Networking

Linux Security

Considerable effort has been put into making Linux a very secure network operating system, and those efforts are evident. When it is configured correctly, Linux is a very secure operating system; therefore, it is often used as a company's firewall server. The following are a few highlights of Linux security:

  • Resource access As in the other network operating systems, access to resources on a Linux network is controlled through permissions. Access control lists identifying systems and who can access what resources are held in text files such as hosts.deny and hosts.allow. Permissions for network resources and services can be assigned to an individual user or to a group of users.

  • User authentication To access the local system resources or any network resources, user authentication, in the form of a username and a password, is required. The user account information is kept in a text file known as the /etc/passwd file in the Linux system.

  • File and directory security The default file system used by Linux is the EXT2 file system. Like NTFS, which is used with Windows servers, EXT2 allows administrators to assign permissions to individual files and folders. These permissions are used to control who is allowed access to specific data on the server. A secure server should have permissions set on the important data in the system.

As Linux continues to grow in popularity, it will become an increasingly common sight in server rooms of organizations of all sizes. As a network administrator, you should prepare yourself for when you encounter a Linux systemnot if.

Of the platforms discussed in this chapter, UNIX and Linux have the most simplistic approach to file system security, although for most environments, this approach is more than sufficient. File permissions can be assigned to either the creator of a file or directory, a group, or the entity "everyone," which includes any authenticated user.

UNIX and Linux have only three rights that can be assigned. These rights are listed in Table 1.

Table 1 File Permissions on UNIX/Linux

Right

Description

Read

Allows files to be listed, opened, and read

Write

Allows files to be created, written to, or modified

Execute

Allows files to be executed (that is, run)

The file permissions are listed to the right of the file. The first value specifies whether the file is a file (-) or a directory (d). The next three values specify the file rights for the user, the next three for the group, and the next three for the "everyone" assignment.