web/html/docs/security-guide/f13/en-US/html-single index.html, 1.1, 1.2
Eric Christensen
sparks at fedoraproject.org
Sat Nov 21 05:05:56 UTC 2009
- Previous message (by thread): web/html/docs/security-guide/f13/en-US/pdf security-guide.pdf, 1.1, 1.2
- Next message (by thread): web/html/docs/security-guide/f13/en-US/html Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html, 1.1, 1.2 Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html, 1.1, 1.2 Security_Guide-Encryption-Data_in_Motion.html, 1.1, 1.2 Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html, 1.1, 1.2 We_Need_Feedback.html, 1.1, 1.2 chap-Security_Guide-Encryption.html, 1.1, 1.2 chap-Security_Guide-General_Principles_of_Information_Security.html, 1.1, 1.2 chap-Security_Guide-References.html, 1.1, 1.2 chap-Security_Guide-Secure_Installation.html, 1.1, 1.2 chap-Security_Guide-Securing_Your_Network.html, 1.1, 1.2 chap-Security_Guide-Security_Overview.html, 1.1, 1.2 chap-Security_Guide-Software_Maintenance.html, 1.1, 1.2 index.html, 1.1, 1.2 pref-Security_Guide-Preface.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Related_Books.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Related_Documentation.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html, 1.1, 1.2 sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access.html, 1.1, 1.2 sect-Security_Guide-Administrative_Controls-Limiting_Root_Access.html, 1.1, 1.2 sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html, 1.1, 1.2 sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html, 1.1, 1.2 sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html, 1.1, 1.2 sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html, 1.1, 1.2 sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html, 1.1, 1.2 sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html, 1.1, 1.2 sect-Security_Guide-Attackers_and_Vulnerabilities.html, 1.1, 1.2 sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services.html, 1.1, 1.2 sect-Security_Guide-Available_Network_Services-Insecure_Services.html, 1.1, 1.2 sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html, 1.1, 1.2 sect-Security_Guide-Common_Exploits_and_Attacks.html, 1.1, 1.2 sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging.html, 1.1, 1.2 sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins.html, 1.1, 1.2 sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins.html, 1.1, 1.2 sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM.html, 1.1, 1.2 sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html, 1.1, 1.2 sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html, 1.1, 1.2 sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html, 1.1, 1.2 sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html, 1.1, 1.2 sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html, 1.1, 1.2 sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html, 1.1, 1.2 sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html, 1.1, 1.2 sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html, 1.1, 1.2 sect-Security_Guide-Encryption-Using_GPG.html, 1.1, 1.2 sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html, 1.1, 1.2 sect-Security_Guide-Evaluating_the_Tools-Nessus.html, 1.1, 1.2 sect-Security_Guide-Evaluating_the_Tools-Nikto.html, 1.1, 1.2 sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html, 1.1, 1.2 sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html, 1.1, 1.2 sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html, 1.1, 1.2 sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html, 1.1, 1.2 sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html, 1.1, 1.2 sect-Security_Guide-Firewalls-IPv6.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Using_IPTables.html, 1.1, 1.2 sect-Security_Guide-Firewalls.html, 1.1, 1.2 sect-Security_Guide-IPTables-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-IPTables-Command_Options_for_IPTables.html, 1.1, 1.2 sect-Security_Guide-IPTables-IPTables_Control_Scripts.html, 1.1, 1.2 sect-Security_Guide-IPTables-IPTables_and_IPv6.html, 1.1, 1.2 sect-Security_Guide-IPTables-Saving_IPTables_Rules.html, 1.1, 1.2 sect-Security_Guide-IPTables.html, 1.1, 1.2 sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html, 1.1, 1.2 sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html, 1.1, 1.2 sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html, 1.1, 1.2 sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html, 1.1, 1.2 sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html, 1.1, 1.2 sect-Security_Guide-Kerberos-How_Kerberos_Works.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Kerberos_Terminology.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Kerberos_and_PAM.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html, 1.1, 1.2 sect-Security_Guide-Kerberos.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption.html, 1.1, 1.2 sect-Security_Guide-Limiting_Root_Access-The_sudo_Command.html, 1.1, 1.2 sect-Security_Guide-Option_Fields-Access_Control.html, 1.1, 1.2 sect-Security_Guide-Option_Fields-Expansions.html, 1.1, 1.2 sect-Security_Guide-Option_Fields-Shell_Commands.html, 1.1, 1.2 sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html, 1.1, 1.2 sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html, 1.1, 1.2 sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html, 1.1, 1.2 sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html, 1.1, 1.2 sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html, 1.1, 1.2 sect-Security_Guide-Passphrases.html, 1.1, 1.2 sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html, 1.1, 1.2 sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html, 1.1, 1.2 sect-Security_Guide-Securing_FTP-Anonymous_Access.html, 1.1, 1.2 sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html, 1.1, 1.2 sect-Security_Guide-Securing_FTP-User_Accounts.html, 1.1, 1.2 sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html, 1.1, 1.2 sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html, 1.1, 1.2 sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html, 1.1, 1.2 sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html, 1.1, 1.2 sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html, 1.1, 1.2 sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html, 1.1, 1.2 sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html, 1.1, 1.2 sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html, 1.1, 1.2 sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html, 1.1, 1.2 sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html, 1.1, 1.2 sect-Security_Guide-Security_Updates.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_FTP.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_NFS.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_NIS.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_Portmap.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_Sendmail.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html, 1.1, 1.2 sect-Security_Guide-Server_Security.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO.html, 1.1, 1.2 sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html, 1.1, 1.2 sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html, 1.1, 1.2 sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd.html, 1.1, 1.2 sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html, 1.1, 1.2 sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html, 1.1, 1.2 sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html, 1.1, 1.2 sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html, 1.1, 1.2 sect-Security_Guide-Updating_Packages-Applying_the_Changes.html, 1.1, 1.2 sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html, 1.1, 1.2 sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html, 1.1, 1.2 sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html, 1.1, 1.2 sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs.html, 1.1, 1.2 sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html, 1.1, 1.2 sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html, 1.1, 1.2 sect-Security_Guide-Vulnerability_Assessment.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Administrative_Controls.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Available_Network_Services.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Password_Security.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Personal_Firewalls.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security.html, 1.1, 1.2 sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sparks
Update of /cvs/fedora/web/html/docs/security-guide/f13/en-US/html-single
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11140/en-US/html-single
Modified Files:
index.html
Log Message:
Updated to include Encryption Standards Appendix and Revision History. Also marked entire book as draft.
Index: index.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f13/en-US/html-single/index.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- index.html 20 Nov 2009 22:22:09 -0000 1.1
+++ index.html 21 Nov 2009 05:05:55 -0000 1.2
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>security-guide</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css" /><meta name="generator" content="publican 0.60" /><meta name="package" content="Fedora-security-guide-13-en-US-13.0-1" /><meta name="description" content="The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, The Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intru
sion and exploit methods." /></head><body class="draft "><div xml:lang="en-US" class="book" title="security-guide" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">13</span></div><div><h1 id="id2048914" class="title">security-guide</h1></div><div><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 13.0</p><div><h3 class="corpauthor">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>security-guide</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css" /><meta name="generator" content="publican 0.60" /><meta name="package" content="fedora-security-guide-13-en-US-13.0-2" /><meta name="description" content="The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, The Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intru
sion and exploit methods." /></head><body class="draft "><div xml:lang="en-US" class="book" title="security-guide" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">13</span></div><div><h1 id="id1793583" class="title">security-guide</h1></div><div><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 13.0</p><div><h3 class="corpauthor">
<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> Logo</object></span>
- </h3></div><div><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien at redhat.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstna
me">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Adam</span> <span class="surname">Ligas</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a class="email" href="mailto:adam at physco.com">adam at physco.com</a></code></div></div></div><hr /><div><div id="id2047157" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class=
"para">
+ </h3></div><div><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien at redhat.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstna
me">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Adam</span> <span class="surname">Ligas</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a class="email" href="mailto:adam at physco.com">adam at physco.com</a></code></div></div></div><hr /><div><div id="id467959" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="
para">
Copyright <span class="trademark"></span>© 2009 Red Hat, Inc.
