Linux Networks And Security: Some Simple Solutions
The Linux operating system has been engineered with everything necessary to allow its use on Linux networks, where it can trade data with other systems. Computers attached to any networks have to operate under very specific protocols, or rules, and network protocols are the rules that the operators of the Linux networks have agreed upon for sending and receiving data from one another. The protocols used by Linux networks during data exchange are really the computer language equivalent of striking up a conversation with someone you've just met. The computers involved will identify themselves and then start sending information and listening for responses, all of which is transported over the network in data "packets." The most common of the network protocols is TCP/IP, or Transmission Control Protocol/Internet Protocol. This is the protocol of choice for use on the Mother of All Networks, the Internet. Linux networks support not only TCP/IP but all network applications which use TCP/IP. Any discussion of Linux networks and the Mother of All Networks would be incomplete without addressing the issue of security. As soon as Linux networks are linked to the Internet, security issues arise. Even a single PC can have its security compromised by an Internet connection, but when internal Linux networks with multiple machines go online, the security threats multiply accordingly. For the administrators of most Linux networks, fortunately, the powers-that-be who control their company's budgets realize the importance of maintaining a secure Internet presences, and will pony up as much as it costs to keep their Linux networks secure. While there is always a temptation to do the minimum, like connecting only the Linux network's external Web and file transfer protocol servers with the Internet, doing so will deprive them of many of the advantages of having the internal networks servers talking to the Web. There are times, for example, when employees on the Linux networks need to access the Internet in order to perform their jobs. The obvious solution to this is to protect the security of Linux networks by placing them behind Internet firewalls and having the company Web server on a secured host. Other methods which the administrators of Linux networks can employ in keeping their company secure are to enable only the necessary Internet services, like email and file transfer. They should be certain secure all the services which they choose to keep. They can teach employees to use the ssh, or secure shell command instead of the rlogin command for remote logins. Beefing up password encryption will remove one of the biggest threats to the security of Linux networks. And one of the best ways to keep on top of the constantly changing security threats is by installing and using vulnerability scanners. Nessus is a free vulnerability scanner which runs natively on Linux networks, and is kept updated at all time. Although Nesses is no longer an open source application, and will charge for its latest Linux networks security plugging, it still offers over eleven thousand free plug-ins for those who register to use it. |
