Chapter 43. Securing Your Network

Chapter 43. Securing Your Network

Chapter 43. Securing Your Network

43.1. Workstation Security

43.1.1. Evaluating Workstation Security
43.1.2. BIOS and Boot Loader Security
43.1.3. Password Security
43.1.4. Administrative Controls
43.1.5. Available Network Services
43.1.6. Personal Firewalls
43.1.7. Security Enhanced Communication Tools

43.2. Server Security

43.2.1. Securing Services With TCP Wrappers and xinetd
43.2.2. Securing Portmap
43.2.3. Securing NIS
43.2.4. Securing NFS
43.2.5. Securing the Apache HTTP Server
43.2.6. Securing FTP
43.2.7. Securing Sendmail
43.2.8. Verifying Which Ports Are Listening

43.3. Single Sign-on (SSO)

43.3.1. Introduction
43.3.2. Getting Started with your new Smart Card
43.3.3. How Smart Card Enrollment Works
43.3.4. How Smart Card Login Works
43.3.5. Configuring Firefox to use Kerberos for SSO

43.4. Pluggable Authentication Modules (PAM)

43.4.1. Advantages of PAM
43.4.2. PAM Configuration Files
43.4.3. PAM Configuration File Format
43.4.4. Sample PAM Configuration Files
43.4.5. Creating PAM Modules
43.4.6. PAM and Administrative Credential Caching
43.4.7. PAM and Device Ownership
43.4.8. Additional Resources

43.5. TCP Wrappers and xinetd

43.5.1. TCP Wrappers
43.5.2. TCP Wrappers Configuration Files
43.5.3. xinetd
43.5.4. xinetd Configuration Files
43.5.5. Additional Resources

43.6. Kerberos

43.6.1. What is Kerberos?
43.6.2. Kerberos Terminology
43.6.3. How Kerberos Works
43.6.4. Kerberos and PAM
43.6.5. Configuring a Kerberos 5 Server
43.6.6. Configuring a Kerberos 5 Client
43.6.7. Domain-to-Realm Mapping
43.6.8. Setting Up Secondary KDCs
43.6.9. Setting Up Cross Realm Authentication
43.6.10. Additional Resources

43.7. Virtual Private Networks (VPNs)

43.7.1. How Does a VPN Work?
43.7.2. VPNs and Red Hat Enterprise Linux
43.7.3. IPsec
43.7.4. Creating an IPsec Connection
43.7.5. IPsec Installation
43.7.6. IPsec Host-to-Host Configuration
43.7.7. IPsec Network-to-Network Configuration
43.7.8. Starting and Stopping an IPsec Connection

43.8. Firewalls

43.8.1. Netfilter and IPTables
43.8.2. Basic Firewall Configuration
43.8.3. Using IPTables
43.8.4. Common IPTables Filtering
43.8.5. FORWARD and NAT Rules
43.8.6. Malicious Software and Spoofed IP Addresses
43.8.7. IPTables and Connection Tracking
43.8.8. IPv6
43.8.9. Additional Resources

43.9. IPTables

43.9.1. Packet Filtering
43.9.2. Differences Between IPTables and IPChains
43.9.3. Command Options for IPTables
43.9.4. Saving IPTables Rules
43.9.5. IPTables Control Scripts
43.9.6. IPTables and IPv6
43.9.7. Additional Resources

^[15] Since system BIOSes differ between manufacturers, some may not support password protection of either type, while others may support one type but not the other.

^[16] GRUB also accepts unencrypted passwords, but it is recommended that an MD5 hash be used for added security.

^[17] This access is still subject to the restrictions imposed by SELinux, if it is enabled.

^[18] A system where both the client and the server share a common key that is used to encrypt and decrypt network communication.