web/html/docs/security-guide/f13/en-US/html-single index.html, 1.2, 1.3
Eric Christensen
sparks at fedoraproject.org
Tue Apr 13 03:16:27 UTC 2010
Author: sparks
Update of /cvs/fedora/web/html/docs/security-guide/f13/en-US/html-single
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv27889/html-single
Modified Files:
index.html
Log Message:
Updated to F13
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.2 -r 1.3 index.html
Index: index.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f13/en-US/html-single/index.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- index.html 21 Nov 2009 05:05:55 -0000 1.2
+++ index.html 13 Apr 2010 03:15:57 -0000 1.3
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>security-guide</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css" /><meta name="generator" content="publican 0.60" /><meta name="package" content="fedora-security-guide-13-en-US-13.0-2" /><meta name="description" content="The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, The Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intru
sion and exploit methods." /></head><body class="draft "><div xml:lang="en-US" class="book" title="security-guide" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">13</span></div><div><h1 id="id1793583" class="title">security-guide</h1></div><div><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 13.0</p><div><h3 class="corpauthor">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>security-guide</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="./Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 1.6.2" /><meta name="package" content="fedora-security-guide-13-en-US-13.0-5" /><meta name="description" content="The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, The Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, an
d tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods." /></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" title="security-guide" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">13</span></div><div><h1 id="id4515879" class="title">security-guide</h1></div><div><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 13.0</p><div><h3 class="corpauthor">
<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> Logo</object></span>
- </h3></div><div><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien at redhat.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstna
me">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Adam</span> <span class="surname">Ligas</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a class="email" href="mailto:adam at physco.com">adam at physco.com</a></code></div></div></div><hr /><div><div id="id467959" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="
para">
+ </h3></div><div><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien at redhat.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstna
me">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Adam</span> <span class="surname">Ligas</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a class="email" href="mailto:adam at physco.com">adam at physco.com</a></code></div></div></div><hr /><div><div id="id4480046" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class=
"para">
Copyright <span class="trademark"></span>© 2009 Red Hat, Inc.
</div><div class="para">
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
@@ -17,24 +17,12 @@
</div><div class="para">
All other trademarks are the property of their respective owners.
</div></div></div><div><div class="abstract" title="Abstract"><h6>Abstract</h6><div class="para">
-The Fedora Security Guide is designed to assist users of Fedora in
-learning the processes and practices of securing workstations and
-servers against local and remote intrusion, exploitation, and
-malicious activity.
-</div><div class="para">
-Focused on Fedora Linux but detailing concepts and techniques valid
-for all Linux systems, The Fedora Security Guide details the
-planning and the tools involved in creating a secured computing
-environment for the data center, workplace, and home.
-</div><div class="para">
-With proper administrative knowledge, vigilance, and tools, systems
-running Linux can be both fully functional and secured from most
-common intrusion and exploit methods.
-</div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#pref-Security_Guide-Preface">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="#id901540">1. Document Conventions</a></span></dt><dd><dl><dt><span class="section"><a href="#id399921">1.1. Typographic Conventions</a></span></dt><dt><span class="section"><a href="#id386694">1.2. Pull-quote Conventions</a></span></dt><dt><span class="section"><a href="#id400082">1.3. Notes and Warnings</a></span></dt></dl></dd><dt><span class="section"><a href="#We_Need_Feedback">2. We Need Feedback!</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Security_Overview">1. Security Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1.
