Bobcat Open Systems, Inc. and Bobcat Web Design. We offer custom software solutions, internet security, system administration, web design, logos, art for the web, SEO, SEM, e-commerce websites, hosting, and a great relationship with our clients.
HOME SERVICES PORTFOLIO ABOUT CLIENT KUDOS LINKS CONTACT

SECURITY

Out of the box, your Linux system is set for very high security, so even though you may be wanting to make services available to other machines from your Linux machine, no other machine can connect to it. The machine is set up for the most hazardous environment, that of a casual user connected to the Internet.

Getting (controlled) access

We'll address two scenarios. In the first we will look at the most common, the machine exposed to the Internet without the benefit of a firewall. In the second, we will consider a machine on a network protected by a firewall.

Exposed to the Internet

Your machine has its own firewall installed, and it's set to nearly the highest level of security. The purpose is to keep crackers (the media calls them "hackers") out of your machine. There are known exploits of some services that can allow the intruder to become "root", and then he can install software that can break in to other machines, sniff your passwords and credit card numbers, and other nefarious deeds. Forget about allowing telnet into your machine, and think carefully about allowing ftp. Telnet is a major security hole primarily because passwords are sent in the clear, and anyone sniffing your network can read them. You probably already have installed a capability similar to telnet called Secure SHell (SSH). To start it up, run (as root) 

service sshd start

To have it come up automatically at boot time, run 

chkconfig sshd on

If using the GUI, click on System->Administration->Services.

Now, you still have your firewall to deal with. Run system-config-security from the command line or System->Administration-Firewall, if using a window manager (this example from Gnome on Fedora 13), and follow the options shown.

You will want a Secure SHell client for your Windoze boxes. There are several software packages available, many are freeware or shareware. I recommend PuTTY.

As far as ftp is concerned, you may not need it. SSH includes an scp (secure copy) and sftp (secure ftp). If you must have ftp, you probably have vsftp (Very Secure FTP) installed. It's fine. Just turn it on.

Isolated from the Internet

If your network is behind a good firewall, then you can open up whatever services you want, if you trust the others on the network. First you will want to turn off the firewall. Use system-config-security to set things to "no firewall". Then use ntsysv to enable whatever services you want.

That said, I wasn't kidding about trusting others on your network. I still recommend using SSH to connect to your machine because it is secure and just as easy as telnet, in fact easier if you set things up right. Read up on "ssh-agent".

~ Bob McClure