Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual Manual pdf 106 page image
Manuals database logo
manualsdatabase
Your AI-powered manual search engine

Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual

Also see for ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE: Installation guideInstallation guideTuning guideInstallation guideManual

Page 1 previewPage 2 previewPage 3 previewPage 4 previewPage 5 previewPage 6 previewPage 7 previewPage 8 previewPage 9 previewPage 10 previewPage 11 previewPage 12 previewPage 13 previewPage 14 previewPage 15 previewPage 16 previewPage 17 previewPage 18 previewPage 19 previewPage 20 previewPage 21 previewPage 22 previewPage 23 previewPage 24 previewPage 25 previewPage 26 previewPage 27 previewPage 28 previewPage 29 previewPage 30 previewPage 31 previewPage 32 previewPage 33 previewPage 34 previewPage 35 previewPage 36 previewPage 37 previewPage 38 previewPage 39 previewPage 40 previewPage 41 previewPage 42 previewPage 43 previewPage 44 previewPage 45 previewPage 46 previewPage 47 previewPage 48 previewPage 49 previewPage 50 previewPage 51 previewPage 52 previewPage 53 previewPage 54 previewPage 55 previewPage 56 previewPage 57 previewPage 58 previewPage 59 previewPage 60 previewPage 61 previewPage 62 previewPage 63 previewPage 64 previewPage 65 previewPage 66 previewPage 67 previewPage 68 previewPage 69 previewPage 70 previewPage 71 previewPage 72 previewPage 73 previewPage 74 previewPage 75 previewPage 76 previewPage 77 previewPage 78 previewPage 79 previewPage 80 previewPage 81 previewPage 82 previewPage 83 previewPage 84 previewPage 85 previewPage 86 previewPage 87 previewPage 88 previewPage 89 previewPage 90 previewPage 91 previewPage 92 previewPage 93 previewPage 94 previewPage 95 previewPage 96 previewPage 97 previewPage 98 previewPage 99 previewPage 100 previewPage 101 previewPage 102 previewPage 103 previewPage 104 previewPage 105 previewPage 106 previewPage 107 previewPage 108 previewPage 109 previewPage 110 previewPage 111 previewPage 112 previewPage 113 previewPage 114 previewPage 115 previewPage 116 previewPage 117 previewPage 118 previewPage 119 previewPage 120 previewPage 121 previewPage 122 previewPage 123 previewPage 124 previewPage 125 previewPage 126 previewPage 127 previewPage 128 previewPage 129 previewPage 130 previewPage 131 previewPage 132 previewPage 133 previewPage 134 previewPage 135 previewPage 136 preview
Contents
  1. red hat enterprise linux
  2. Table Of Contents
  3. Table Of Contents
  4. Table Of Contents
  5. Table Of Contents
  6. document conventions
  7. I. A General Introduction to Security
  8. Security Overview
  9. Computer Security Timeline
  10. Security Today
  11. Standardizing Security
  12. Technical Controls
  13. Attackers and Vulnerabilities
  14. Threats to Network Security
  15. Unpatched Services
  16. Threats to Workstation and Home PC Security
  17. II. Configuring Red Hat Enterprise Linux for Security
  18. Security Updates
  19. Using the Red Hat Errata Website
  20. Installing Signed Packages
  21. Applying the Changes
  22. Workstation Security
  23. Boot Loader Passwords
  24. Password Security
  25. Creating Strong Passwords
  26. Creating User Passwords Within an Organization
  27. password aging
  28. Administrative Controls
  29. Allowing Root Access
  30. Limiting Root Access
  31. Available Network Services
  32. Risks To Services
  33. Insecure Services
  34. Personal Firewalls
  35. Security Enhanced Communication Tools
  36. Enhancing Security With TCP Wrappers
  37. Enhancing Security With xinetd
  38. Securing Portmap
  39. Securing NIS
  40. Edit the /var/yp/securenets File
  41. Use Kerberos Authentication
  42. Do Not Use the no_root_squash Option
  43. Do Not Remove the IncludesNoExec Directive
  44. Anonymous Access
  45. User Accounts
  46. Limiting a Denial of Service Attack
  47. vpns and red hat enterprise linux
  48. IPsec Installation
  49. IPsec Network-to-Network configuration
  50. Netfilter and iptables
  51. Basic Firewall Policies
  52. Saving and Restoring iptables Rules
  53. FORWARD and NAT Rules
  54. DMZs and iptables
  55. iptables and Connection Tracking
  56. Additional Resources
  57. vulnerability assessment
  58. Defining Assessment and Testing
  59. Establishing a Methodology
  60. Nessus
  61. Nikto
  62. IDS Types
  63. Host-based IDS
  64. Other Host-based IDSes
  65. Snort
  66. Creating an Incident Response Plan
  67. The Computer Emergency Response Team (CERT)
  68. Implementing the Incident Response Plan
