13.4. Optimizing the Unix Kernel

Removing kernel support for any unneeded services is a great way to further lock down your system. Not only does this help to optimize system performance, it can improve security. For example, if you will be using your Unix system as a router or a firewall, you might want to disable support for source-routed packets. Doing so prevents an attacker from using source routing for spoofing or to circumvent the routing table.

Configuring a Unix kernel varies slightly with each implementation. Which options you can configure when rebuilding the kernel depend on which options are included by the manufacturer. For the purpose of demonstration, we'll work with Red Hat's version of Linux. Red Hat supports a number of graphical ...

Get Mastering™ Network Security, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.