FOSS se­cu­rity features

OpenSource For You - - ADMIN INSIGHT -

While there are so many dis­tros avail­able with var­i­ous built-in features, I will con­cen­trate on those features that are found in al­most all ver­sions. Some of the features men­tioned be­low are ac­tu­ally open source projects that be­came in­te­gral parts of dis­tros, over time.

Ipt­a­bles: All Linux dis­tros sup­port ipt­a­bles, which is es­sen­tially a truth- ta­ble sort of data­base con­tain­ing in­for­ma­tion that lets the net- fil­ter al­go­rithm de­cide on how to treat a packet. It is a ker­nel mod­ule, re­quir­ing el­e­vated priv­i­leges to con­fig­ure. The work­ing op­er­a­tion of ipt­a­bles is very sim­ple. Each packet is stripped into var­i­ous fields, and the rules from the ta­ble are ap­plied to make a de­ci­sion in terms of let­ting it go ahead, block­ing it, or drop­ping it. For a given server role, ipt­a­bles can be writ­ten only once, by tak­ing into ac­count all the packet ac­cep­tance and re­jec­tion sce­nar­ios, and would rarely be needed to change. While many pro­duc­tion farms use ipt­a­bles to in­tro­duce an ad­di­tional layer of se­cu­rity, it is im­por­tant to note that it puts an ad­di­tional bur­den on the server’s re­sources. Since ev­ery packet is stored tem­po­rar­ily and checked against a set of rules, it needs a con­sid­er­able amount of com­pu­ta­tional power. Hence, ipt­a­bles rules should not be very elab­o­rate, but just ad­e­quate for the given net­work or ap­pli­ca­tion sce­nario. You can learn how to set up ipt­a­bles on Ubuntu Linux, at https:// help. ubuntu. com/ com­mu­nity/ Ipt­a­blesHowTo

Con­nTrack: This is an­other ker­nel-based mod­ule that IDOOV undHU WhH nHW-fiOWHU IUDPH­woUN. AV Dn HxWHnVLon Wo ipt­a­bles, Con­nTrack es­sen­tially tracks the con­nec­tion for all net­work ses­sions. It fur­ther tries to re­late pack­ets that formed a sen­si­ble and suc­cess­ful con­nec­tion. Con­nTrack op­er­ates at Lay­ers 3 and 4, and cre­ates use­ful in­for­ma­tion DEouW HDFh SDFNHW Ey UHDdLng LWV YDULouV fiHOdV. ThLV FDn op­tion­ally be used fur­ther by ipt­a­bles, to im­prove its ef­fec­tive­ness. For ex­am­ple, if the high-level pro­to­col is HTTP, the pack­ets are found to con­tain HTTP head­ers, as well as the ses­sion-based source and des­ti­na­tion IP ad­dress, and ser­vice port in­for­ma­tion. If this data is made avail­able by Con­nTrack, it be­comes easy for ipt­a­bles to al­low those pack­ets with­out delv­ing deep into them, thus sav­ing pre­cious (server) com­pu­ta­tional re­sources. The right ap­proach is to have ipt­a­bles and Con­nTrack to­gether.

Source ad­dress ver­i­fi­ca­tion: One of the se­ri­ous se­cu­rity at­tacks is packet spoof­ing, whereby at­tack­ers mod­ify the source IP ad­dress to fool the des­ti­na­tion host. As a re­sult, it is rather dif­fi­cult to de­tect and stop the spoof­ing at­tack.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.