Chapter 4. Workstation Security
43
4.6. Personal Firewalls
Once the necessary network services are configured, it is important to implement a firewall.
Firewalls prevent network packets from accessing the network interface of the system. If a request is
made to a port that is blocked by a firewall, the request will be ignored. If a service is listening on one
of these blocked ports, it will not receive the packets and is effectively disabled. For this reason, care
should be taken when configuring a firewall to block access to ports not in use, while not blocking
access to ports used by configured services.
For most users, the best tools for configuring a simple firewall are the two straight forward, graphical
firewall configuration tools which ship with Red Hat Linux: Security Level Configuration Tool and
GNOME Lokkit.
Both of these tools perform the same task   they create broad
iptables
rules for a general purpose
firewall. The difference between them is in their approach to performing this task. The Security Level
Configuration Tool is a firewall control panel, while GNOME Lokkit presents the user with a series
of questions in a wizard type interface.
For more information about how to use these applications and what options they offer, refer to the
chapter called Basic Firewall Configuration in the Official Red Hat Linux Customization Guide.
For advanced users and server administrators, manually configuring a firewall with
iptables
is likely
the best option. Refer to Chapter 7 for more information. For a comprehensive guide to the
iptables
command, consult the chapter titled Firewalls and
iptables
in the Official Red Hat Linux Reference
Guide.
4.7. Security Enhanced Communication Tools
As the size and popularity of the Internet has grown, so has the threat from communication intercep 
tion. Over the years, tools have been developed to encrypt communications as they are transferred
over the network.
Red Hat Linux ships with two basic tools that use high level, public key cryptography based encryp 
tion algorithms to protect information as it travels over the network.
OpenSSH   A free implementation of the SSH protocol for encrypting network communication.
Gnu Privacy Guard (GPG)   A free implementation of the PGP (Pretty Good Privacy) encryption
application for encrypting data.
OpenSSH is a safer way to access a remote machine and replaces older, unencrypted services like
telnet
and
rsh
. OpenSSH includes a network service called
sshd
and three command line client
applications:
  ssh
  A secure remote console access client.
  scp
  A secure remote copy command.
  sftp
  A secure pseudo ftp client that allows interactive file transfer sessions.
It is highly recommended that any remote communication with Linux systems occur using the SSH
protocol. For more information about OpenSSH, see the chapter titled OpenSSH in the Official Red
Hat Linux Customization Guide. For more information about the SSH Protocol, see the chapter titled
SSH Protocol in the Official Red Hat Linux Reference Guide.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved