[ Pobierz całość w formacie PDF ]

to Chapter 5, Server Security for more information about setting up services in a safe manner.
2.4. Threats to Workstation and Home PC Security
Workstations and home PCs may not be as prone to attack as networks or servers, but since they often
contain sensitive data, such as credit card information, they are targeted by system crackers.
Workstations can also be co-opted without the user's knowledge and used by attackers as "slave"
machines in coordinated attacks. For these reasons, knowing the vulnerabilities of a workstation can
save users the headache of reinstalling the operating system, or worse, recovering from data theft.
2.4.1. Bad Passwords
Bad passwords are one of the easiest ways for an attacker to gain access to a system. For more on
how to avoid common pitfalls when creating a password, refer to Section 4.3,  Password Security .
2.4.2. Vulnerable Client Applications
Although an administrator may have a fully secure and patched server, that does not mean remote users
are secure when accessing it. For instance, if the server offers Telnet or FTP services over a public
network, an attacker can capture the plain text usernames and passwords as they pass over the
network, and then use the account information to access the remote user's workstation.
Even when using secure protocols, such as SSH, a remote user may be vulnerable to certain attacks if
they do not keep their client applications updated. For instance, v.1 SSH clients are vulnerable to an X-
forwarding attack from malicious SSH servers. Once connected to the server, the attacker can quietly
capture any keystrokes and mouse clicks made by the client over the network. This problem was fixed in
the v.2 SSH protocol, but it is up to the user to keep track of what applications have such vulnerabilities
and update them as necessary.
Chapter 4, Workstation Security discusses in more detail what steps administrators and home users
should take to limit the vulnerability of computer workstations.
[4] So urce: http s://www.sans.o rg /read ing _ro o m/whitep ap ers/hso ffice/ad d ressing _and _i
mp lementing _co mp uter_security_fo r_a_small_b ranch_o ffice_6 20
22
Part II. Configuring Red Hat Enterprise Linux for Security
Part II. Configuring Red Hat Enterprise Linux for Security
This part informs and instructs administrators on proper techniques and tools to use when securing
Red Hat Enterprise Linux workstations, Red Hat Enterprise Linux servers, and network resources. It also
discusses how to make secure connections, lock down ports and services, and implement active filtering
to prevent network intrusion.
23
Red Hat Enterprise Linux 4 Security Guide
Chapter 3. Security Updates
As security vulnerabilities are discovered, the affected software must be updated in order to limit any
potential security risks. If the software is part of a package within an Red Hat Enterprise Linux
distribution that is currently supported, Red Hat, Inc is committed to releasing updated packages that fix
the vulnerability as soon as possible. Often, announcements about a given security exploit are
accompanied with a patch (or source code that fixes the problem). This patch is then applied to the Red
Hat Enterprise Linux package, tested by the Red Hat quality assurance team, and released as an errata
update. However, if an announcement does not include a patch, a Red Hat developer works with the
maintainer of the software to fix the problem. Once the problem is fixed, the package is tested and
released as an errata update.
If an errata update is released for software used on your system, it is highly recommended that you
update the effected packages as soon as possible to minimize the amount of time the system is
potentially vulnerable.
3.1. Updating Packages
When updating software on a system, it is important to download the update from a trusted source. An
attacker can easily rebuild a package with the same version number as the one that is supposed to fix
the problem but with a different security exploit and release it on the Internet. If this happens, using
security measures such as verifying files against the original RPM does not detect the exploit. Thus, it is
very important to only download RPMs from trusted sources, such as from Red Hat, Inc and check the
signature of the package to verify its integrity.
Red Hat offers two ways to find information on errata updates:
1. Listed and available for download on Red Hat Network
2. Listed and unlinked on the Red Hat Errata website
Note
Beginning with the Red Hat Enterprise Linux product line, updated packages can be downloaded [ Pobierz całość w formacie PDF ]