</div><div class="para">
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
@@ -30,11 +30,11 @@
With proper administrative knowledge, vigilance, and tools, systems
running Linux can be both fully functional and secured from most
common intrusion and exploit methods.
-</div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#pref-Security_Guide-Preface">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="#id2062979">1. Document Conventions</a></span></dt><dd><dl><dt><span class="section"><a href="#id2059680">1.1. Typographic Conventions</a></span></dt><dt><span class="section"><a href="#id615681">1.2. Pull-quote Conventions</a></span></dt><dt><span class="section"><a href="#id2114114">1.3. Notes and Warnings</a></span></dt></dl></dd><dt><span class="section"><a href="#We_Need_Feedback">2. We Need Feedback!</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Security_Overview">1. Security Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.
1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Security Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Evaluating_t
he_Tools">1.2.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Common_Exploits_and_Attacks
">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verifying Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installing Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applying the Changes</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Securing_Your_Network">2. Securing Your Network</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Release_Notes-Security-Install-trusted-packages">2.1. Local u
sers may install trusted packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">2.2. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.2.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.2.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Security">2.2.3. Password Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.2.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.2.5. Available Network Services</a></span></dt><dt><span class="section"><a href="#sect-Security_G
uide-Workstation_Security-Personal_Firewalls">2.2.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.2.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">2.3. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.3.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">2.3.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NIS">2.3.3. Securing NIS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">2.3.4. Securing NFS</a></span></dt><dt><span class="section"><a href="#sec
t-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.3.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">2.3.6. Securing FTP</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">2.3.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.3.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">2.4. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.4.1. Introduction</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.4.2. Getting Started with your new Smart Card</a></span></dt><dt><span c
lass="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.4.3. How Smart Card Enrollment Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.4.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.4.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.5.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.5.2. PAM Configuration Files</a></span></dt><dt><span cla
ss="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.5.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.5.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.5.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.5.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.5.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.5.8. Ad
ditional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">2.6. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.6.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.6.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.6.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.6.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Kerberos">2.7. Kerberos</a></
span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">2.7.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">2.7.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">2.7.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.7.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.7.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.7.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.7.7. Domain-to-Realm Mapping</a></span></dt><dt><span class="section"><a h
ref="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.7.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.7.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">2.7.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">2.8. Virtual Private Networks (VPNs)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.8.1. How Does a VPN Work?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.8.2. VPNs and Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.8.3. IPsec</a></span></dt><dt><span class="
section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.8.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.8.5. IPsec Installation</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.8.6. IPsec Host-to-Host Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.8.7. IPsec Network-to-Network Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.8.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">2.9.
Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.9.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.9.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">2.9.3. Using IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.9.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.9.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.9.6. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a hre
f="#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.9.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">2.9.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">2.9.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">2.10. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">2.10.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.10.2. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.10.3. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.10.4. IPTables Control Scr
ipts</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">2.10.5. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">2.10.6. Additional Resources</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Encryption">3. Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File Based Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">3.4. Data in Motion</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encry
ption-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual Private Networks</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually Encrypting Directories</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplish
ed">3.7.4. What you have just accomplished.</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">3.7.5. Links of Interest</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip Encrypted Archives</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step Installation Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step Usage Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things of note</a></
span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">3.9. Using GNU Privacy Guard (GnuPG)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">3.9.2. Creating GPG Keys in KDE</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">3.9.3. Creating GPG Keys Using the Command Line</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.4. About Public Key Encryption</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-General_Principles_of_Information_Security">4. General Principles of Information Security</a></span></dt><dd><dl><dt><span class="section"><a
href="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.1. Tips, Guides, and Tools</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Secure_Installation">5. Secure Installation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize LUKS Partition Encryption</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Software_Maintenance">6. Software Maintenance</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan and Configure Sec
urity Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-References">7. References</a></span></dt></dl></div><div xml:lang="en-US" class="preface" title="Preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security_Guide-Preface" class="title">Preface</h1></div></div></div><div xml:lang="en-US" class="section" title="1. Document Conventions" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="id2062979">1. Document Conventions</h2></div></div></div><div class="para">
+</div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#pref-Security_Guide-Preface">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="#id901540">1. Document Conventions</a></span></dt><dd><dl><dt><span class="section"><a href="#id399921">1.1. Typographic Conventions</a></span></dt><dt><span class="section"><a href="#id386694">1.2. Pull-quote Conventions</a></span></dt><dt><span class="section"><a href="#id400082">1.3. Notes and Warnings</a></span></dt></dl></dd><dt><span class="section"><a href="#We_Need_Feedback">2. We Need Feedback!</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Security_Overview">1. Security Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1.
