Protecting the Network
At this point, you might have created users who can assume roles, and have created the roles.
From the following network tasks, perform the tasks that provide additional security according to your site requirements. These network tasks strengthen the IP, ARP, and TCP protocols.
Table 2-3 Configuring the Network Task Map
| | |
|---|
Disable the network routing daemon.
| Limits access to systems by would-be network sniffers.
|
|
Prevent the dissemination of information about the network topology.
| Prevents the broadcast of packets.
|
|
Prevents responses to broadcast echo requests and multicast echo requests.
|
|
For systems that are gateways to other domains, such as a firewall or
a VPN node, turn on strict source and destination multihoming.
| Prevents packets that do not have the address of the gateway in their
header from moving beyond the gateway.
|
|
Prevent Denial of Service (DoS) attacks by controlling the number of
incomplete system connections.
| Limits the allowable number of incomplete TCP connections for a TCP
listener.
|
|
Prevent DoS attacks by controlling the number of permitted incoming
connections.
| Specifies the default maximum number of pending TCP connections for
a TCP listener.
|
|
Return network parameters to their secure default values.
| Increases security that was reduced by administrative actions.
|
|
Add TCP wrappers to network services to limit applications to legitimate
users.
| Specifies systems that are allowed access to network services, such
as FTP.
|
|
|
Configure a firewall.
|
Uses the IP Filter feature to provide a firewall.
|
|
|
Configure encrypted and authenticated network connections.
|
Uses IPsec and IKE to protect network transmissions between nodes and networks that are jointly configured with IPsec and IKE.
|
|
|