  69. Collecting an Evidential Image
  70. Restoring and Recovering Resources
  71. V. Appendixes
  72. A. Hardware and Network Protection
  73. A.1.2. Transmission Considerations
  74. A.1.4. Network Segmentation and DMZs
  75. B. Common Exploits and Attacks
  76. C. Common Ports
  77. D. Revision History
  78. Index
Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual Manual pdf 106 page image
Chapter 10. Incident Response9410.5. Restoring and Recovering ResourcesWhile an incident response is in progress, the CERT team should be investigating while workingtoward data and system recovery. Unfortunately, it is the nature of the breach which dictates thecourse of recovery. Having backups or offline, redundant systems during this time is invaluable.To recover systems, the response team must bring any downed systems or applications back online,such as authentication servers, database servers, and any other production resources.Having production backup hardware ready for use is highly recommended, such as extra hard drives,hot-spare servers, and the like. Ready-made systems should have all production software loaded andready for immediate use. Only the most recent and pertinent data needs to be imported. This ready-made system should be kept isolated from the rest of the network. If a compromise occurs and thebackup system is a part of the network, then the purpose of having a backup system is defeated.System recovery can be a tedious process. In many instances there are two courses of action fromwhich to choose. Administrators can perform a clean re-installation of the operating system on eachaffected system followed by restoration of all applications and data. Alternatively, administrators canpatch the offending vulnerabilities and bring the affected system back into production.10.5.1. Reinstalling the SystemPerforming a clean re-installation ensures that the affected system is cleansed of any trojans,backdoors, or malicious processes. Re-installation also ensures that any data (if restored from atrusted backup source) is cleared of any malicious modifications. The drawback to total systemrecovery is the time involved in rebuilding systems from scratch. However, if there is a hot backupsystem available for use where the only action to take is to dump the most recent data, systemdowntime is greatly reduced.10.5.2. Patching the SystemPatching affected systems is a more dangerous course of action and should be undertaken with greatcaution. The problem with patching a system instead of reinstalling is determining whether or not agiven system is cleansed of trojans, security holes, and corrupted data. Most rootkits (programs orpackages that a cracker uses to gain root access to a system), trojan system commands, and shellenvironments are designed to hide malicious activities from cursory audits. If the patch approach istaken, only trusted binaries should be used (for example, from a mounted, read-only CD-ROM).10.6. Reporting the IncidentThe last part of the incident response plan is reporting the incident. The security team should takenotes as the response is happening and report all issues to organizations such as local and federalauthorities or multi-vendor software vulnerability portals, such as the Common Vulnerabilities andExposures site (CVE) at http://cve.mitre.org/3. Depending on the type of legal counsel an enterpriseemploys, a post-mortem analysis may be required. Even if it is not a functional requirement to acompromise analysis, a post-mortem can prove invaluable in helping to learn how a cracker thinks andhow the systems are structured so that future compromises can be prevented.3 http://cve.mitre.org
/ 136
Related manuals for Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE Manual
Red Hat ENTERPRISE LINUX 4 Manual first page preview
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 4 Manual first page preview
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE Manual
Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE Manual first page preview
Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE Manual
Red Hat ENTERPRISE LINUX 5.5 - ONLINE STORAGE GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 5.5 - ONLINE STORAGE GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - USING AS Using Manual first page preview
Red Hat ENTERPRISE LINUX 4 - USING AS Using Manual
This manual is suitable for:
ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
Manuals database logo
manualsdatabase
Your AI-powered manual search engine