What is Computer Security?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Security Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_
Tools">1.2.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Common_Exploits_and_Attacks">1
.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verifying Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installing Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applying the Changes</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Securing_Your_Network">2. Securing Your Network</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Release_Notes-Security-Install-trusted-packages">2.1. Local user
s may install trusted packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">2.2. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.2.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.2.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Security">2.2.3. Password Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.2.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.2.5. Available Network Services</a></span></dt><dt><span class="section"><a href="#sect-Security_Guid
e-Workstation_Security-Personal_Firewalls">2.2.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.2.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">2.3. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.3.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">2.3.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NIS">2.3.3. Securing NIS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">2.3.4. Securing NFS</a></span></dt><dt><span class="section"><a href="#sect-S
ecurity_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.3.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">2.3.6. Securing FTP</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">2.3.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.3.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">2.4. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.4.1. Introduction</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.4.2. Getting Started with your new Smart Card</a></span></dt><dt><span clas
s="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.4.3. How Smart Card Enrollment Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.4.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.4.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.5.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.5.2. PAM Configuration Files</a></span></dt><dt><span class=
"section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.5.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.5.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.5.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.5.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.5.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.5.8. Addit
ional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">2.6. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.6.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.6.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.6.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.6.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Kerberos">2.7. Kerberos</a></spa
n></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">2.7.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">2.7.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">2.7.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.7.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.7.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.7.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.7.7. Domain-to-Realm Mapping</a></span></dt><dt><span class="section"><a href
="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.7.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.7.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">2.7.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">2.8. Virtual Private Networks (VPNs)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.8.1. How Does a VPN Work?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.8.2. VPNs and Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.8.3. IPsec</a></span></dt><dt><span class="sec
tion"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.8.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.8.5. IPsec Installation</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.8.6. IPsec Host-to-Host Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.8.7. IPsec Network-to-Network Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.8.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">2.9. Fi
rewalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.9.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.9.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">2.9.3. Using IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.9.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.9.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.9.6. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="
#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.9.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">2.9.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">2.9.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">2.10. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">2.10.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.10.2. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.10.3. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.10.4. IPTables Control Script
s</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">2.10.5. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">2.10.6. Additional Resources</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Encryption">3. Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File Based Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">3.4. Data in Motion</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encrypti
on-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual Private Networks</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually Encrypting Directories</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished"
>3.7.4. What you have just accomplished.</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">3.7.5. Links of Interest</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip Encrypted Archives</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step Installation Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step Usage Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things of note</a></spa
n></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">3.9. Using GNU Privacy Guard (GnuPG)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">3.9.2. Creating GPG Keys in KDE</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">3.9.3. Creating GPG Keys Using the Command Line</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.4. About Public Key Encryption</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-General_Principles_of_Information_Security">4. General Principles of Information Security</a></span></dt><dd><dl><dt><span class="section"><a hr
ef="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.1. Tips, Guides, and Tools</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Secure_Installation">5. Secure Installation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize LUKS Partition Encryption</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Software_Maintenance">6. Software Maintenance</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan and Configure Securi
ty Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-References">7. References</a></span></dt><dt><span class="appendix"><a href="#chap-Security_Guide-Encryption_Standards">A. Encryption Standard</a></span></dt><dd><dl><dt><span class="section"><a href="#id408165">A.1. Synchronous Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#id372566">A.1.1. Advanced Encryption Standard - AES</a></span></dt><dt><span class="section"><a href="#id1789380">A.1.2. Data Encryption Standard - DES</a></span></dt></dl></dd><dt><span class="section">
<a href="#id354203">A.2. Public-key Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#id388692">A.2.1. Diffie-Hellman</a></span></dt><dt><span class="section"><a href="#id472157">A.2.2. RSA</a></span></dt><dt><span class="section"><a href="#id472172">A.2.3. DSA</a></span></dt><dt><span class="section"><a href="#id414407">A.2.4. SSL/TLS</a></span></dt><dt><span class="section"><a href="#id414419">A.2.5. Cramer-Shoup Cryptosystem</a></span></dt><dt><span class="section"><a href="#id414432">A.2.6. ElGamal Encryption</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-Publican-Revision_History">B. Revision History</a></span></dt></dl></div><div xml:lang="en-US" class="preface" title="Preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security_Guide-Preface" class="title">Preface</h1></div></div></div><div xml:lang="en-US" class="section" title="1. Document Conventions" lang="en-US"><div class="titlepage"><div><div><h
2 class="title" id="id901540">1. Document Conventions</h2></div></div></div><div class="para">
+ The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, The Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.
