Keeping crackers out of your system can be a full-time job, particularly if you run computers that are fully exposed to the Internet. Fortunately, assorted tools and techniques exist to help insulate your system from harm. Several of these tools—packet-filter firewalls, TCP Wrappers, and xinetd security settings—limit servers' (and, in the case of firewalls, clients') exposure to potentially malicious access attempts. If a server doesn't receive a malicious packet, the server can't be harmed by it. Another layer of defense lies in a chroot jail, which is a way of insulating a server from the rest of the Linux system. A server running in a chroot jail is less likely to be able to do any harm to the system than is a server running in a more conventional manner. Of course, none of these measures is perfect, which is why you should remain vigilant to signs of intrusion, as described in the next chapter, "Detecting Intruders."

Team LiB

0 0

Post a comment