📄 lsg24.htm
字号:
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>
-->
<LINK REL="ToC" HREF="index.htm">
<LINK REL="Index" HREF="htindex.htm">
<LINK REL="Next" HREF="lsg25.htm">
<A NAME="I0"></A>
<H2>Linux System Administrator's Survival Guide lsg24.htm</H2>
<P ALIGN=LEFT>
<HR ALIGN=CENTER>
<P>
<UL>
<UL>
<UL>
<LI>
<A HREF="#E68E127" >Improving Passwords</A>
<LI>
<A HREF="#E68E128" >Securing Your Files</A>
<LI>
<A HREF="#E68E129" >Controlling Modem Access</A>
<UL>
<LI>
<A HREF="#E69E143" >Callback Modems</A>
<LI>
<A HREF="#E69E144" >Modem-Line Problems</A>
<LI>
<A HREF="#E69E145" >How a Modem Handles a Call</A></UL>
<LI>
<A HREF="#E68E130" >Using UUCP</A>
<LI>
<A HREF="#E68E131" >Controlling Local Area Network Access</A>
<LI>
<A HREF="#E68E132" >Tracking Intruders</A>
<LI>
<A HREF="#E68E133" >Preparing for the Worst</A>
<LI>
<A HREF="#E68E134" >Summary</A></UL></UL></UL>
<HR ALIGN=CENTER>
<A NAME="E66E27"></A>
<H1 ALIGN=CENTER>
<CENTER>
<FONT SIZE=6 COLOR="#FF0000"><B>Chapter 24</B></FONT></CENTER></H1>
<BR>
<A NAME="E67E30"></A>
<H2 ALIGN=CENTER>
<CENTER>
<FONT SIZE=6 COLOR="#FF0000"><B>Security</B></FONT></CENTER></H2>
<BR>
<P>This chapter covers the basics of keeping your system secure. It takes a quick look at the primary defenses you need to protect yourself from unauthorized access through telephone lines (modems), as well as some aspects of network connections. In addition, it explains how to protect your user files and ensure password integrity.
<BR>
<P>This chapter doesn't bother with complex solutions that are difficult to implement because they require a considerable amount of knowledge and apply only to a specific configuration. Instead, it looks at basic security methods, most of which are downright simple and effective.
<BR>
<BR>
<A NAME="E68E127"></A>
<H3 ALIGN=CENTER>
<CENTER>
<FONT SIZE=5 COLOR="#FF0000"><B>Improving Passwords</B></FONT></CENTER></H3>
<BR>
<P>The most commonly used method for breaking into a system either through a network, over a modem connection, or sitting in front of a terminal is through weak passwords. Weak (which means easily guessable) passwords are very common. When system users have such passwords, even the best security systems cannot protect against intrusion.
<BR>
<P>If you are managing a system that has several users, implement a policy requiring users to set their passwords at regular intervals (usually six to eight weeks is a good idea) and to use non-English words. The best passwords are combinations of letters and numbers that are not in the dictionary. Sometimes, though, having a policy against weak passwords isn't enough. You may want to consider forcing stronger password usage by using public domain or commercial software that checks potential passwords for susceptibility. These packages are often available in source code, so you can compile them for Linux without a problem.
<BR>
<P>What makes a strong password (one that is difficult to break)? Here are a few general guidelines that many system administrators adhere to:
<BR>
<UL>
<LI>Avoid using any part of a user's real name and any name from the user's family or pets (these passwords are the easiest to guess).
<BR>
<BR>
<LI>Avoid using important dates (birthdates, wedding day, and so on)in any variation.
<BR>
<BR>
<LI>Avoid numbers or combinations of numbers and letters with special meaning (license plate number, telephone number, special dates, and so on).
<BR>
<BR>
<LI>Avoid any place names or items that may be readily identified with a user (television characters, hobby, and so on)
<BR>
<BR>
<LI>Avoid any word that could be in the dictionary (don't use real words).
<BR>
<BR>
</UL>
<P>Producing a strong password isn't that difficult. Get your users into the habit of mixing letters, numbers, and characters at random. Suppose a user wants to use lionking as a password. Encourage modification to lion!king!, l_ionk_ing, lion5king, or some similar variation. Even a slight variation in a password's normal pattern can make life very difficult for someone trying to guess the password.
<BR>
<BLOCKQUOTE>
<BLOCKQUOTE>
<HR ALIGN=CENTER>
<BR>
<NOTE>Change the root password often and make it very difficult to guess. Once someone has the root password, your system is totally compromised.</NOTE>
<BR>
<HR ALIGN=CENTER>
</BLOCKQUOTE></BLOCKQUOTE>
<P>Check the /etc/passwd file at regular intervals to see whether there are entries you don't recognize that may have been added as a route in to your system. Also make sure each account has a password. Remove any accounts that you don't need anymore.
<BR>
<BR>
<A NAME="E68E128"></A>
<H3 ALIGN=CENTER>
<CENTER>
<FONT SIZE=5 COLOR="#FF0000"><B>Securing Your Files</B></FONT></CENTER></H3>
<BR>
<P>Security begins at the file permission level. Whether you want to protect a file from the prying eyes of an unauthorized invader or another user, carefully set your umask (file creation mask) to set your files for maximum security. You should have to make a conscious effort to share files.
<BR>
<P>Of course, this precaution is really only important if you have more than one user on the system or have to consider hiding information from others. If you are on a system with several users, consider forcing umask settings for everyone that set read-and-write permissions for the user only and give no permissions to anyone else. This procedure is as good as you can get with file security.
<BR>
<P>Consider encrypting really sensitive files (such as accounting or employee information) with a simple utility. Many such programs are available. Most require only a password to trigger the encryption or decryption process.
<BR>
<BR>
<A NAME="E68E129"></A>
<H3 ALIGN=CENTER>
<CENTER>
<FONT SIZE=5 COLOR="#FF0000"><B>Controlling Modem Access</B></FONT></CENTER></H3>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -