Hardening a Unix computer for Internet use
Rob Kolstad, long-time USENIX executive and noted
industry personality, often points out that a good system
administrator is a master of change on many time scales. That
statement is most appropriate in the context of last month's topic,
managing TCP/IP connections. New services appear monthly, new host
entries pop up daily or every few hours, and you can get hit with a
routing table update at least every 30 seconds. The number of moving
parts conspires to keep at least some things broken, some of the time.
Last month we talked about the myriad configuration problems that
interfere early in the process of making a connection. This
month, we'll proceed with our discussion of TCP/IP mechanics by
covering performance and security concerns.
After identifying the remote system's IP address and desired service
port number, the rest of the connection process should be as simple as
knocking on a door when you know the street address and floor number
on which it's located. Nothing in life, electronic or carbon, is that
simple. The door-knocking analogy highlights most of the additional
things that can go wrong in TCP-land: nobody answers the remote door
(performance problem), you are deemed persona non grata and
are turned away at your destination, or you run into troubles getting
out of your own building. To start our journey, we'll look at server
performance limits that create connection bottlenecks, and then
explore the popular TCP wrapper package used to establish access
controls over network services. We'll conclude with an overview of the
SOCKS tools that let you enjoy the security of a well-locked door but
still sneak out for an occasional network snack.
Connection erection
Just because you can name the remote end of a socket with an IP
address and port number pair doesn't mean the other side can or even
wants to talk to you. Making yourself appear interesting (and trusted)
is a security problem we'll cover shortly. Making sure your servers
have sufficient connection management resources is a growing
performance problem. As the use of network services has exploded, many
years-old assumptions about resource allocation have proven far too
restrictive.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