What is Computer Security?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Security Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_
Tools">1.2.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Common_Exploits_and_Attacks">1
.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verifying Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installing Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applying the Changes</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Securing_Your_Network">2. Securing Your Network</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Release_Notes-Security-Install-trusted-packages">2.1. Local user
s may install trusted packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">2.2. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.2.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.2.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Security">2.2.3. Password Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.2.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.2.5. Available Network Services</a></span></dt><dt><span class="section"><a href="#sect-Security_Guid
e-Workstation_Security-Personal_Firewalls">2.2.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.2.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">2.3. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.3.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">2.3.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NIS">2.3.3. Securing NIS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">2.3.4. Securing NFS</a></span></dt><dt><span class="section"><a href="#sect-S
ecurity_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.3.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">2.3.6. Securing FTP</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">2.3.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.3.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">2.4. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.4.1. Introduction</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.4.2. Getting Started with your new Smart Card</a></span></dt><dt><span clas
s="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.4.3. How Smart Card Enrollment Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.4.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.4.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.5.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.5.2. PAM Configuration Files</a></span></dt><dt><span class=
"section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.5.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.5.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.5.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.5.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.5.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.5.8. Addit
ional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">2.6. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.6.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.6.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.6.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.6.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Kerberos">2.7. Kerberos</a></spa
n></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">2.7.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">2.7.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">2.7.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.7.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.7.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.7.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.7.7. Domain-to-Realm Mapping</a></span></dt><dt><span class="section"><a href
="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.7.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.7.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">2.7.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">2.8. Virtual Private Networks (VPNs)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.8.1. How Does a VPN Work?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.8.2. VPNs and Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.8.3. IPsec</a></span></dt><dt><span class="sec
tion"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.8.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.8.5. IPsec Installation</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.8.6. IPsec Host-to-Host Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.8.7. IPsec Network-to-Network Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.8.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">2.9. Fi
rewalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.9.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.9.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">2.9.3. Using IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.9.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.9.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.9.6. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="
#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.9.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">2.9.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">2.9.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">2.10. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">2.10.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.10.2. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.10.3. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.10.4. IPTables Control Script
s</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">2.10.5. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">2.10.6. Additional Resources</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Encryption">3. Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File Based Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">3.4. Data in Motion</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encrypti
on-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual Private Networks</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually Encrypting Directories</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished"
>3.7.4. What you have just accomplished.</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">3.7.5. Links of Interest</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip Encrypted Archives</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step Installation Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step Usage Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things of note</a></spa
n></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">3.9. Using GNU Privacy Guard (GnuPG)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">3.9.2. Creating GPG Keys in KDE</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">3.9.3. Creating GPG Keys Using the Command Line</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.4. About Public Key Encryption</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-General_Principles_of_Information_Security">4. General Principles of Information Security</a></span></dt><dd><dl><dt><span class="section"><a hr
ef="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.1. Tips, Guides, and Tools</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Secure_Installation">5. Secure Installation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize LUKS Partition Encryption</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Software_Maintenance">6. Software Maintenance</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan and Configure Securi
ty Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-References">7. References</a></span></dt><dt><span class="appendix"><a href="#chap-Security_Guide-Encryption_Standards">A. Encryption Standard</a></span></dt><dd><dl><dt><span class="section"><a href="#id408165">A.1. Synchronous Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#id372566">A.1.1. Advanced Encryption Standard - AES</a></span></dt><dt><span class="section"><a href="#id1789380">A.1.2. Data Encryption Standard - DES</a></span></dt></dl></dd><dt><span class="section">
<a href="#id354203">A.2. Public-key Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#id388692">A.2.1. Diffie-Hellman</a></span></dt><dt><span class="section"><a href="#id472157">A.2.2. RSA</a></span></dt><dt><span class="section"><a href="#id472172">A.2.3. DSA</a></span></dt><dt><span class="section"><a href="#id414407">A.2.4. SSL/TLS</a></span></dt><dt><span class="section"><a href="#id414419">A.2.5. Cramer-Shoup Cryptosystem</a></span></dt><dt><span class="section"><a href="#id414432">A.2.6. ElGamal Encryption</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-Publican-Revision_History">B. Revision History</a></span></dt></dl></div><div xml:lang="en-US" class="preface" title="Preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security_Guide-Preface" class="title">Preface</h1></div></div></div><div xml:lang="en-US" class="section" title="1. Document Conventions" lang="en-US"><div class="titlepage"><div><div><h
2 class="title" id="id901540">1. Document Conventions</h2></div></div></div><div class="para">
This manual uses several conventions to highlight certain words and phrases and draw attention to specific pieces of information.
</div><div class="para">
In PDF and paper editions, this manual uses typefaces drawn from the <a href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a> set. The Liberation Fonts set is also used in HTML editions if the set is installed on your system. If not, alternative but equivalent typefaces are displayed. Note: Red Hat Enterprise Linux 5 and later includes the Liberation Fonts set by default.
- </div><div class="section" title="1.1. Typographic Conventions"><div class="titlepage"><div><div><h3 class="title" id="id2059680">1.1. Typographic Conventions</h3></div></div></div><div class="para">
+ </div><div class="section" title="1.1. Typographic Conventions"><div class="titlepage"><div><div><h3 class="title" id="id399921">1.1. Typographic Conventions</h3></div></div></div><div class="para">
Four typographic conventions are used to call attention to specific words and phrases. These conventions, and the circumstances they apply to, are as follows.
</div><div class="para">
<code class="literal">Mono-spaced Bold</code>
@@ -84,7 +84,7 @@
Aside from standard usage for presenting the title of a work, italics denotes the first use of a new and important term. For example:
</div><div class="blockquote"><blockquote class="blockquote"><div class="para">
When the Apache HTTP Server accepts requests, it dispatches child processes or threads to handle them. This group of child processes or threads is known as a <em class="firstterm">server-pool</em>. Under Apache HTTP Server 2.0, the responsibility for creating and maintaining these server-pools has been abstracted to a group of modules called <em class="firstterm">Multi-Processing Modules</em> (<em class="firstterm">MPMs</em>). Unlike other modules, only one module from the MPM group can be loaded by the Apache HTTP Server.
- </div></blockquote></div></div><div class="section" title="1.2. Pull-quote Conventions"><div class="titlepage"><div><div><h3 class="title" id="id615681">1.2. Pull-quote Conventions</h3></div></div></div><div class="para">
+ </div></blockquote></div></div><div class="section" title="1.2. Pull-quote Conventions"><div class="titlepage"><div><div><h3 class="title" id="id386694">1.2. Pull-quote Conventions</h3></div></div></div><div class="para">
Terminal output and source code listings are set off visually from the surrounding text.
</div><div class="para">
Output sent to a terminal is set in <code class="computeroutput">mono-spaced roman</code> and presented thus:
@@ -111,7 +111,7 @@
System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Echo.echo('Hello') = "</span> + echo.<span class="perl_Function">echo</span>(<span class="perl_String">"Hello"</span>));
}
}
-</pre></pre></div><div class="section" title="1.3. Notes and Warnings"><div class="titlepage"><div><div><h3 class="title" id="id2114114">1.3. Notes and Warnings</h3></div></div></div><div class="para">
+</pre></pre></div><div class="section" title="1.3. Notes and Warnings"><div class="titlepage"><div><div><h3 class="title" id="id400082">1.3. Notes and Warnings</h3></div></div></div><div class="para">
Finally, we use three visual styles to draw attention to information that might otherwise be overlooked.
</div><div class="note"><h2>Note</h2><div class="para">
Notes are tips, shortcuts or alternative approaches to the task at hand. Ignoring a note should have no negative consequences, but you might miss out on a trick that makes your life easier.
@@ -130,7 +130,7 @@
</div><div xml:lang="en-US" class="section" title="1.1. Introduction to Security" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</h2></div></div></div><div class="section" title="1.1.1. What is Computer Security?"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</h3></div></div></div><div class="para">
Computer security is a general term that covers a wide area of computing and information processing. Industries that depend on computer systems and networks to conduct daily business transactions and access crucial information regard their data as an important part of their overall assets. Several terms and metrics have entered our daily business vocabulary, such as total cost of ownership (TCO) and quality of service (QoS). Using these metrics, industries can calculate aspects such as data integrity and high-availability as part of their planning and process management costs. In some industries, such as electronic commerce, the availability and trustworthiness of data can be the difference between success and failure.
</div><div class="section" title="1.1.1.1. How did Computer Security Come about?"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about">1.1.1.1. How did Computer Security Come about?</h4></div></div></div><div class="para">
- Information security has evolved over the years due to the increasing reliance on public networks not to disclose personal, financial, and other restricted information. There are numerous instances such as the Mitnick <sup>[<a id="id604943" href="#ftn.id604943" class="footnote">1</a>]</sup>and the Vladimir Levin <sup>[<a id="id604935" href="#ftn.id604935" class="footnote">2</a>]</sup>cases that prompted organizations across all industries to re-think the way they handle information, as well as its transmission and disclosure. The popularity of the Internet was one of the most important developments that prompted an intensified effort in data security.
+ Information security has evolved over the years due to the increasing reliance on public networks not to disclose personal, financial, and other restricted information. There are numerous instances such as the Mitnick <sup>[<a id="id871249" href="#ftn.id871249" class="footnote">1</a>]</sup>and the Vladimir Levin <sup>[<a id="id871241" href="#ftn.id871241" class="footnote">2</a>]</sup>cases that prompted organizations across all industries to re-think the way they handle information, as well as its transmission and disclosure. The popularity of the Internet was one of the most important developments that prompted an intensified effort in data security.
