12.7 Network Security Tips

Anyone who administers a system connected to the Internet needs to know something about network security. It's not uncommon for systems connected to the Internet to be probed by would-be hackers several times daily. If a would-be hacker manages to detect a vulnerability, the hacker can often exploit it in a matter of seconds. Therefore, it's almost certain that a system administrator ignorant of network security will eventually suffer a system break-in.

Network security is a large and sophisticated topic that can be only cursorily surveyed in a book such as this. Concerned readers should consult books such as Building Internet Firewalls, by Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman (O'Reilly & Associates, Inc.); Computer Security Basics, by Deborah Russell and G.T. Gangemi, Sr. (O'Reilly); and Practical Unix & Internet Security, by Simson Garfinkel and Gene Spafford (O'Reilly).

If a sufficiently skilled hacker is intent on compromising a system you administer, the hacker will probably succeed. However, here are some tips that can help you avoid falling victim to amateur hackers:

• Establish a firewall that prevents outsiders from accessing services you don't need to make publicly available.

• Monitor security web sites and mailing lists so that you're aware of recent threats and the associated countermeasures. The CERT Coordination Center, http://www.cert.org, provides many useful resources.

• Apply bug fixes promptly, particularly those related to security. See Red Hat's errata page, http://www.redhat.com/support/errata/rh8-errata.html, for applicable fixes. To be informed of Red Hat Linux fixes when they're released, subscribe to Red Hat Network or the redhat-watch-list email list. To subscribe to Red Hat Network, visit http://rhn.redhat.com. To subscribe to the email list, visit https://listman.redhat.com/mailman/listinfo/.