As I write this article at the same time, somewhere in the world, and perhaps there is a computer in his home the first time you install release Linux. A new Linux administrators by their families and friends set up an account to make the system up and running. Perhaps not long after the initial installation is complete, the Linux system this will be very grateful to access high-speed DSL Internet.
Still vulnerable to attack
Today, almost all the available linux release loopholes in terms of security, in which most of the vulnerability is easily scored, but unfortunately by usages and practices, they are open. A typical installation of Linux when you first start to provide a wide variety of services that can be attacked, such as SHELL, IMAP and POP3. These services are often idle their users need to be used as an entry point to break the system, not only Linux limitations - well-weathered commercial UNIX also provide such services, but will also be a breakthrough.
Do not complain and blame the new system of locks (professional argument sturdy system) is very important. Believe it or not, a Linux system is robust process does not require too many system security expertise. In fact, you can in 5 minutes you can put unreliability Ninety percent of the masked.
Before starting rugged system, you should ask yourself the role of the machine used to comfort and access to the Internet. You have to carefully determine the service provided by the entire world, if you are not sure, it is best to do nothing. Clear understanding of their security strategy is very important. To decide on your own system using what is acceptable and what is unacceptable.
The goal of this article is an example of the machine as a workstation to send and receive mail, read news, browse the web, and so on.
Establishing Web services security
First, the superuser (root) login to the system to see with netstat command (which is standard on most Linux systems network tools) about the current state of the network, such as the output result is:
root @ percy /] # netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *: imap2 *: * LISTEN
tcp 0 0 *: pop-3 *: * LISTEN
tcp 0 0 *: linuxconf *: * LISTEN
tcp 0 0 *: auth *: * LISTEN
tcp 0 0 *: finger *: * LISTEN
tcp 0 0 *: login *: * LISTEN
tcp 0 0 *: shell *: * LISTEN
tcp 0 0 *: telnet *: * LISTEN
tcp 0 0 *: ftp *: * LISTEN
tcp 0 0 *: 6000 *: * LISTEN
udp 0 0 *: ntalk *: *
udp 0 0 *: talk *: *
udp 0 0 *: xdmcp *: *
raw 0 0 *: icmp *: * 7
raw 0 0 *: tcp *: * 7