|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Tuesday, 2 October 2001||Author: Jeff McClure and Katharine McCoy|
|Published to: enchance_articles_security/Advanced Security Articles||Page: 1/3 - [Printable]|
A Beginner's Introduction to Network Security
Linux.com writers McClure and McCoy write "We hate to break it to you, but crackers don't just hack the important stuff, they hack whatever networks or boxes they can get into, just because they can." As you may already know it is as important to "lock" your computer as it is to lock your front door, especially if you live on an "always on" broadband connection. But where to start? Well, start here.
|Page 1 of 3 >>|
Lately, the word "security" has been tossed around a lot in the news, IRC channels and elsewhere in the community. It seems that there's no end to viruses and script kiddies out there just waiting to get through the security on your network and damage something, or use your network to help with the latest denial-of-service attack. When someone breaks into your network, not only is it an inconvenience to you, but also a potential problem for others in the Internet community. What? You said you don't have security on your network? Gasp! Well, that's what we're here to talk about. We're going to share some reasons why you want security on your box along with a few pointers on how to secure your network. We're not going to go into great detail (that's for later articles). Our aim is to make you more aware of why you need to secure your network and then point you in the right direction.
Some Helpful Definitions
Before we get into the thick of this discussion, let's start off by providing some simplified explanations for a few terms that will be used in the article. If you're familiar with these terms already, just skip ahead.
ports (port numbers)
In general, when one computer connects to another across a network to use a resource (or service) such as a web server, it needs two major pieces of information: the IP address of the server computer and the port number on which the service runs. A computer with a single IP address can be running any number of these services (web, FTP, Telnet, etc.). The port number decides which service will be contacted. You can use these port numbers to help control access to your computer.
A port scan is a technique used by would-be crackers to determine a computer's vulnerabilities. It's called a port scan because it involves attempting to connect to a range of different port numbers on the same computer. Depending on the results, the attacker can learn more about a computer and what methods he can use to attack it.
A firewall is software or hardware which stands between an "external" network and an "internal" network (or a single "internal" computer). Its job is to control the flow of network traffic between these two networks. It does so by looking at information contained in each network packet (including IP address and port number) and deciding what action(s) to take. Common actions include passing the packet to the other network, refusing the packet (and sending a refusal response to the sender), dropping the packet with no response, and noting the packet in a log file.
When talking about networked computers, the term vulnerability often surfaces. When used in this sense, a vulnerability indicates a means by which the security of a system (usually its software) might be breached. Vulnerabilities can go unnoticed for long periods of time, and the existence of a vulnerability does not necessarily imply the existence of a working exploit of that vulnerability.
An exploit (in our context) is a known way to take advantage of a vulnerability in a networked system (again, usually its software).
Network security is the type of security we are covering in this article. It means security measures designed to protect against attacks which originate from the network.
Quite a different security concept is internal security. This type of security involves protecting a computer against attacks which originate from the computer itself (often initiated by one of its users). This is an important aspect of security (it can help protect your computer if network security fails), but it's not the focus of this article.
|Page 1 of 3 >>|