module 11 - set up host security
DESCRIPTION
LinuxTRANSCRIPT
7/18/2019 Module 11 - Set Up Host Security
http://slidepdf.com/reader/full/module-11-set-up-host-security 1/6
L P I L
i n u x
C e r t i f i c a t
i o n
h t t p : / / w w
w . b k
a c a d
. c o m
Module 11
Set Up Host Security
7/18/2019 Module 11 - Set Up Host Security
http://slidepdf.com/reader/full/module-11-set-up-host-security 2/6
L P I L
i n u x
C e r t i f i c a t
i o n
h t t p : / / w w
w . b k
a c a d
. c o m
Objectives
Objective 2: Set Up Host Security
7/18/2019 Module 11 - Set Up Host Security
http://slidepdf.com/reader/full/module-11-set-up-host-security 3/6
L P I L
i n u x
C e r t i f i c a t
i o n
h t t p : / / w w
w . b k
a c a d
. c o m
Set Up Host Security
The Super-Server Years ago, when hardware was more, the amount of system
resources, especially memory, that each process consumed was of
great importance
!he problem was that administrators wanted to consolidate a lot
of their network services on one Linux machine, but were
running into memory limitations
!he solution was to come up with a listenin service, or !super-
server" that handled incoming connections and started the correct
networ"ing service to handle them !hus the inetd service was
born
7/18/2019 Module 11 - Set Up Host Security
http://slidepdf.com/reader/full/module-11-set-up-host-security 4/6
L P I L
i n u x
C e r t i f i c a t
i o n
h t t p : / / w w
w . b k
a c a d
. c o m
Set Up Host Security
The Super-Server !he inetd service has two important characteristics:
#t is a sinle process that can listen on multiple ports for incoming
connections, starting the appropriate service when a connection comes
in and connecting the inbound connection with the service
$lso, inetd supports a sophisticated security scheme for allowing and
disallowing access to these %simpler& networ"ing services, many ofwhich don't have advanced access controls built into them
So the creation of inetd solved two problems: limited memory was
conserved, and administrators gained a finer level of control over
what systems or networ"s could access their services
7/18/2019 Module 11 - Set Up Host Security
http://slidepdf.com/reader/full/module-11-set-up-host-security 5/6
L P I L
i n u x
C e r t i f i c a t
i o n
h t t p : / / w w
w . b k
a c a d
. c o m
Set Up Host Security
The Super-Server The main confiuration file for inetd is /etc/inetd.conf
#inetd
!he original inetd service is seldom seen in more recent (inu)
distributions #t has been replaced with xinetd, the *)tended #nternet
+aemon
xinetd improves upon the original goals of inetd by:
o #ncreasing the loin and access control ability around the managed
services
o #n addition to adding defense mechanisms to protect aainst attacks,
such as port scanners or denial of service
!he )inetd configuration file is $etc$xinetd%conf
7/18/2019 Module 11 - Set Up Host Security
http://slidepdf.com/reader/full/module-11-set-up-host-security 6/6
L P I L
i n u x
C e r t i f i c a t
i o n
h t t p : / / w w
w . b k
a c a d
. c o m
Set Up Host Security
Security with T&'()*+'',*S
(i"e a firewall, it is usually good practice to adopt either a %block everythin only open what you need& mentality
O an %open everythin block only what you don.t need&
mentality when it comes to !-./0$..*S
!-./0$..*S is configured in two files,1etc1hostsallow and 1etc1hostsdeny