</div><div class="para">
An ever-growing number of people are using their personal computers to gain access to the resources that the Internet has to offer. From research and information retrieval to electronic mail and commerce transaction, the Internet has been regarded as one of the most important developments of the 20th century.
</div><div class="para">
@@ -138,19 +138,19 @@
</div></div><div class="section" title="1.1.1.2. Security Today"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Security_Today">1.1.1.2. Security Today</h4></div></div></div><div class="para">
In February of 2000, a Distributed Denial of Service (DDoS) attack was unleashed on several of the most heavily-trafficked sites on the Internet. The attack rendered yahoo.com, cnn.com, amazon.com, fbi.gov, and several other sites completely unreachable to normal users, as it tied up routers for several hours with large-byte ICMP packet transfers, also called a <em class="firstterm">ping flood</em>. The attack was brought on by unknown assailants using specially created, widely available programs that scanned vulnerable network servers, installed client applications called <em class="firstterm">trojans</em> on the servers, and timed an attack with every infected server flooding the victim sites and rendering them unavailable. Many blame the attack on fundamental flaws in the way routers and the protocols used are structured to accept all incoming data, no matter where or for what purpose the packets are sent.
</div><div class="para">
- In 2007, a data breach exploiting the widely-known weaknesses of the Wired Equivalent Privacy (WEP) wireless encryption protocol resulted in the theft from a global financial institution of over 45 million credit card numbers.<sup>[<a id="id523698" href="#ftn.id523698" class="footnote">3</a>]</sup>
+ In 2007, a data breach exploiting the widely-known weaknesses of the Wired Equivalent Privacy (WEP) wireless encryption protocol resulted in the theft from a global financial institution of over 45 million credit card numbers.<sup>[<a id="id413559" href="#ftn.id413559" class="footnote">3</a>]</sup>
</div><div class="para">
- In a separate incident, the billing records of over 2.2 million patients stored on a backup tape were stolen from the front seat of a courier's car.<sup>[<a id="id523695" href="#ftn.id523695" class="footnote">4</a>]</sup>
+ In a separate incident, the billing records of over 2.2 million patients stored on a backup tape were stolen from the front seat of a courier's car.<sup>[<a id="id413556" href="#ftn.id413556" class="footnote">4</a>]</sup>
</div><div class="para">
- Currently, an estimated 1.4 billion people use or have used the Internet worldwide.<sup>[<a id="id523636" href="#ftn.id523636" class="footnote">5</a>]</sup> At the same time:
+ Currently, an estimated 1.4 billion people use or have used the Internet worldwide.<sup>[<a id="id413496" href="#ftn.id413496" class="footnote">5</a>]</sup> At the same time:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- On any given day, there are approximately 225 major incidences of security breach reported to the CERT Coordination Center at Carnegie Mellon University.<sup>[<a id="id523666" href="#ftn.id523666" class="footnote">6</a>]</sup>
+ On any given day, there are approximately 225 major incidences of security breach reported to the CERT Coordination Center at Carnegie Mellon University.<sup>[<a id="id413527" href="#ftn.id413527" class="footnote">6</a>]</sup>
</div></li><li class="listitem"><div class="para">
- In 2003, the number of CERT reported incidences jumped to 137,529 from 82,094 in 2002 and from 52,658 in 2001.<sup>[<a id="id523654" href="#ftn.id523654" class="footnote">7</a>]</sup>
+ In 2003, the number of CERT reported incidences jumped to 137,529 from 82,094 in 2002 and from 52,658 in 2001.<sup>[<a id="id413515" href="#ftn.id413515" class="footnote">7</a>]</sup>
</div></li><li class="listitem"><div class="para">
- The worldwide economic impact of the three most dangerous Internet Viruses of the last three years was estimated at US$13.2 Billion.<sup>[<a id="id523639" href="#ftn.id523639" class="footnote">8</a>]</sup>
+ The worldwide economic impact of the three most dangerous Internet Viruses of the last three years was estimated at US$13.2 Billion.<sup>[<a id="id413500" href="#ftn.id413500" class="footnote">8</a>]</sup>
</div></li></ul></div><div class="para">
- From a 2008 global survey of business and technology executives "The Global State of Information Security"<sup>[<a id="id2119448" href="#ftn.id2119448" class="footnote">9</a>]</sup>, undertaken by <span class="emphasis"><em>CIO Magazine</em></span>, some points are:
+ From a 2008 global survey of business and technology executives "The Global State of Information Security"<sup>[<a id="id413486" href="#ftn.id413486" class="footnote">9</a>]</sup>, undertaken by <span class="emphasis"><em>CIO Magazine</em></span>, some points are:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Just 43% of respondents audit or monitor user compliance with security policies
</div></li><li class="listitem"><div class="para">
@@ -383,7 +383,7 @@
</div><div class="para">
Refer to <a class="xref" href="#sect-Security_Guide-Security_Updates" title="1.5. Security Updates">Section 1.5, “Security Updatesâ€</a> for more information about keeping a system up-to-date.
</div></div><div class="section" title="1.3.3.3. Inattentive Administration"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.3.3.3. Inattentive Administration</h4></div></div></div><div class="para">
- Administrators who fail to patch their systems are one of the greatest threats to server security. According to the <em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>), the primary cause of computer security vulnerability is to "assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job."<sup>[<a id="id761299" href="#ftn.id761299" class="footnote">10</a>]</sup> This applies as much to inexperienced administrators as it does to overconfident or amotivated administrators.
+ Administrators who fail to patch their systems are one of the greatest threats to server security. According to the <em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>), the primary cause of computer security vulnerability is to "assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job."<sup>[<a id="id885351" href="#ftn.id885351" class="footnote">10</a>]</sup> This applies as much to inexperienced administrators as it does to overconfident or amotivated administrators.
</div><div class="para">
Some administrators fail to patch their servers and workstations, while others fail to watch log messages from the system kernel or network traffic. Another common error is when default passwords or keys to services are left unchanged. For example, some databases have default administration passwords because the database developers assume that the system administrator changes these passwords immediately after installation. If a database administrator fails to change this password, even an inexperienced cracker can use a widely-known default password to gain administrative privileges to the database. These are only a few examples of how inattentive administration can lead to compromised servers.
