7/18/2019 Module 11 - Set Up Host Security

http://slidepdf.com/reader/full/module-11-set-up-host-security 1/6

   L   P   I    L

   i  n  u  x

   C  e  r  t   i  f   i  c  a  t

   i  o  n

    h  t  t  p  :  /  /  w  w

  w .   b   k 

  a  c  a  d

 .  c  o  m

 

Module 11 

Set Up Host Security

7/18/2019 Module 11 - Set Up Host Security

http://slidepdf.com/reader/full/module-11-set-up-host-security 2/6

   L   P   I    L

   i  n  u  x

   C  e  r  t   i  f   i  c  a  t

   i  o  n

    h  t  t  p  :  /  /  w  w

  w .   b   k 

  a  c  a  d

 .  c  o  m

Objectives

Objective 2: Set Up Host Security

7/18/2019 Module 11 - Set Up Host Security

http://slidepdf.com/reader/full/module-11-set-up-host-security 3/6

   L   P   I    L

   i  n  u  x

   C  e  r  t   i  f   i  c  a  t

   i  o  n

    h  t  t  p  :  /  /  w  w

  w .   b   k 

  a  c  a  d

 .  c  o  m

Set Up Host Security

The Super-Server Years ago, when hardware was more, the amount of system

resources, especially memory, that each process consumed was of

great importance

!he problem was that administrators wanted to consolidate a lot

of their network services on one Linux machine, but were

running into memory limitations

!he solution was to come up with a listenin service, or !super-

server" that handled incoming connections and started the correct

networ"ing service to handle them !hus the inetd service was

born

7/18/2019 Module 11 - Set Up Host Security

http://slidepdf.com/reader/full/module-11-set-up-host-security 4/6

   L   P   I    L

   i  n  u  x

   C  e  r  t   i  f   i  c  a  t

   i  o  n

    h  t  t  p  :  /  /  w  w

  w .   b   k 

  a  c  a  d

 .  c  o  m

Set Up Host Security

The Super-Server  !he inetd service has two important characteristics:

#t is a sinle process that can listen on multiple ports for incoming

connections, starting the appropriate service when a connection comes

in and connecting the inbound connection with the service

 $lso, inetd supports a sophisticated security scheme for allowing and

disallowing access to these %simpler& networ"ing services, many ofwhich don't have advanced access controls built into them

So the creation of inetd solved two problems: limited memory was

conserved, and administrators gained a finer level of control over

what systems or networ"s could access their services

7/18/2019 Module 11 - Set Up Host Security

http://slidepdf.com/reader/full/module-11-set-up-host-security 5/6

   L   P   I    L

   i  n  u  x

   C  e  r  t   i  f   i  c  a  t

   i  o  n

    h  t  t  p  :  /  /  w  w

  w .   b   k 

  a  c  a  d

 .  c  o  m

Set Up Host Security

The Super-Server  The main confiuration file for inetd is  /etc/inetd.conf 

#inetd

!he original inetd service is seldom seen in more recent (inu)

distributions #t has been replaced with xinetd, the *)tended #nternet

+aemon

xinetd improves upon the original goals of inetd by:

o #ncreasing the loin and access control ability around the managed

services

o #n addition to adding defense mechanisms to protect aainst attacks,

such as port scanners or denial of service

!he )inetd configuration file is $etc$xinetd%conf 

7/18/2019 Module 11 - Set Up Host Security

http://slidepdf.com/reader/full/module-11-set-up-host-security 6/6

   L   P   I    L

   i  n  u  x

   C  e  r  t   i  f   i  c  a  t

   i  o  n

    h  t  t  p  :  /  /  w  w

  w .   b   k 

  a  c  a  d

 .  c  o  m

Set Up Host Security

Security with T&'()*+'',*S

(i"e a firewall, it is usually good practice to adopt either a %block everythin only open what you need& mentality

O an %open everythin block only what you don.t need&

mentality when it comes to !-./0$..*S

!-./0$..*S is configured in two files,1etc1hostsallow and 1etc1hostsdeny