openSUSE Leap Documentation › Security Guide › Network Security
ContentsContents
Security Guide
  1. About This Guide
  2. 1 Security and Confidentiality
  3. I Authentication
    1. 2 Authentication with PAM
    2. 3 Using NIS
    3. 4 Setting Up Authentication Servers and Clients Using YaST
    4. 5 LDAP—A Directory Service
    5. 6 Network Authentication with Kerberos
    6. 7 Active Directory Support
  4. II Local Security
    1. 8 Configuring Security Settings with YaST
    2. 9 Authorization with PolKit
    3. 10 Access Control Lists in Linux
    4. 11 Encrypting Partitions and Files
    5. 12 Certificate Store
    6. 13 Intrusion Detection with AIDE
  5. III Network Security
    1. 14 SSH: Secure Network Operations
    2. 15 Masquerading and Firewalls
    3. 16 Configuring a VPN Server
    4. 17 Managing X.509 Certification
  6. IV Confining Privileges with AppArmor
    1. 18 Introducing AppArmor
    2. 19 Getting Started
    3. 20 Immunizing Programs
    4. 21 Profile Components and Syntax
    5. 22 AppArmor Profile Repositories
    6. 23 Building and Managing Profiles with YaST
    7. 24 Building Profiles from the Command Line
    8. 25 Profiling Your Web Applications Using ChangeHat
    9. 26 Confining Users with pam_apparmor
    10. 27 Managing Profiled Applications
    11. 28 Support
    12. 29 AppArmor Glossary
  7. V SELinux
    1. 30 Configuring SELinux
  8. VI The Linux Audit Framework
    1. 31 Understanding Linux Audit
    2. 32 Setting Up the Linux Audit Framework
    3. 33 Introducing an Audit Rule Set
    4. 34 Useful Resources
  9. A GNU Licenses
Navigation
openSUSE Leap Documentation › Security Guide › Network Security
Top
Applies to openSUSE Leap 42.3

Part III Network Security

14 SSH: Secure Network Operations

In networked environments, it is often necessary to access hosts from a remote location. If a user sends login and password strings for authentication purposes as plain text, they could be intercepted and misused to gain access to that user account without the authorized user knowing about it. This would open all the user's files to an attacker and the illegal account could be used to obtain administrator or root access, or to penetrate other systems. In the past, remote connections were established with telnet, rsh or rlogin, which offered no guards against eavesdropping in the form of encryption or other security mechanisms. There are other unprotected communication channels, like the traditional FTP protocol and some remote copying programs like rcp.

15 Masquerading and Firewalls

Whenever Linux is used in a network environment, you can use the kernel functions that allow the manipulation of network packets to maintain a separation between internal and external network areas. The Linux netfilter framework provides the means to establish an effective firewall that keeps differ…

16 Configuring a VPN Server

Today, Internet connections are cheap and available almost everywhere. However, not all connections are secure. Using a Virtual Private Network (VPN), you can create a secure network within an insecure network such as the Internet or Wi-Fi. It can be implemented in different ways and serves several purposes. In this chapter, we focus on the OpenVPN implementation to link branch offices via secure wide area networks (WANs).

17 Managing X.509 Certification

An increasing number of authentication mechanisms are based on cryptographic procedures. Digital certificates that assign cryptographic keys to their owners play an important role in this context. These certificates are used for communication and can also be found, for example, on company ID cards. The generation and administration of certificates is mostly handled by official institutions that offer this as a commercial service. In some cases, however, it may make sense to carry out these tasks yourself. For example, if a company does not want to pass personal data to third parties.

YaST provides two modules for certification, which offer basic management functions for digital X.509 certificates. The following sections explain the basics of digital certification and how to use YaST to create and administer certificates of this type.

Chapter 14 SSH: Secure Network OperationsChapter 13 Intrusion Detection with AIDE
Print this page

© 2018 SUSE