical. You can use last command to see if they want to clear the system login information, simply delete the file, the system will generate a new login information.

3, Linux network system may be subject to attacks and security policy

Linux operating system is an open source operating system, and therefore more susceptible to attack from the bottom, the system administrator must have awareness of security of the system to take certain safety measures, so as to improve the security of Linux systems. For system administrators, especially in terms of the Linux network system to find out the possible attack methods, and take the necessary measures to protect their systems.

3.1 Linux network system may be the type of attacks

3.1.1 "denial of service" attack

The so-called "denial of service" attack is the hacker to take destructive method of blocking target network resources to the network temporary or permanent paralysis, making Linux web server can not provide normal services to users. For example, multiple computers elsewhere hackers can use forged source address, or also issued a large number of controlled, continuous TCP / IP requests to the target computer, so that the target server system paralyzed.

3.1.2 "password cracking" attacks

Password security system to defend their own safety first line of defense. "Password cracking" the purpose of the attack is to break the user's password, which can obtain the information resources have been encrypted. For example, a hacker can use high-speed computers, with a dictionary database, try a variety of password combinations until you find a password to enter the system, open network resources.

3.1.3 "trick users" attack

"Deceive the user" refers to the network hacker attack disguised as a company or computer network service provider of engineering and technical personnel, a call to the user, and in due course require the user to enter a password, this is a most difficult users attack, once user password has been compromised, the hacker can use the user's account into the system.
     
         
         
         
  More:      
 
- C ++ free store and heap (Programming)
- Apache POI Excel Document Processing (Linux)
- PL / SQL in forall simple test (Database)
- XenServer virtual machines installed in dual-card configuration (Server)
- Let Mac OS X dedicated high-speed mobile hard disk can also be read in Linux (Linux)
- Arrow keys, backspace key garbled in Python-2.7.5 Interactive Mode under CentOS 5.8 (Linux)
- CentOS7 installation hardware monitoring for Zabbix enterprise applications (Server)
- The YUM package management under Linux (Linux)
- CentOS 6.5 Telnet SecureCRT use management tools (Linux)
- Python exception summary (Programming)
- Hadoop vs spark (Server)
- CentOS 6.4 installation environment to build Scrapy 0.22 (Linux)
- Linux System Getting Started Learning: the Linux Wireshark interface dead solve (Linux)
- Installation Strongswan: on a Linux IPsec-based VPN tool (Linux)
- Linux system performance tuning of Analysis (Linux)
- 29 practical examples Linux system / network administrator of nmap (Linux)
- Use the command line MySQL database backup and recovery (Database)
- Ubuntu 14.04.1 LTS compile and install the new kernel (Linux)
- Java Concurrency: synchronized (Programming)
- a virtual machine created migrated to host RHEL6.4 on Ubuntu 14.04 (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.