Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
The Internet was developed by a relatively small community of computer scientists, who were for the most part responsible people who often did not take security issues very seriously. Since the Internet has been opened to the general public, three problems have become evident: | 10 April 2003 06 13 07 The Complete FreeBSD firewall.mm page 385 In this chapter Security and firewalls IP aliasing Proxy servers Installing squid Browser proxy configuration Firewalls IP aliasing and proxies The Internet was developed by a relatively small community of computer scientists who were for the most part responsible people who often did not take security issues very seriously. Since the Internet has been opened to the general public three problems have become evident A large number of people have sought to abuse its relatively lax security. The address space is no longer adequate for the number of machines connecting to the network. Much bandwidth is used by people downloading the same web pages multiple times. What do these problems have to do with each other Nothing much but the solutions are related so we ll look at them together. More specifically we ll consider How to set up an Internet firewall to keep intruders out of your network. Security tools that ensure that nobody can steal your password from a node through which it passes. Tools for IP aliasing which translate IP addresses to make them appear to come from the gateway machine. The way this is done makes it impossible to set up connections from outside so they also represent a kind of security device. Caching proxy servers which both address the multiple download issues and provide some additional security. firewall.mm v v4.12 2003 04 09 20 40 28 385 10 April 2003 06 13 07 The Complete FreeBSD . tools tmac.Mn page 386 386 Chapter 22 Firewalls IP aliasing and proxies Security and firewalls Recall from Chapter 16 that incoming packets need to connect to an IP port and that some process on the machine must accept them. By default this process is inetd. You can limit the vulnerability of your machine by limiting the number of services it supports. Do you need to supply telnet and rlogin services If not don t enable the service. By default etc inetd.conf no longer enables any services so this .
