Originally Published: Thursday, 4 May 2000 Author: Scott Nipp
Published to: featured_articles/Featured Articles Page: 1/1 - [Std View]

Linux Security: TCP-Wrappers?

Security is an issue that affects everyone from home users who may have credit card information and such to businesses that may have business plans and product design specifications stored on these systems. TCP-Wrappers is a software package available for Linux that greatly simplifies securing these systems.

Linux, like any operating system, is only as secure as you make it. Any computer that is connected to a network, and especially the Internet, is susceptible to being compromised. Security is an issue that affects everyone from home users who may have credit card information and such to businesses that may have business plans and product design specifications stored on these systems. TCP-Wrappers is a software package available for Linux that greatly simplifies securing these systems.

Unix networking is based on the concept of services. A Unix server provides a "service" to the rest of the network to which it is connected. These services, such as FTP or HTTP, then provide the functionality required. Linux being derived from Unix provides services in the same manner as other traditional Unix systems. There is a series of events that occurs to actually provide a network service, and understanding this series of events allows you to secure these services to prevent unauthorized access. In Linux, like Unix, this series of events is very well defined, and TCP-Wrappers is implemented to work within the structure of these events to enhance security.

Many services are actually provided by another service called inetd. Inetd is commonly referred to as a "listener," because this service's job is to "listen" to the network for requests for incoming service. Inetd is typically started during the boot process and is configured through a couple files that work to define exactly what "services" will be provided. While inetd provides the mechanism for many services such as FTP and Telnet, many more services like mail and HTTP do not use this mechanism. For services that are provided via inetd, this is the first step in the process.

TCP-Wrappers can be used to provide an additional level of security for any service that uses the inetd facility. TCP-Wrappers is actually the second step in the process of providing a service that uses inetd. The TCP-Wrappers works to examine the incoming request and verify that the request should be allowed access to the requested service. Two configuration files work to define what services are allowed based on the source of the request. The hosts.allow and hosts.deny define the services to provide to the hosts specified in these files. This allows a user to specify that only specific services can be accessed from a specified host, or group of hosts, making it possible to provide access to a service without granting access to that service to the world. Whether you are just trying to lock down your home computer or trying to provide a specific type of access to your system, TCP-Wrappers can help you accomplish this.

TCP-Wrappers is not a complete security solution, but goes a long way to helping secure a system. This package provides a powerful and flexible way to enhance the security of your system. This security is helpful to the home user as well as the business world in providing functionality as well as security. TCP-Wrappers is another example of the flexibility of Linux in providing both security and functionality.

Scott Nipp is a Technical Solutions Consultant at Sprint Enterprise Network Services.

The views, information and opinions provided in this article are expressed and held solely by the author. Neither Sprint Enterprise Network Services nor Sprint Corporation or any of its affiliates assume any responsibility for any opinion or statement of fact presented in this article.