</div></div><div class="section" title="1.3.3.4. Inherently Insecure Services"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.3.3.4. Inherently Insecure Services</h4></div></div></div><div class="para">
@@ -550,25 +550,25 @@
</div><div class="para">
To kill all active IMAP sessions, issue the following command:
</div><pre class="screen"><code class="command">killall imapd</code>
-</pre></dd></dl></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id604943" href="#id604943" class="para">1</a>] </sup>
+</pre></dd></dl></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id871249" href="#id871249" class="para">1</a>] </sup>
http://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id604935" href="#id604935" class="para">2</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id871241" href="#id871241" class="para">2</a>] </sup>
http://www.livinginternet.com/i/ia_hackers_levin.htm
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id523698" href="#id523698" class="para">3</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id413559" href="#id413559" class="para">3</a>] </sup>
http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id523695" href="#id523695" class="para">4</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id413556" href="#id413556" class="para">4</a>] </sup>
http://www.healthcareitnews.com/story.cms?id=9408
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id523636" href="#id523636" class="para">5</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id413496" href="#id413496" class="para">5</a>] </sup>
http://www.internetworldstats.com/stats.htm
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id523666" href="#id523666" class="para">6</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id413527" href="#id413527" class="para">6</a>] </sup>
http://www.cert.org
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id523654" href="#id523654" class="para">7</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id413515" href="#id413515" class="para">7</a>] </sup>
http://www.cert.org/stats/fullstats.html
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id523639" href="#id523639" class="para">8</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id413500" href="#id413500" class="para">8</a>] </sup>
http://www.newsfactor.com/perl/story/16407.html
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id2119448" href="#id2119448" class="para">9</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id413486" href="#id413486" class="para">9</a>] </sup>
http://www.csoonline.com/article/454939/The_Global_State_of_Information_Security_
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id761299" href="#id761299" class="para">10</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id885351" href="#id885351" class="para">10</a>] </sup>
http://www.sans.org/resources/errors.php
</p></div></div></div><div xml:lang="en-US" class="chapter" title="Chapter 2. Securing Your Network" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Securing_Your_Network">Chapter 2. Securing Your Network</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Release_Notes-Security-Install-trusted-packages">2.1. Local users may install trusted packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">2.2. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.2.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.2.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Secur
ity">2.2.3. Password Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.2.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.2.5. Available Network Services</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Personal_Firewalls">2.2.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.2.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">2.3. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.3.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span cl
ass="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">2.3.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NIS">2.3.3. Securing NIS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">2.3.4. Securing NFS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.3.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">2.3.6. Securing FTP</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">2.3.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.3.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-S
ecurity_Guide-Single_Sign_on_SSO">2.4. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.4.1. Introduction</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.4.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.4.3. How Smart Card Enrollment Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.4.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.4.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM
">2.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.5.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.5.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.5.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.5.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.5.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM
-PAM_and_Administrative_Credential_Caching">2.5.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.5.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.5.8. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">2.6. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.6.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.6.3. xinetd</a></span></dt
><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.6.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.6.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Kerberos">2.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">2.7.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">2.7.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">2.7.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.7.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configu
ring_a_Kerberos_5_Server">2.7.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.7.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.7.7. Domain-to-Realm Mapping</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.7.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.7.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">2.7.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">2.8. Virtual Private Networks (VPNs)</a></span></dt><dd><dl><dt><span class="section"><a
href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.8.1. How Does a VPN Work?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.8.2. VPNs and Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.8.3. IPsec</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.8.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.8.5. IPsec Installation</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.8.6. IPsec Host-to-Host Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec
_Network_to_Network_Configuration">2.8.7. IPsec Network-to-Network Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.8.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">2.9. Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.9.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.9.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">2.9.3. Using IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.9.4. Common IPTables Filtering</a></span></dt><dt><span class
="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.9.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.9.6. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.9.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">2.9.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">2.9.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">2.10. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">2.10.1. Packet Filtering</a></span></dt><
dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.10.2. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.10.3. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.10.4. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">2.10.5. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">2.10.6. Additional Resources</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" title="2.1. Local users may install trusted packages" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Release_Notes-Security-Install-trusted-packages">2.1. Local users may install trusted packages</h2></div></div></div><div class
="warning"><h2>Non-privileged users may install software.</h2><div class="para">
In Fedora 12, a <span class="emphasis"><em>local</em></span> user may install <span class="emphasis"><em>signed</em></span> packages without authentication. This is a change from Fedora 11.
@@ -613,7 +613,7 @@
</div><div class="para">
If the workstation is located in a place where only authorized or trusted people have access, however, then securing the BIOS or the boot loader may not be necessary.
</div><div class="section" title="2.2.2.1. BIOS Passwords"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords">2.2.2.1. BIOS Passwords</h4></div></div></div><div class="para">
- The two primary reasons for password protecting the BIOS of a computer are<sup>[<a id="id545359" href="#ftn.id545359" class="footnote">11</a>]</sup>:
+ The two primary reasons for password protecting the BIOS of a computer are<sup>[<a id="id851257" href="#ftn.id851257" class="footnote">11</a>]</sup>:
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
<span class="emphasis"><em>Preventing Changes to BIOS Settings</em></span> — If an intruder has access to the BIOS, they can set it to boot from a diskette or CD-ROM. This makes it possible for them to enter rescue mode or single user mode, which in turn allows them to start arbitrary processes on the system or copy sensitive data.
</div></li><li class="listitem"><div class="para">
@@ -645,7 +645,7 @@
Next, edit the GRUB configuration file <code class="filename">/boot/grub/grub.conf</code>. Open the file and below the <code class="command">timeout</code> line in the main section of the document, add the following line:
</div><pre class="screen"><code class="command">password --md5 <em class="replaceable"><code><password-hash></code></em></code>
</pre><div class="para">
- Replace <em class="replaceable"><code><password-hash></code></em> with the value returned by <code class="command">/sbin/grub-md5-crypt</code><sup>[<a id="id545175" href="#ftn.id545175" class="footnote">12</a>]</sup>.
+ Replace <em class="replaceable"><code><password-hash></code></em> with the value returned by <code class="command">/sbin/grub-md5-crypt</code><sup>[<a id="id851073" href="#ftn.id851073" class="footnote">12</a>]</sup>.
</div><div class="para">
The next time the system boots, the GRUB menu prevents access to the editor or command interface without first pressing <span class="keycap"><strong>p</strong></span> followed by the GRUB password.
</div><div class="para">
@@ -898,12 +898,12 @@
</td></tr><tr><td>
Use PAM to limit root access to services.
</td><td>
- Edit the file for the target service in the <code class="filename">/etc/pam.d/</code> directory. Make sure the <code class="filename">pam_listfile.so</code> is required for authentication.<sup>[<a id="id2080012" href="#ftn.id2080012" class="footnote">a</a>]</sup>
+ Edit the file for the target service in the <code class="filename">/etc/pam.d/</code> directory. Make sure the <code class="filename">pam_listfile.so</code> is required for authentication.<sup>[<a id="id612202" href="#ftn.id612202" class="footnote">a</a>]</sup>
</td><td>
<table border="0" summary="Simple list" class="simplelist"><tr><td> Prevents root access to network services that are PAM aware. </td></tr><tr><td> The following services are prevented from accessing the root account: </td></tr><tr><td> · FTP clients </td></tr><tr><td> · Email clients </td></tr><tr><td> · <code class="command">login</code></td></tr><tr><td> · <code class="command">gdm</code></td></tr><tr><td> · <code class="command">kdm</code></td></tr><tr><td> · <code class="command">xdm</code></td></tr><tr><td> · <code class="command">ssh</code></td></tr><tr><td> · <code class="command">scp</code></td></tr><tr><td> · <code class="command">sftp</code></td></tr><tr><td> · Any PAM aware services </td></tr></table>
</td><td>
<table border="0" summary="Simple list" class="simplelist"><tr><td> Programs and services that are not PAM aware. </td></tr></table>
- </td></tr></tbody><tbody class="footnotes"><tr><td colspan="4"><div class="footnote"><p><sup>[<a id="ftn.id2080012" href="#id2080012" class="para">a</a>] </sup>
+ </td></tr></tbody><tbody class="footnotes"><tr><td colspan="4"><div class="footnote"><p><sup>[<a id="ftn.id612202" href="#id612202" class="para">a</a>] </sup>
Refer to <a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM" title="2.2.4.2.4. Disabling Root Using PAM">Section 2.2.4.2.4, “Disabling Root Using PAMâ€</a> for details.