+ </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#pref-Security_Guide-Preface">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="#id3131875">1. Document Conventions</a></span></dt><dd><dl><dt><span class="section"><a href="#id4649039">1.1. Typographic Conventions</a></span></dt><dt><span class="section"><a href="#id4673348">1.2. Pull-quote Conventions</a></span></dt><dt><span class="section"><a href="#id4549507">1.3. Notes and Warnings</a></span></dt></dl></dd><dt><span class="section"><a href="#We_Need_Feedback">2. We Need Feedback!</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Security_Overview">1. Security Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1
.1.1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Security Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Evaluatin
g_the_Tools">1.2.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Common_Exploits_and_Atta
cks">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verifying Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installing Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applying the Changes</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Securing_Your_Network">2. Securing Your Network</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">2.1. Workstation Secu
rity</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.1.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Security">2.1.3. Password Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.1.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.1.5. Available Network Services</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Personal_Firewalls">2.1.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Works
tation_Security-Security_Enhanced_Communication_Tools">2.1.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">2.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.2.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">2.2.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NIS">2.2.3. Securing NIS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">2.2.4. Securing NFS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.2.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a
href="#sect-Security_Guide-Server_Security-Securing_FTP">2.2.6. Securing FTP</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">2.2.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.2.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">2.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.3.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.3.3. How Smart Card Enrollment Works</a></span></
dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.3.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.3.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.4. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.4.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.4.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.4.3. PAM Configuration File Format<
/a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.4.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.4.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.4.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.4.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.4.8. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">2.5. TCP Wrappers and x
inetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.5.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.5.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.5.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.5.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.5.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Kerberos">2.6. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">2.6.1. What is Kerberos?</a></span></dt><dt><sp
an class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">2.6.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">2.6.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.6.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.6.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.6.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.6.7. Domain-to-Realm Mapping</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.6.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="#se
ct-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.6.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">2.6.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">2.7. Virtual Private Networks (VPNs)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.7.1. How Does a VPN Work?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.7.2. VPNs and Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.7.3. IPsec</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.7.4. Creating an <abbr class="abbrev">IPsec</ab
br> Connection</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.7.5. IPsec Installation</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.7.6. IPsec Host-to-Host Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.7.7. IPsec Network-to-Network Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.7.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">2.8. Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.8.1. Netfilter and IPT
ables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.8.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">2.8.3. Using IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.8.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.8.6. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.8.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"
><a href="#sect-Security_Guide-Firewalls-IPv6">2.8.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">2.8.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">2.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">2.9.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.9.2. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.9.3. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.9.4. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">2.9.5. IPTables and IPv6</a></span></dt><dt><span
class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">2.9.6. Additional Resources</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Encryption">3. Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File Based Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">3.4. Data in Motion</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual Private Networks</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-D
ata_in_Motion-Secure_Shell">3.6. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually Encrypting Directories</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">3.7.4. What you have just accomplished.</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">
3.7.5. Links of Interest</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip Encrypted Archives</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step Installation Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step Usage Instructions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things of note</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">3.9. Using GNU Privacy Guard (GnuPG)</a></span></dt><dd><
dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Generating GPG Keys in GNOME</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">3.9.2. Generating GPG Keys in KDE</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">3.9.3. Generating GPG Keys Using the Command Line</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine">3.9.4. Using GPG with Alpine</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution">3.9.5. Using GPG with Evolution</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird">3.9.6. Using GPG with Thunderbird</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_G
PG-Using_GPG_with_FireGPG">3.9.7. Using GPG with FireGPG</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.8. About Public Key Encryption</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-General_Principles_of_Information_Security">4. General Principles of Information Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.1. Tips, Guides, and Tools</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Secure_Installation">5. Secure Installation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize LUKS Partition Encry
ption</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Software_Maintenance">6. Software Maintenance</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan and Configure Security Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-References">7. References</a></span></dt><dt><span clas
s="appendix"><a href="#chap-Security_Guide-Encryption_Standards">A. Encryption Standards</a></span></dt><dd><dl><dt><span class="section"><a href="#id4620799">A.1. Synchronous Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#id3130461">A.1.1. Advanced Encryption Standard - AES</a></span></dt><dt><span class="section"><a href="#id3113845">A.1.2. Data Encryption Standard - DES</a></span></dt></dl></dd><dt><span class="section"><a href="#id3059097">A.2. Public-key Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#id4741086">A.2.1. Diffie-Hellman</a></span></dt><dt><span class="section"><a href="#id3267985">A.2.2. RSA</a></span></dt><dt><span class="section"><a href="#id3031918">A.2.3. DSA</a></span></dt><dt><span class="section"><a href="#id4718176">A.2.4. SSL/TLS</a></span></dt><dt><span class="section"><a href="#id2987741">A.2.5. Cramer-Shoup Cryptosystem</a></span></dt><dt><span class="section"><a href="#id4604457">A.2.6. ElGamal Enc
ryption</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-Publican-Revision_History">B. Revision History</a></span></dt></dl></div><div xml:lang="en-US" class="preface" title="Preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security_Guide-Preface" class="title">Preface</h1></div></div></div><div xml:lang="en-US" class="section" title="1. Document Conventions" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="id3131875">1. Document Conventions</h2></div></div></div><div class="para">
This manual uses several conventions to highlight certain words and phrases and draw attention to specific pieces of information.
