9 Network Security Administration
This chapter describes how to manage the following network security components:
•TCP Wrapper (Section : TCP Wrapper Administration)
•FireScreen Firewall (Section : FireScreen Administration)
•Snort Intrusion Detection System (Section : Snort Intrusion Detection System )
•FreeRADIUS Server Administration (Section : FreeRADIUS Server Administration)
TCP Wrapper Administration
TCP Wrapper lets you control access to network services. TCP Wrapper intercepts an incoming network connection, and verifies whether the connection is allowed before passing the connection to the actual network daemon. For example, you can restrict access to a network service, such as telnet, to exclude all hosts outside of a local domain. After you modify the access to a service, you can use the Administration utility to test the modification.
Network Services Wrapped by Internet Express
During installation, the TCP service entries in the /etc/inetd.conf file that match the service entries specified in the /usr/internet/security/config.tcp file are modified to include the TCP Wrapper (tcpd) daemon. The syntax of service entries in the /etc/inetd.conf file is:
ServiceName SocketType ProtocolName Wait/NoWait UserName ServerPath ServerArgs
On Tru64 UNIX Version 5.1 or later, the ProtocolName field for TCP services can be tcp or tcp6, depending on the type of socket that the network service is using (that is, AF_INET or AF_INET6). For example, the following entry appears in the /etc/inetd.conf file for the telnetd service after installation:
telnet stream tcp6 | nowait root | /usr/bin/tcpd /usr/sbin/telnetd |
Notice the placement of the TCP Wrapper daemon, /usr/bin/tcpd, in this entry. Also notice that the ProtocolName field is tcp6. Services that specify tcp6 respond to both
Table 26 lists the network services that are wrapped by the Internet Express installation and the default access setting for each service. (Section explains how to modify access settings.)
To see a list of the services that are wrapped on your system, select Display/Update Configuration from the TCP Wrapper Administration menu. The service name and description on this form are retrieved from the /usr/internet/security/config.tcp file. Depending on which services were installed on your system, you might not see all the services listed in this table.
Table 26 Network Services Wrapped by Internet Express
Network Service | Default Access Setting |
bootpd | Allows you to boot a remote system |
cfgmgr | Works with the kernel load server, kloadsrv, to manage subsystems that are |
| dynamically configured or loaded |
fingerd | Displays information about users on a remote system |
ftpd | Transfers files to and from a remote system |
imapd | Allows you to run the IMAP (Internet Message Access Protocol Version 4) |
| server |
ntalkd | Notifies a user, or callee, on a remote system that a client, or caller, wants to |
| initiate a conversation with talk |
TCP Wrapper Administration 167