</p></div></td></tr></tbody></table></div><h6>Table 2.1. Methods of Disabling the Root Account</h6></div><br class="table-break" /><div class="section" title="2.2.4.2.1. Disabling the Root Shell"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">2.2.4.2.1. Disabling the Root Shell</h5></div></div></div><div class="para">
To prevent users from logging in directly as root, the system administrator can set the root account's shell to <code class="command">/sbin/nologin</code> in the <code class="filename">/etc/passwd</code> file. This prevents access to the root account through commands that require a shell, such as the <code class="command">su</code> and the <code class="command">ssh</code> commands.
@@ -938,7 +938,7 @@
</div><div class="section" title="2.2.4.3.1. The su Command"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command">2.2.4.3.1. The <code class="command">su</code> Command</h5></div></div></div><div class="para">
When a user executes the <code class="command">su</code> command, they are prompted for the root password and, after authentication, is given a root shell prompt.
</div><div class="para">
- Once logged in via the <code class="command">su</code> command, the user <span class="emphasis"><em>is</em></span> the root user and has absolute administrative access to the system<sup>[<a id="id2033360" href="#ftn.id2033360" class="footnote">13</a>]</sup>. In addition, once a user has become root, it is possible for them to use the <code class="command">su</code> command to change to any other user on the system without being prompted for a password.
+ Once logged in via the <code class="command">su</code> command, the user <span class="emphasis"><em>is</em></span> the root user and has absolute administrative access to the system<sup>[<a id="id886054" href="#ftn.id886054" class="footnote">13</a>]</sup>. In addition, once a user has become root, it is possible for them to use the <code class="command">su</code> command to change to any other user on the system without being prompted for a password.
</div><div class="para">
Because this program is so powerful, administrators within an organization may wish to limit who has access to the command.
</div><div class="para">
@@ -2378,7 +2378,7 @@
</div><div class="para">
Kerberos is a way to eliminate the need for protocols that allow unsafe methods of authentication, thereby enhancing overall network security.
</div><div class="section" title="2.7.1. What is Kerberos?"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-What_is_Kerberos">2.7.1. What is Kerberos?</h3></div></div></div><div class="para">
- Kerberos is a network authentication protocol created by MIT, and uses symmetric-key cryptography<sup>[<a id="id2090390" href="#ftn.id2090390" class="footnote">14</a>]</sup> to authenticate users to network services, which means passwords are never actually sent over the network.
+ Kerberos is a network authentication protocol created by MIT, and uses symmetric-key cryptography<sup>[<a id="id501738" href="#ftn.id501738" class="footnote">14</a>]</sup> to authenticate users to network services, which means passwords are never actually sent over the network.
</div><div class="para">
Consequently, when users authenticate to network services using Kerberos, unauthorized users attempting to gather passwords by monitoring network traffic are effectively thwarted.
</div><div class="section" title="2.7.1.1. Advantages of Kerberos"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos">2.7.1.1. Advantages of Kerberos</h4></div></div></div><div class="para">
@@ -3928,13 +3928,13 @@
<a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — The home of the netfilter/iptables project. Contains assorted information about <code class="command">iptables</code>, including a FAQ addressing specific problems and various helpful guides by Rusty Russell, the Linux IP firewall maintainer. The HOWTO documents on the site cover subjects such as basic networking concepts, kernel packet filtering, and NAT configurations.
</div></li><li class="listitem"><div class="para">
<a href="http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html">http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html</a> — An introduction to the way packets move through the Linux kernel, plus an introduction to constructing basic <code class="command">iptables</code> commands.
- </div></li></ul></div></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id545359" href="#id545359" class="para">11</a>] </sup>
+ </div></li></ul></div></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id851257" href="#id851257" class="para">11</a>] </sup>
Since system BIOSes differ between manufacturers, some may not support password protection of either type, while others may support one type but not the other.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id545175" href="#id545175" class="para">12</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id851073" href="#id851073" class="para">12</a>] </sup>
GRUB also accepts unencrypted passwords, but it is recommended that an MD5 hash be used for added security.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id2033360" href="#id2033360" class="para">13</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id886054" href="#id886054" class="para">13</a>] </sup>
This access is still subject to the restrictions imposed by SELinux, if it is enabled.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id2090390" href="#id2090390" class="para">14</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id501738" href="#id501738" class="para">14</a>] </sup>
A system where both the client and the server share a common key that is used to encrypt and decrypt network communication.
</p></div></div></div><div xml:lang="en-US" class="chapter" title="Chapter 3. Encryption" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Encryption">Chapter 3. Encryption</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File Based Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">3.4. Data in Motion</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual Private Networks</a></span></dt><dt><span class="section"><a href="#Security_Gu
ide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually Encrypting Directories</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">3.7.4. What you have just accomplished.</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Lin
ks_of_Interest">3.7.5. Links of Interest</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip Encrypted Archives</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step Installation Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step Usage Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things of note</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">3.9. Using GNU Privacy Guard (GnuPG)</a><
/span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">3.9.2. Creating GPG Keys in KDE</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">3.9.3. Creating GPG Keys Using the Command Line</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.4. About Public Key Encryption</a></span></dt></dl></dd></dl></div><div class="para">
There are two main types of data that must be protected: data at rest and data in motion. These different types of data are protected in similar ways using similar technology but the implementations can be completely different. No single protective implementation can prevent all possible methods of compromise as the same information may be at rest and in motion at different points in time.
