Home | Hardware | Internet News |Web Hosting |IT Management |Network Storage
LinuxPlanet
Search 
  Power Search | Tips 

 Front Door
 Discussion
 LinuxEngine
 Opinions
 Reports
 Reviews
 Tutorials
 News
 Technology Jobs

 Browse by subject.
Free Newsletter

Java/Open Source Daily
 Linux Today
More Free Newsletters

Be a Commerce Partner



internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
Print this article
Email this article
   LinuxPlanet / Reports






Linux Security: Tips from the Experts
Get Rid of Deprecated Protocols

Jacqueline Emigh
Thursday, October 30, 2003 10:27:40 AM

You should also swap out older and less secure "deprecated protocols" with newer alternatives, says Dennis, who suggests the following replacements:
ProtocolAlternative
POP/IMAPPOPS/IMAP (SSL)
telnetssh/scp/sftp
rdistrsync -e ssh
NISresync /etc/passwd.group) LDAP over SSL
NFSStill a question mark

No Panacea for Cryptography

Available cryptographies include FreeS/WAN, Kerberos, OpenSSH, and several more. As Dennis sees it, each still has pros and cons. For example, FreeS/WAN, a freeware edition of IPSEC VPNs, "potentially secures deprecated protocols." It is also interoperable with other IPSEC implementations. On the other hand, FreeS/WAN is "NAT hostile," he charges.

Lindstrom also doesn't detect any type of panacea out there for cryptography. "It is nice to know that there is a freeware version of IPSEC VPNs. But the problem of encryption adoption isn't the dollar cost. It's the management and performance issues," Lindstrom maintains.

Security Is Nothing Without Physical Side

Without solid physical security, even the most battened down OS can be compromised in an instant. "Physical security really depends on the situation," Lindstrom says. "Laptops should be under lock and key when not in the user's possession. Sensitive data should be locked up in data centers or other appropriately controlled areas. Access to and from these rooms should be controlled and monitored. Environmental controls should be in place to protect against disasters. Locking I/O devices such as keyboards and monitors is a good idea."

Updates and Patches (Generally) A Must — But Be Careful

"Update, update, update!" Dennis exhorts. "Keep a local repository. Test downgrades, too." Dennis warns, however, that before deciding to install a patch, you should weigh the security benefits against the risks of introducing new features.

Whether you're a Linux veteran or newbie--or even if you're not a Linux practitioner at all yet--it's important to keep up-to-speed on the latest security advancements. Progress can happen so fast in the open source world that, if you blink for a moment, you might miss a promising new Linux security project.

« Back: Positive Perceptions of Linux Security Pick Up Steam

Skip Ahead

1 Positive Perceptions of Linux Security Pick Up Steam
2 Don't Place the Cart Before the Security Horse
3 Bastille, Tripwire, AIDE, and Samhain
4 Get Rid of Deprecated Protocols





Linux is a trademark of Linus Torvalds.


internet.com home | search | help! | about us

Jupiter Online Media

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Web Hosting | Newsletters | Tech Jobs | Shopping | E-mail Offers