11.7 Network Security Tips

Anyone who administers a system connected to the Internet needs to know something about network security. It's not uncommon for systems connected to the Internet to be probed by would-be hackers several times daily. If a would-be hacker manages to detect a vulnerability, the hacker can often exploit it in a matter of seconds. Therefore, it's almost certain that a system administrator ignorant of network security will eventually suffer a system break-in.

Network security is a large and sophisticated topic that can be only cursorily surveyed in a book such as this. Concerned readers should consult books such as the following:

• Building Internet Firewalls, Second Edition, by Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman (O'Reilly)

• Building Secure Servers with Linux, by Michael D. Bauer (O'Reilly).

• Computer Security Basics, by Deborah Russell and G.T. Gangemi, Sr. (O'Reilly)

• Linux Security Cookbook, by Daniel J. Barrett, Richard Silverman, Robert G. Byrnes (O'Reilly).

• Linux Server Hacks, by Rob Flickenger (O'Reilly).

• Practical Unix & Internet Security, 3rd. ed., by Simson Garfinkel, Gene Spafford, and Alan Schwartz (O'Reilly).

• Red Hat Linux Firewalls, by Bill McCarty (Red Hat Press).

If a sufficiently skilled hacker is intent on compromising a system you administer, the hacker will probably succeed. However, here are some tips that can help you avoid falling victim to amateur hackers:

• Use a network or host firewall to prevent outsiders from accessing services you don't need to make publicly available.

• Monitor security web sites and mailing lists so that you're aware of recent threats and the associated countermeasures. The CERT Coordination Center, http://www.cert.org, provides many useful resources.

• Apply bug fixes promptly after Red Hat Network advises you that they are available.