@@ -4226,4 +4226,110 @@
<a href="http://www.cs.utah.edu/flux/fluke/html/flask.html">http://www.cs.utah.edu/flux/fluke/html/flask.html</a>
</div></dd><dt><span class="term">Full background on Fluke</span></dt><dd><div class="para">
<a href="http://www.cs.utah.edu/flux/fluke/html/index.html">http://www.cs.utah.edu/flux/fluke/html/index.html</a>
- </div></dd></dl></div></div></div></body></html>
+ </div></dd></dl></div></div><div xml:lang="en-US" class="appendix" title="Appendix A. Encryption Standard" lang="en-US"><div class="titlepage"><div><div><h1 id="chap-Security_Guide-Encryption_Standards" class="title">Encryption Standard</h1></div></div></div><div class="para">
+ </div><div class="section" title="A.1. Synchronous Encryption"><div class="titlepage"><div><div><h2 class="title" id="id408165">A.1. Synchronous Encryption</h2></div></div></div><div class="para">
+ </div><div class="section" title="A.1.1. Advanced Encryption Standard - AES"><div class="titlepage"><div><div><h3 class="title" id="id372566">A.1.1. Advanced Encryption Standard - AES</h3></div></div></div><div class="para">
+ In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES).<sup>[<a id="id399429" href="#ftn.id399429" class="footnote">15</a>]</sup>
+ </div><div class="section" title="A.1.1.1. AES Uses"><div class="titlepage"><div><div><h4 class="title" id="id421721">A.1.1.1. AES Uses</h4></div></div></div><div class="para">
+ </div></div><div class="section" title="A.1.1.2. AES History"><div class="titlepage"><div><div><h4 class="title" id="id513055">A.1.1.2. AES History</h4></div></div></div><div class="para">
+ AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May 26, 2002. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information (see Security of AES, below).<sup>[<a id="id378335" href="#ftn.id378335" class="footnote">16</a>]</sup>
+ </div><div class="para">
+ The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the AES selection process. Rijndael (pronounced [rÉ›indaËl]) is a portmanteau of the names of the two inventors.<sup>[<a id="id445003" href="#ftn.id445003" class="footnote">17</a>]</sup>
+ </div></div></div><div class="section" title="A.1.2. Data Encryption Standard - DES"><div class="titlepage"><div><div><h3 class="title" id="id1789380">A.1.2. Data Encryption Standard - DES</h3></div></div></div><div class="para">
+ The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm that uses a 56-bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis.<sup>[<a id="id1789126" href="#ftn.id1789126" class="footnote">18</a>]</sup>
+ </div><div class="section" title="A.1.2.1. DES Uses"><div class="titlepage"><div><div><h4 class="title" id="id1789145">A.1.2.1. DES Uses</h4></div></div></div><div class="para">
+ </div></div><div class="section" title="A.1.2.2. DES History"><div class="titlepage"><div><div><h4 class="title" id="id1789157">A.1.2.2. DES History</h4></div></div></div><div class="para">
+ DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are unfeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES).<sup>[<a id="id354155" href="#ftn.id354155" class="footnote">19</a>]</sup>
+ </div><div class="para">
+ In some documentation, a distinction is made between DES as a standard and DES the algorithm which is referred to as the DEA (the Data Encryption Algorithm). When spoken, "DES" is either spelled out as an abbreviation (/ËŒdiËËŒiËˈɛs/), or pronounced as a one-syllable acronym (/ˈdÉ›z/).<sup>[<a id="id354179" href="#ftn.id354179" class="footnote">20</a>]</sup>
+ </div></div></div></div><div class="section" title="A.2. Public-key Encryption"><div class="titlepage"><div><div><h2 class="title" id="id354203">A.2. Public-key Encryption</h2></div></div></div><div class="para">
+ Public-key cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Using the techniques of public key-private key cryptography, many methods of protecting communications or authenticating messages formerly unknown have become practical. They do not require a secure initial exchange of one or more secret keys as is required when using symmetric key algorithms. It can also be used to create digital signatures.<sup>[<a id="id483978" href="#ftn.id483978" class="footnote">21</a>]</sup>
+ </div><div class="para">
+ Public key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG.<sup>[<a id="id484002" href="#ftn.id484002" class="footnote">22</a>]</sup>
+ </div><div class="para">
+ The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s.<sup>[<a id="id494705" href="#ftn.id494705" class="footnote">23</a>]</sup>
+ </div><div class="para">
+ In contrast, Symmetric-key algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance.<sup>[<a id="id494730" href="#ftn.id494730" class="footnote">24</a>]</sup>
+ </div><div class="para">
+ Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a key-exchange algorithm and transmit data using that key and a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are called hybrid cryptosystems in consequence.<sup>[<a id="id494752" href="#ftn.id494752" class="footnote">25</a>]</sup>
+ </div><div class="section" title="A.2.1. Diffie-Hellman"><div class="titlepage"><div><div><h3 class="title" id="id388692">A.2.1. Diffie-Hellman</h3></div></div></div><div class="para">
+ Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.<sup>[<a id="id496571" href="#ftn.id496571" class="footnote">26</a>]</sup>
+ </div><div class="section" title="A.2.1.1. Diffie-Hellman History"><div class="titlepage"><div><div><h4 class="title" id="id376746">A.2.1.1. Diffie-Hellman History</h4></div></div></div><div class="para">
+ The scheme was first published by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified. In 2002, Hellman suggested the algorithm be called Diffie–Hellman–Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of public-key cryptography (Hellman, 2002).<sup>[<a id="id376759" href="#ftn.id376759" class="footnote">27</a>]</sup>
+ </div><div class="para">
+ Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite).<sup>[<a id="id376784" href="#ftn.id376784" class="footnote">28</a>]</sup>
+ </div><div class="para">
+ U.S. Patent 4,200,770, now expired, describes the algorithm and credits Hellman, Diffie, and Merkle as inventors.<sup>[<a id="id472135" href="#ftn.id472135" class="footnote">29</a>]</sup>
+ </div></div></div><div class="section" title="A.2.2. RSA"><div class="titlepage"><div><div><h3 class="title" id="id472157">A.2.2. RSA</h3></div></div></div><div class="para">
+ In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it; see below) is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.
+ </div></div><div class="section" title="A.2.3. DSA"><div class="titlepage"><div><div><h3 class="title" id="id472172">A.2.3. DSA</h3></div></div></div><div class="para">
+ </div></div><div class="section" title="A.2.4. SSL/TLS"><div class="titlepage"><div><div><h3 class="title" id="id414407">A.2.4. SSL/TLS</h3></div></div></div><div class="para">
+ </div></div><div class="section" title="A.2.5. Cramer-Shoup Cryptosystem"><div class="titlepage"><div><div><h3 class="title" id="id414419">A.2.5. Cramer-Shoup Cryptosystem</h3></div></div></div><div class="para">
+ </div></div><div class="section" title="A.2.6. ElGamal Encryption"><div class="titlepage"><div><div><h3 class="title" id="id414432">A.2.6. ElGamal Encryption</h3></div></div></div><div class="para">
+ </div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id399429" href="#id399429" class="para">15</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id378335" href="#id378335" class="para">16</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id445003" href="#id445003" class="para">17</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id1789126" href="#id1789126" class="para">18</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id354155" href="#id354155" class="para">19</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id354179" href="#id354179" class="para">20</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id483978" href="#id483978" class="para">21</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id484002" href="#id484002" class="para">22</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id494705" href="#id494705" class="para">23</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id494730" href="#id494730" class="para">24</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id494752" href="#id494752" class="para">25</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id496571" href="#id496571" class="para">26</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id376759" href="#id376759" class="para">27</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id376784" href="#id376784" class="para">28</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id472135" href="#id472135" class="para">29</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </p></div></div></div><div xml:lang="en-US" class="appendix" title="Appendix B. Revision History" lang="en-US"><div class="titlepage"><div><div><h1 id="appe-Publican-Revision_History" class="title">Revision History</h1></div></div></div><div class="para">
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 13.0-2</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added the Revision History to the end of the document.</td></tr><tr><td>Added the Encryption Standards appendix.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 13.0-1</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 13 branch.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-23</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Updated the section "Local users may install trusted packages" to the latest fix, again.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-22</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Updated the section "Local users may install trusted packages" to the latest fix.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-21</td><td align="left">Wed Nov 18 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added section "Local users may install trusted packages".</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-20</td><td align="left">Sat Nov 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added information from Wikipedia to the Encryption Standards appendix.</td></tr><tr><td>Added Adam Ligas to the author page for his role in developing the 7-Zip portions.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-19</td><td align="left">Mon Oct 26 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Updated license to CC-BY-SA.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-18</td><td align="left">Wed Aug 05 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Chrisetnsen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fixed issues related to Bug 515043.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-17</td><td align="left">Mon Jul 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired vendor information in SPEC.