Chapter 42. Securing Your Network

Chapter 42. Securing Your Network

Chapter 42. Securing Your Network

42.1. Workstation Security

42.1.1. Evaluating Workstation Security
42.1.2. BIOS and Boot Loader Security
42.1.3. Password Security
42.1.4. Administrative Controls
42.1.5. Available Network Services
42.1.6. Personal Firewalls
42.1.7. Security Enhanced Communication Tools

42.2. Server Security

42.2.1. Securing Services With TCP Wrappers and xinetd
42.2.2. Securing Portmap
42.2.3. Securing NIS
42.2.4. Securing NFS
42.2.5. Securing the Apache HTTP Server
42.2.6. Securing FTP
42.2.7. Securing Sendmail
42.2.8. Verifying Which Ports Are Listening

42.3. Single Sign-on (SSO)

42.3.1. Introduction
42.3.2. Getting Started with your new Smart Card
42.3.3. How Smart Card Enrollment Works
42.3.4. How Smart Card Login Works
42.3.5. Configuring Firefox to use Kerberos for SSO

42.4. Pluggable Authentication Modules (PAM)

42.4.1. Advantages of PAM
42.4.2. PAM Configuration Files
42.4.3. PAM Configuration File Format
42.4.4. Sample PAM Configuration Files
42.4.5. Creating PAM Modules
42.4.6. PAM and Administrative Credential Caching
42.4.7. PAM and Device Ownership
42.4.8. Additional Resources

42.5. TCP Wrappers and xinetd

42.5.1. TCP Wrappers
42.5.2. TCP Wrappers Configuration Files
42.5.3. xinetd
42.5.4. xinetd Configuration Files
42.5.5. Additional Resources

42.6. Kerberos

42.6.1. What is Kerberos?
42.6.2. Kerberos Terminology
42.6.3. How Kerberos Works
42.6.4. Kerberos and PAM
42.6.5. Configuring a Kerberos 5 Server
42.6.6. Configuring a Kerberos 5 Client
42.6.7. Domain-to-Realm Mapping
42.6.8. Setting Up Secondary KDCs
42.6.9. Setting Up Cross Realm Authentication
42.6.10. Additional Resources

42.7. Virtual Private Networks (VPNs)

42.7.1. How Does a VPN Work?
42.7.2. VPNs and Red Hat Enterprise Linux
42.7.3. IPsec
42.7.4. Creating an IPsec Connection
42.7.5. IPsec Installation
42.7.6. IPsec Host-to-Host Configuration
42.7.7. IPsec Network-to-Network Configuration
42.7.8. Starting and Stopping an IPsec Connection

42.8. Firewalls

42.8.1. Netfilter and IPTables
42.8.2. Basic Firewall Configuration
42.8.3. Using IPTables
42.8.4. Common IPTables Filtering
42.8.5. FORWARD and NAT Rules
42.8.6. Malicious Software and Spoofed IP Addresses
42.8.7. IPTables and Connection Tracking
42.8.8. IPv6
42.8.9. Additional Resources

42.9. IPTables

42.9.1. Packet Filtering
42.9.2. Differences Between IPTables and IPChains
42.9.3. Command Options for IPTables
42.9.4. Saving IPTables Rules
42.9.5. IPTables Control Scripts
42.9.6. IPTables and IPv6
42.9.7. Additional Resources

^[15] Since system BIOSes differ between manufacturers, some may not support password protection of either type, while others may support one type but not the other.

^[16] GRUB also accepts unencrypted passwords, but it is recommended that an MD5 hash be used for added security.

^[17] This access is still subject to the restrictions imposed by SELinux, if it is enabled.

^[18] A system where both the client and the server share a common key that is used to encrypt and decrypt network communication.