1.10: Basic Network Security

austin22

Certification Objective 1.10: Basic Network Security
认证目的 1.10: 基本网络安全[性]
I divide network security in Linux into four basic categories.
我进入四个基本的范畴之内在 Linux 分开网络安全[性] 。
Security by computer can help you manage what computers can send messages into and out of your network.
被计算机的安全[性] 能帮助你处理什么计算机能传达信息进入和从你的网络。
Security by port can help you manage the services that others can use to break into your network.
被端口的安全[性] 能帮助你处理其他能使用闯入你的网络的服务。
Security by address translation can help you hide the computers inside your network.
被位址传输的安全[性] 能在你的网络内帮助你隐藏计算机。
And finally, security by rule can help you manage the type of data allowed into your network in excruciating detail.
而且最后，规则的安全[性] 能帮助你处理被允许进入极度的明细的你的网络的数据的型态。
Red Hat Enterprise Linux includes two different tools to help you configure a firewall on your computer, lokkit and redhat-config-securitylevel (also known as the Red Hat Firewall Configuration tool).
红帽企业 Linux 包括二个不同的工具帮助你在你的计算机、 lokkit 和 redhat 上配置一个防火墙-配置-securitylevel.(也当做红帽防火墙配置工具知道)
Security issues are discussed in more detail in Chapter 10.
安全[性] 议题在第 10 章更详细地被讨论。
Allowing and Denying
允许和否认
The /etc/hosts.allow and /etc/hosts.deny files can help you manage what computers are allowed into your network.
那 /etc/ hosts.allow 和 /etc/ hosts.deny 文件能帮助你们处理什么计算机被允许进入你的网络。
You can specify computers by name, IP address, network, or domain name in each file.
你能叙述名字的计算机, IP 在每个文件中的位址、网络或网域名称。
This can help you limit access to a trusted few computers such as those within your company, or it can protect you from computers that you know may pose a problem.
这能帮助你限制的存取一在你的公司里面信赖少数像如此的计算机, 或它能保护你免于你知道的计算机可能造成一个问题。
Port Security
端口安全[性]
TCP/IP has 65,536 ports, which work sort of like TV channels.
传输控制协议/IP 有 65,536个端口, 相似电视的工作分类引导。
If you leave all ports open, you're leaving a lot of options for a cracker who wants to break into your network.
如果你离开所有的端口开启，你正在为一个想要闯入你的网络的破坏者留下许多选择项。
With a firewall, you can create a solid barrier and then open only the ports that you need.
藉由一个防火墙，你能产生一个坚硬的障壁然后只开启你需要的端口。
Network Address Translation
网络位址传输
Most LAN administrators set up Network Address Translation (NAT) as a matter of course on an IPv4 network.
大多数的区域网络系统管理师在一个 IPv4 网络上当然建立网络位址传输 (NAT) 作为一个物质。
Since IPv4 addresses are scarce, it is typical to use private IP addresses inside a LAN, with a regular IP address only on the gateway computer that is directly connected to an outside network such as the Internet.
因为 IPv4 位址是难得的，在一个区域网络内使用私人的 IP 位址是典型的, 藉由一般的 IP 位址只有在直接地被连接到一个外面的网络，像是因特网的通道计算机上。
For example, when a computer inside a LAN wants access to a Web page, NAT sends the IP address of the gateway to the Internet.
举例来说，当一个区域网络里的一部计算机想要对一个网页的存取的时候， NAT 将通道的 IP 位址送到因特网。
Nobody outside the LAN need know the real source of the Web page request.
没有人外面区域网络需要知道网页请求的真正来源。
iptables
There are two basic services for filtering information in and out of a network, based on the ipchains and iptables commands.
有滤波器的二个基本的服务信息在和由于网络, 以 ipchains 为基础和 iptables 指令。
Red Hat has recently implemented iptables as the firewall tool of choice in RHEL 3.
红帽最近已经实现 iptables 作为 RHEL 3 的选择的防火墙工具。
Once you've configured a firewall and loaded it, the rules are stored in the /etc/sysconfig/iptables file.
一经你已经配置一个防火墙而且载入它，规则被储存在那 /etc/sysconfig/iptables 文件中。
The iptables command has three basic ways to look at a data packet:
iptables 指令有三个基本的方法看一个数据小包:
input, output, or forward.
输入，输出, 或转寄。
Within these and other parameters, you can set up your firewall with instructions to let the packet pass, let it drop, or direct it someplace else.
在这些和其他的叁数里面，你能用指令建立你的防火墙让小包遍,让它放, 或指示它别的某处。
iptables is covered in more detail in Chapter 10.
iptables 在第 10 章更详细地被复盖。
               
               
               

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/22330/showart_270544.html