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-16</td><td align="left">Fri Jul 24 2009</td><td align="left"><span class="author"><span class="surname">Fedora Release Engineering</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-15</td><td align="left">Tue Jul 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added "desktop-file-utils" to BUILDREQUIRES on the spec</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-14</td><td align="left">Tue Mar 10 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Remove more rhel specifics, major review and remove draft, ready for push</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-13</td><td align="left">Mon Mar 2 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Lots of minor fixes</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-12</td><td align="left">Wed Feb 11 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>new screenshots from F11 replacing existing/older ones</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-11</td><td align="left">Tue Feb 03 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>LUKS specifics to Fedora 9 modified to include later releases as well.</td></tr><tr><td>Fix 404s in reference section, mainly bad NSA links.</td></tr><tr><td>minor formatting changes.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-10</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fixed missing firewall setup screenshot.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0-9</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired items found to be incorrect during validation. Many Red Hat references have been changed to Fedora references.</td></tr></table>
+ </td></tr></table></div>
+ </div></div></div></body></html>
- Previous message (by thread): web/html/docs/security-guide/f13/en-US/pdf security-guide.pdf, 1.1, 1.2
- Next message (by thread): web/html/docs/security-guide/f13/en-US/html Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html, 1.1, 1.2 Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html, 1.1, 1.2 Security_Guide-Encryption-Data_in_Motion.html, 1.1, 1.2 Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html, 1.1, 1.2 We_Need_Feedback.html, 1.1, 1.2 chap-Security_Guide-Encryption.html, 1.1, 1.2 chap-Security_Guide-General_Principles_of_Information_Security.html, 1.1, 1.2 chap-Security_Guide-References.html, 1.1, 1.2 chap-Security_Guide-Secure_Installation.html, 1.1, 1.2 chap-Security_Guide-Securing_Your_Network.html, 1.1, 1.2 chap-Security_Guide-Security_Overview.html, 1.1, 1.2 chap-Security_Guide-Software_Maintenance.html, 1.1, 1.2 index.html, 1.1, 1.2 pref-Security_Guide-Preface.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Related_Books.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Related_Documentation.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html, 1.1, 1.2 sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html, 1.1, 1.2 sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access.html, 1.1, 1.2 sect-Security_Guide-Administrative_Controls-Limiting_Root_Access.html, 1.1, 1.2 sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html, 1.1, 1.2 sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html, 1.1, 1.2 sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html, 1.1, 1.2 sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html, 1.1, 1.2 sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html, 1.1, 1.2 sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html, 1.1, 1.2 sect-Security_Guide-Attackers_and_Vulnerabilities.html, 1.1, 1.2 sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services.html, 1.1, 1.2 sect-Security_Guide-Available_Network_Services-Insecure_Services.html, 1.1, 1.2 sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html, 1.1, 1.2 sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html, 1.1, 1.2 sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html, 1.1, 1.2 sect-Security_Guide-Common_Exploits_and_Attacks.html, 1.1, 1.2 sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging.html, 1.1, 1.2 sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins.html, 1.1, 1.2 sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins.html, 1.1, 1.2 sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM.html, 1.1, 1.2 sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html, 1.1, 1.2 sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html, 1.1, 1.2 sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html, 1.1, 1.2 sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html, 1.1, 1.2 sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html, 1.1, 1.2 sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html, 1.1, 1.2 sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html, 1.1, 1.2 sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html, 1.1, 1.2 sect-Security_Guide-Encryption-Using_GPG.html, 1.1, 1.2 sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html, 1.1, 1.2 sect-Security_Guide-Evaluating_the_Tools-Nessus.html, 1.1, 1.2 sect-Security_Guide-Evaluating_the_Tools-Nikto.html, 1.1, 1.2 sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html, 1.1, 1.2 sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html, 1.1, 1.2 sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html, 1.1, 1.2 sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html, 1.1, 1.2 sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html, 1.1, 1.2 sect-Security_Guide-Firewalls-IPv6.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html, 1.1, 1.2 sect-Security_Guide-Firewalls-Using_IPTables.html, 1.1, 1.2 sect-Security_Guide-Firewalls.html, 1.1, 1.2 sect-Security_Guide-IPTables-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-IPTables-Command_Options_for_IPTables.html, 1.1, 1.2 sect-Security_Guide-IPTables-IPTables_Control_Scripts.html, 1.1, 1.2 sect-Security_Guide-IPTables-IPTables_and_IPv6.html, 1.1, 1.2 sect-Security_Guide-IPTables-Saving_IPTables_Rules.html, 1.1, 1.2 sect-Security_Guide-IPTables.html, 1.1, 1.2 sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html, 1.1, 1.2 sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html, 1.1, 1.2 sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html, 1.1, 1.2 sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html, 1.1, 1.2 sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html, 1.1, 1.2 sect-Security_Guide-Kerberos-How_Kerberos_Works.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Kerberos_Terminology.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Kerberos_and_PAM.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html, 1.1, 1.2 sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html, 1.1, 1.2 sect-Security_Guide-Kerberos.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html, 1.1, 1.2 sect-Security_Guide-LUKS_Disk_Encryption.html, 1.1, 1.2 sect-Security_Guide-Limiting_Root_Access-The_sudo_Command.html, 1.1, 1.2 sect-Security_Guide-Option_Fields-Access_Control.html, 1.1, 1.2 sect-Security_Guide-Option_Fields-Expansions.html, 1.1, 1.2 sect-Security_Guide-Option_Fields-Shell_Commands.html, 1.1, 1.2 sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html, 1.1, 1.2 sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html, 1.1, 1.2 sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html, 1.1, 1.2 sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html, 1.1, 1.2 sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html, 1.1, 1.2 sect-Security_Guide-Passphrases.html, 1.1, 1.2 sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html, 1.1, 1.2 sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html, 1.1, 1.2 sect-Security_Guide-Securing_FTP-Anonymous_Access.html, 1.1, 1.2 sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html, 1.1, 1.2 sect-Security_Guide-Securing_FTP-User_Accounts.html, 1.1, 1.2 sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html, 1.1, 1.2 sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html, 1.1, 1.2 sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html, 1.1, 1.2 sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html, 1.1, 1.2 sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html, 1.1, 1.2 sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html, 1.1, 1.2 sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html, 1.1, 1.2 sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html, 1.1, 1.2 sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html, 1.1, 1.2 sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html, 1.1, 1.2 sect-Security_Guide-Security_Updates.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_FTP.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_NFS.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_NIS.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_Portmap.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_Sendmail.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html, 1.1, 1.2 sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html, 1.1, 1.2 sect-Security_Guide-Server_Security.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html, 1.1, 1.2 sect-Security_Guide-Single_Sign_on_SSO.html, 1.1, 1.2 sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html, 1.1, 1.2 sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html, 1.1, 1.2 sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-TCP_Wrappers_and_xinetd.html, 1.1, 1.2 sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html, 1.1, 1.2 sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html, 1.1, 1.2 sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html, 1.1, 1.2 sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html, 1.1, 1.2 sect-Security_Guide-Updating_Packages-Applying_the_Changes.html, 1.1, 1.2 sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html, 1.1, 1.2 sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html, 1.1, 1.2 sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html, 1.1, 1.2 sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html, 1.1, 1.2 sect-Security_Guide-Virtual_Private_Networks_VPNs.html, 1.1, 1.2 sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html, 1.1, 1.2 sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html, 1.1, 1.2 sect-Security_Guide-Vulnerability_Assessment.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Administrative_Controls.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Available_Network_Services.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Password_Security.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Personal_Firewalls.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools.html, 1.1, 1.2 sect-Security_Guide-Workstation_Security.html, 1.1, 1.2 sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html, 1.1, 1.2 sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-docs-commits
mailing list