Chapter 4. Workstation Security


43


4.6. Personal Firewalls


Once the necessary network services are configured, it is important to implement a firewall.


Firewalls prevent network packets from accessing the network interface of the system. If a request is


made to a port that is blocked by a firewall, the request will be ignored. If a service is listening on one


of these blocked ports, it will not receive the packets and is effectively disabled. For this reason, care


should be taken when configuring a firewall to block access to ports not in use, while not blocking


access to ports used by configured services.


For most users, the best tools for configuring a simple firewall are the two straight forward, graphical


firewall configuration tools which ship with Red Hat Linux: Security Level Configuration Tool and


GNOME Lokkit.


Both of these tools perform the same task   they create broad


iptables


rules for a general purpose


firewall. The difference between them is in their approach to performing this task. The Security Level


Configuration Tool is a firewall control panel, while GNOME Lokkit presents the user with a series


of questions in a wizard type interface.


For more information about how to use these applications and what options they offer, refer to the


chapter called Basic Firewall Configuration in the Official Red Hat Linux Customization Guide.


For advanced users and server administrators, manually configuring a firewall with


iptables


is likely


the best option. Refer to Chapter 7 for more information. For a comprehensive guide to the


iptables


command, consult the chapter titled Firewalls and


iptables


in the Official Red Hat Linux Reference


Guide.


4.7. Security Enhanced Communication Tools


As the size and popularity of the Internet has grown, so has the threat from communication intercep 


tion. Over the years, tools have been developed to encrypt communications as they are transferred


over the network.


Red Hat Linux ships with two basic tools that use high level, public key cryptography based encryp 


tion algorithms to protect information as it travels over the network.


OpenSSH   A free implementation of the SSH protocol for encrypting network communication.


Gnu Privacy Guard (GPG)   A free implementation of the PGP (Pretty Good Privacy) encryption


application for encrypting data.


OpenSSH is a safer way to access a remote machine and replaces older, unencrypted services like


telnet


and


rsh


. OpenSSH includes a network service called


sshd


and three command line client


applications:


  ssh


  A secure remote console access client.


  scp


  A secure remote copy command.


  sftp


  A secure pseudo ftp client that allows interactive file transfer sessions.


It is highly recommended that any remote communication with Linux systems occur using the SSH


protocol. For more information about OpenSSH, see the chapter titled OpenSSH in the Official Red


Hat Linux Customization Guide. For more information about the SSH Protocol, see the chapter titled


SSH Protocol in the Official Red Hat Linux Reference Guide.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved