There are many ways to protect the service from unauthorized usage, focusing on self-contained or single host solutions, one finds two common flavors: those which make use of the Linux kernel's packet filtering tools (netfilter and iptables), and those which rely on Wietse Venema's TCP Wrappers. Netfilter certainly offers power and flexibility, but this may be at the cost of simplicity and management ease. While no security measure ought to be implemented blindly, there is an undeniable benefit to simple measures which can be configured quickly and with little fuss — in this arena, TCP Wrappers stands tall.Tuesday, February 15, 2011
Linux Security: Denyhosts
If you've read my Open SSH series, perhaps even if you haven't, you are probably aware of the power SSH offers to those who know how to use it. There are many ways to protect the service from unauthorized usage, focusing on self-contained or single host solutions, one finds two common flavors: those which make use of the Linux kernel's packet filtering tools (netfilter and iptables), and those which rely on Wietse Venema's TCP Wrappers. Netfilter certainly offers power and flexibility, but this may be at the cost of simplicity and management ease. While no security measure ought to be implemented blindly, there is an undeniable benefit to simple measures which can be configured quickly and with little fuss — in this arena, TCP Wrappers stands tall.
There are many ways to protect the service from unauthorized usage, focusing on self-contained or single host solutions, one finds two common flavors: those which make use of the Linux kernel's packet filtering tools (netfilter and iptables), and those which rely on Wietse Venema's TCP Wrappers. Netfilter certainly offers power and flexibility, but this may be at the cost of simplicity and management ease. While no security measure ought to be implemented blindly, there is an undeniable benefit to simple measures which can be configured quickly and with little fuss — in this arena, TCP Wrappers stands tall.
Subscribe to:
Posts (Atom)