Hack Proofing Linux: A Guide to Open Source Security
Excellent detailed introduction to key Linux security tools and
techniques, for non-system administrators.
TABLE OF CONTENTS Hack Proofing Linux: A Guide to Open Source Security
Chapter 6: Network Authentication and Encryption
Introduction
You have seen in previous chapters how the open source community has created powerful sniffing tools. You have seen how they can be used either to administer your network or to attack it. Because these sniffing tools are open source, and because it is relatively easy to place a Linux host on your company network, you need to consider ways to minimize improper use of packet capturing tools. Encryption solutions, such as Secure Shell (SSH) and enhanced authentication schemes such as one-time passwords (OTP) and Kerberos version 5 (v5), are common solutions to this problem. In this chapter, you will learn about how to implement one-time passwords, as well as how to implement Kerberos v5 realms. These will help you reduce sniffing attacks. In future chapters, you will then learn more about how to encrypt transmissions using SSH and IPSec. But, before you do this, it is important to review the concepts of network authentication and how many current implementations leave themselves open to attack.
Understanding Network Authentication
The traditional way to log on to servers is to provide a username and password pair as authentication tokens (credentials). The client first presents these credentials by sending them across the network to a server. The server then compares this information to its own database, then allows or denies access to system resources, depending upon the results of the comparison. Up until about the last ten years, this process had been considered quite effective and secure. Due to the increased sophistication...
Copyright Syngress Publishing, Inc. 2001 under license agreement with Books24x7
