Chapter 12. Securing TCP and UDP Services

Connecting a Unix computer to the Internet is not an action that should be taken lightly. Although the TCP/IP protocol suite and the Unix operating system themselves have few inherent security problems, many security flaws have been found with their specific implementations and distributions. Before you place a Unix computer on the Internet, you must make certain that no security problems have been reported with the specific software release that you intend to use. Otherwise, you may find that your machine is identified, broken into, and compromised before you even have a chance to download the latest software patch!

Generally speaking, there are two ways to assure the security of a Unix system that you intend to place on the Internet:

  • You can install the latest release of your vendor’s operating system onto a freshly formatted hard drive on a clean computer. Then, using a second computer, go to the vendor’s web site and download any software patches, fixes or updates. Copy those updates from the second computer to your new machine, install the updates, and then place your new computer on the Internet. Once the computer is on the Internet, be vigilant: get on all of the mailing lists for software updates, be on the lookout for security flaws, and install the patches as quickly as humanly possible (see Chapter 17 for more details about this process).

  • Alternatively, you can get an old computer that uses an operating system and a hardware architecture ...

Get Practical UNIX and Internet Security, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.