Some General Security Tips And Tricks - Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006 Installation Manual

it makes it easier for him to push the active attack, because the host will not be able to
interfere with the attack for some time.
50.1.12 DNS Poisoning
DNS poisoning means that the attacker corrupts the cache of a DNS server by replying
to it with spoofed DNS reply packets, trying to get the server to send certain data to a
victim who is requesting information from that server. Many servers maintain a trust
relationship with other hosts, based on IP addresses or hostnames. The attacker needs
a good understanding of the actual structure of the trust relationships among hosts to
disguise itself as one of the trusted hosts. Usually, the attacker analyzes some packets
received from the server to get the necessary information. The attacker often needs to
target a well-timed DoS attack at the name server as well. Protect yourself by using
encrypted connections that are able to verify the identity of the hosts to which to connect.
50.1.13 Worms
Worms are often confused with viruses, but there is a clear difference between the two.
Unlike viruses, worms do not need to infect a host program to live. Instead, they are
specialized to spread as quickly as possible on network structures. The worms that ap-
peared in the past, such as Ramen, Lion, or Adore, make use of well-known security
holes in server programs like bind8 or lprNG. Protection against worms is relatively
easy. Given that some time elapses between the discovery of a security hole and the
moment the worm hits your server, there is a good chance that an updated version of
the affected program is available on time. That is only useful if the administrator actu-
ally installs the security updates on the systems in question.
50.2 Some General Security Tips and
Tricks
To handle security competently, it is important to keep up with new developments and
stay informed about the latest security issues. One very good way to protect your systems
against problems of all kinds is to get and install the updated packages recommended
by security announcements as quickly as possible. SUSE security announcements are
published on a mailing list to which you can subscribe by following the link
http://
898 Installation and Administration