| | While Windows and Macintosh user environments are relatively safe from outside intrusion — except for the occasional viral attack, Linux is much more vulnerable to crackers. Therefore, you need to have some knowledge about security when configuring an all-Linux classroom. This section is meant as a security primer and is in no way the last word on these issues. You should always keep your software as up-to-date as possible, since older software is easier to crack. Red Hat uses its own distribution method for software that allows for easy installation and upgrades, called the Red Hat Package Manager, or RPM. See 4 Maintenance below for more on RPM. By keeping your computers as secure as possible, you can deter crackers from using your system resources without your permission in order to impersonate you, steal information, or even deny you access to your own machines. While totally securing a machine is never possible, you can follow some standard security practices that make your LAN less attractive to a would-be cracker. Remember, security is a balancing game: the more secure a system is, the harder it is to use. You must maintain a balance between overly secure / unusable and insecure / easily accessible. You should develop a security policy that states explicitly who should have access to the system and what sort of access they should have. The policy should also outline the appropriate use of the system and enumerate consequences for misuse. I recommend writing a document that all new users must sign showing their agreement with the security policy. This document will make subsequent enforcement of your policy easier to pursue if necessary. Finally, the recommendations made here are the very minimum measures that you should take for security. I recommend looking to firewall packages and ipchains, chains of rules that your computer consults every time it receives an incoming or outgoing packet of information. Also, read as much as you can about system security. Keeping an operating and safe LAN is an on-going process. Keep abreast of the struggle by joining discussion groups, subscribing to security mailing lists, and even taking a security seminar. | |