Red Hat Enterprise Linux 4.5.0

Table of Contents

Introduction

1. Document Conventions

2. More to Come

2.1. Send in Your Feedback

I. A General Introduction to Security

1. Security Overview

1.1. What is Computer Security?

1.1.1. How did Computer Security Come about?

1.1.2. Computer Security Timeline

1.1.3. Security Today

1.1.4. Standardizing Security

1.2. Security Controls

1.2.1. Physical Controls

1.2.2. Technical Controls

1.2.3. Administrative Controls

1.3. Conclusion

2. Attackers and Vulnerabilities

2.1. A Quick History of Hackers

2.1.1. Shades of Grey

2.2. Threats to Network Security

2.2.1. Insecure Architectures

2.3. Threats to Server Security

2.3.1. Unused Services and Open Ports

2.3.2. Unpatched Services

2.3.3. Inattentive Administration

2.3.4. Inherently Insecure Services

2.4. Threats to Workstation and Home PC Security

2.4.1. Bad Passwords

2.4.2. Vulnerable Client Applications

II. Configuring Red Hat Enterprise Linux for Security

3. Security Updates

3.1. Updating Packages

3.1.1. Using Red Hat Network

3.1.2. Using the Red Hat Errata Website

3.1.3. Verifying Signed Packages

3.1.4. Installing Signed Packages

3.1.5. Applying the Changes

4. Workstation Security

4.1. Evaluating Workstation Security

4.2. BIOS and Boot Loader Security

4.2.1. BIOS Passwords

4.2.2. Boot Loader Passwords

4.3. Password Security

4.3.1. Creating Strong Passwords

4.3.2. Creating User Passwords Within an Organization

4.4. Administrative Controls

4.4.1. Allowing Root Access

4.4.2. Disallowing Root Access

4.4.3. Limiting Root Access

4.5. Available Network Services

4.5.1. Risks To Services

4.5.2. Identifying and Configuring Services

4.5.3. Insecure Services

4.6. Personal Firewalls

4.7. Security Enhanced Communication Tools

5. Server Security

5.1. Securing Services With TCP Wrappers and xinetd

5.1.1. Enhancing Security With TCP Wrappers

5.1.2. Enhancing Security With xinetd

5.2. Securing Portmap

5.2.1. Protect portmap With TCP Wrappers

5.2.2. Protect portmap With IPTables

5.3. Securing NIS

5.3.1. Carefully Plan the Network

5.3.2. Use a Password-like NIS Domain Name and Hostname

5.3.3. Edit the /var/yp/securenets File

5.3.4. Assign Static Ports and Use IPTables Rules

5.3.5. Use Kerberos Authentication

5.4. Securing NFS

5.4.1. Carefully Plan the Network

5.4.2. Beware of Syntax Errors

5.4.3. Do Not Use the no_root_squash Option

5.5. Securing the Apache HTTP Server

5.5.1. FollowSymLinks

5.5.2. The Indexes Directive

5.5.3. The UserDir Directive

5.5.4. Do Not Remove the IncludesNoExec Directive

5.5.5. Restrict Permissions for Executable Directories

5.6. Securing FTP

5.6.1. FTP Greeting Banner

5.6.2. Anonymous Access

5.6.3. User Accounts

5.6.4. Use TCP Wrappers To Control Access

5.7. Securing Sendmail

5.7.1. Limiting a Denial of Service Attack

5.7.2. NFS and Sendmail

5.7.3. Mail-only Users

5.8. Verifying Which Ports Are Listening

6. Virtual Private Networks

6.1. VPNs and Red Hat Enterprise Linux

6.2. IPsec

6.3. IPsec Installation

6.4. IPsec Host-to-Host Configuration

6.5. IPsec Network-to-Network configuration

7. Firewalls

7.1. Netfilter and iptables

7.1.1. iptables Overview

7.2. Using iptables

7.2.1. Basic Firewall Policies

7.2.2. Saving and Restoring iptables Rules

7.3. Common iptables Filtering

7.4. FORWARD and NAT Rules

7.4.1. DMZs and iptables

7.5. Viruses and Spoofed IP Addresses

7.6. iptables and Connection Tracking

7.7. ip6tables

7.8. Additional Resources

7.8.1. Installed Documentation

7.8.2. Useful Websites

7.8.3. Related Documentation

III. Assessing Your Security

8. Vulnerability Assessment

8.1. Thinking Like the Enemy

8.2. Defining Assessment and Testing

8.2.1. Establishing a Methodology

8.3. Evaluating the Tools

8.3.1. Scanning Hosts with Nmap

8.3.2. Nessus

8.3.3. Nikto

8.3.4. VLAD the Scanner

8.3.5. Anticipating Your Future Needs

IV. Intrusions and Incident Response

9. Intrusion Detection

9.1. Defining Intrusion Detection Systems

9.1.1. IDS Types

9.2. Host-based IDS

9.2.1. Tripwire

9.2.2. RPM as an IDS

9.2.3. Other Host-based IDSes

9.3. Network-based IDS

9.3.1. Snort

10. Incident Response

10.1. Defining Incident Response

10.2. Creating an Incident Response Plan

10.2.1. The Computer Emergency Response Team (CERT)

10.2.2. Legal Considerations

10.3. Implementing the Incident Response Plan

10.4. Investigating the Incident

10.4.1. Collecting an Evidential Image

10.4.2. Gathering Post-Breach Information

10.5. Restoring and Recovering Resources

10.5.1. Reinstalling the System

10.5.2. Patching the System

10.6. Reporting the Incident

V. Appendixes

A. Hardware and Network Protection

A.1. Secure Network Topologies

A.1.1. Physical Topologies

A.1.2. Transmission Considerations

A.1.3. Wireless Networks

A.1.4. Network Segmentation and DMZs

A.2. Hardware Security

B. Common Exploits and Attacks

C. Common Ports

Index