The process of modifying a Linux system which results in highly secure system is known as hardening. For giving more security to Linux/Unix system, the System Administrator always have to bind themselves so strictly before their system turns into useless. It is necessary for them to seal all the loopholes on which the hackers and crackers or attackers will get through into it. Otherwise, they can get inside the system and will crack the whole system. Therefore, it is very important for the System Administrator to harden the Linux system (Peter Ensdeit, 2007).
The hardening process can be done by disabling the unnecessary services and ports in a Linux/Unix system. For logging inside the Linux machine over a network the system administrator finds easier, which allows them to work remotely during the maintenance of the network. For the high security purpose, the Tel net interactive login should be disabled on which no one can get access once it has been disabled (Syngress, 2007)..
Another step to harden the Linux system will be locking down the ports, which are assigned by the TCP network (example: HTTP, SMTP, POP3, etc). All the ports are assigned with a number called port number, which helps the user to link the incoming data to the right service. The cracker simply sat down in the middle of those ports and servers and in good condition they may crack the system. If these ports are locked then it is very hard for them to get inside (Syngress, 2007).
Similarly, hardening can be done by using proper hardening software into the Linux/Unix system. The latest version of Bastille plays an important role in the process of hardening in Linux/Unix system. It performs all the above steps mentioned like determining the ports, locking and blocking them, disabling the unwanted services onto the server and creating a good environment for the Iptables for the firewall in a Linux/Unix system (Syngress, 2007).
The system administrator should always manage the log files inside the Linux system. By default, the administrator is allowed to see who accesses their system. The Linux offers commands for the system administrator for accessing the log files such as last and lastlog. The logging enhancer’s tools can also be used for hardening the Linux system which simplifies logging in simplified formats (Syngress, 2007).
References:
References:
- Bartosh and Fass 2005. Essential Mac OS X Panther server administration.
- Charlotte Brookes, 2007, IBM system storage Business continuity Solutions overview.
- James Michael Stewart, 2008, Certified information system security professional study guide.
- Jared Allar, 2011, Oracle Solaris 10 password hashes leaked through back-out patch files, retrieved from https://www.kb.cert.org/vuls/id/648244.
- John R. Vacca 2007, Practical internet security, retrieved from https://www.kb.cert.org/vuls/id/362983.
- Mariusz Bardach, 2004, detecting rootkits and kernel-level compromises in Linux, retrieved from http://www.symantec.com/connect/articles/detecting-rootkits-and-kernel-level-compromises-linux
- Microsoft Tech net, 2009, Under standing firewall rules, retrieved from http://technet.microsoft.com/en-us/library/dd421709(WS.10).aspx
- Peter Enseleit, 2007, hardening your system with Bastille Linux, reterived from http://www.linux.com/archive/feed/118353.
- Syngress, 2007, hardening the Operating System, reterived from http://media.techtarget.com/searchEnterpriseLinux/downloads/466_HTC_Linux_02.pdf
- Talking business Continuity, 2008, retrieved from http://www.talkingbusinesscontinuity.com/starting/what-is-business-continuity-management.aspx 5.
- Timothy Rooney, 2011, Ip address management principles and practice, willy –IEEE
- Vugt S. 2007, Beginning Ubuntu Server administrator.
- Will Dorman, 2011, Oracle outside in contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parser , retrieved from https://www.kb.cert.org/vuls/id/520721
No comments:
Post a Comment