Basic Network Security

• When connecting a matching to a network, we need to make sure no one will easily break in to it.
  
  
• Even if you don't think anyone will try to break into your machines - chances are that someone might try.
  
  
• Crackers often run network scan utilities that check a large range of IP addresses, and automatically try to find machines running servers with security holes.
  
  
• To protect against that, one could simply disable any unnecessary network service they are running.
  
  
• First, disable all services launched via the inetd (or xinetd) daemon. Edit the file "/etc/inetd.conf" (or the files under "/etc/xinetd/"), comment out (using a leading '#') in front of all services, and save the file. Then, restart the inetd process. One way to do that:
  
  killall -HUP inetd
  
  Now, check that the command 'telnet 127.0.0.1' shows you a 'connection refused' error - this implies that the telnet service (if it was enabled) is now disabled.
  
  
• Next, disable any daemons started by your system, by removing the relevant links in the init directory "/etc/rc.d/rc3.d", such as sendmail, portmap and so on. Yo could also do that using a run level editor.
  
  
• Finally, you could set up firewalling rules (provided you have firewall support compiled into your kernel), and then run services behind this protection. Enable connections to services you still have running only from the IP address of '127.0.0.1' (which is a special address used internally for communications between processes running on the same machine). Info on firewall rules may be found in the firewall HOWTO.