Security Enhanced Communication Tools; Server Security - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Firewalls prevent network packets from accessing the system's network interface. If a request is made
to a port that is blocked by a firewall, the request is ignored. If a service is listening on one of these
blocked ports, it does not receive the packets and is effectively disabled. For this reason, care should
be taken when configuring a firewall to block access to ports not in use, while not blocking access to
ports used by configured services.
For most users, the best tool for configuring a simple firewall is the graphical firewall configuration
tool which ships with Red Hat Enterprise Linux: the Security Level Configuration Tool (system-
config-securitylevel). This tool creates broad iptables rules for a general-purpose firewall
using a control panel interface.
Section 43.8.2, "Basic Firewall Configuration"
Refer to
application and its available options.
For advanced users and server administrators, manually configuring a firewall with iptables is
probably a better option. Refer to
"IPTables"
for a comprehensive guide to the iptables command.

43.1.7. Security Enhanced Communication Tools

As the size and popularity of the Internet has grown, so has the threat of communication interception.
Over the years, tools have been developed to encrypt communications as they are transferred over
the network.
Red Hat Enterprise Linux ships with two basic tools that use high-level, public-key-cryptography-based
encryption algorithms to protect information as it travels over the network.
• OpenSSH — A free implementation of the SSH protocol for encrypting network communication.
• Gnu Privacy Guard (GPG) — A free implementation of the PGP (Pretty Good Privacy) encryption
application for encrypting data.
OpenSSH is a safer way to access a remote machine and replaces older, unencrypted services like
telnet and rsh. OpenSSH includes a network service called sshd and three command line client
applications:
• ssh — A secure remote console access client.
• scp — A secure remote copy command.
• sftp — A secure pseudo-ftp client that allows interactive file transfer sessions.
Important
Although the sshd service is inherently secure, the service must be kept up-to-date to
prevent security threats. Refer to
GPG is one way to ensure private email communication. It can be used both to email sensitive data
over public networks and to protect sensitive data on hard drives.

43.2. Server Security

When a system is used as a server on a public network, it becomes a target for attacks. Hardening the
system and locking down services is therefore of paramount importance for the system administrator.
for more information about using this
Section 43.8, "Firewalls"
Section 42.5, "Security Updates"
Security Enhanced Communication Tools
for more information. Refer to
for more information.
Section 43.9,
621