</div><div class="para">
In PDF and paper editions, this manual uses typefaces drawn from the <a href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a> set. The Liberation Fonts set is also used in HTML editions if the set is installed on your system. If not, alternative but equivalent typefaces are displayed. Note: Red Hat Enterprise Linux 5 and later includes the Liberation Fonts set by default.
- </div><div class="section" title="1.1. Typographic Conventions"><div class="titlepage"><div><div><h3 class="title" id="id399921">1.1. Typographic Conventions</h3></div></div></div><div class="para">
+ </div><div class="section" title="1.1. Typographic Conventions"><div class="titlepage"><div><div><h3 class="title" id="id4649039">1.1. Typographic Conventions</h3></div></div></div><div class="para">
Four typographic conventions are used to call attention to specific words and phrases. These conventions, and the circumstances they apply to, are as follows.
</div><div class="para">
<code class="literal">Mono-spaced Bold</code>
@@ -61,14 +49,12 @@
</div><div class="para">
This denotes words or phrases encountered on a system, including application names; dialog box text; labeled buttons; check-box and radio button labels; menu titles and sub-menu titles. For example:
</div><div class="blockquote"><blockquote class="blockquote"><div class="para">
- Choose <span class="guimenu"><strong>System > Preferences > Mouse</strong></span> from the main menu bar to launch <span class="application"><strong>Mouse Preferences</strong></span>. In the <span class="guilabel"><strong>Buttons</strong></span> tab, click the <span class="guilabel"><strong>Left-handed mouse</strong></span> check box and click <span class="guibutton"><strong>Close</strong></span> to switch the primary mouse button from the left to the right (making the mouse suitable for use in the left hand).
+ Choose <span class="guimenu"><strong>System</strong></span> → <span class="guisubmenu"><strong>Preferences</strong></span> → <span class="guimenuitem"><strong>Mouse</strong></span> from the main menu bar to launch <span class="application"><strong>Mouse Preferences</strong></span>. In the <span class="guilabel"><strong>Buttons</strong></span> tab, click the <span class="guilabel"><strong>Left-handed mouse</strong></span> check box and click <span class="guibutton"><strong>Close</strong></span> to switch the primary mouse button from the left to the right (making the mouse suitable for use in the left hand).
</div><div class="para">
- To insert a special character into a <span class="application"><strong>gedit</strong></span> file, choose <span class="guimenu"><strong>Applications > Accessories > Character Map</strong></span> from the main menu bar. Next, choose <span class="guimenu"><strong>Search > Find…</strong></span> from the <span class="application"><strong>Character Map</strong></span> menu bar, type the name of the character in the <span class="guilabel"><strong>Search</strong></span> field and click <span class="guibutton"><strong>Next</strong></span>. The character you sought will be highlighted in the <span class="guilabel"><strong>Character Table</strong></span>. Double-click this highlighted character to place it in the <span class="guilabel"><strong>Text to copy</strong></span> field and then click the <span class="guibutton"><strong>Copy</strong></span> button. Now switch back to your document and choose <span class="guimenu"><strong>Edit > Paste</strong></span> from the
<span class="application"><strong>gedit</strong></span> menu bar.
+ To insert a special character into a <span class="application"><strong>gedit</strong></span> file, choose <span class="guimenu"><strong>Applications</strong></span> → <span class="guisubmenu"><strong>Accessories</strong></span> → <span class="guimenuitem"><strong>Character Map</strong></span> from the main menu bar. Next, choose <span class="guimenu"><strong>Search</strong></span> → <span class="guimenuitem"><strong>Find…</strong></span> from the <span class="application"><strong>Character Map</strong></span> menu bar, type the name of the character in the <span class="guilabel"><strong>Search</strong></span> field and click <span class="guibutton"><strong>Next</strong></span>. The character you sought will be highlighted in the <span class="guilabel"><strong>Character Table</strong></span>. Double-click this highlighted character to place it in the <span class="guilabel"><strong>Text to copy</strong></span> field and then click the <span class="guibutton"><stron
g>Copy</strong></span> button. Now switch back to your document and choose <span class="guimenu"><strong>Edit</strong></span> → <span class="guimenuitem"><strong>Paste</strong></span> from the <span class="application"><strong>gedit</strong></span> menu bar.
</div></blockquote></div><div class="para">
The above text includes application names; system-wide menu names and items; application-specific menu names; and buttons and text found within a GUI interface, all presented in proportional bold and all distinguishable by context.
</div><div class="para">
- Note the <span class="guimenu"><strong>></strong></span> shorthand used to indicate traversal through a menu and its sub-menus. This avoids difficult-to-follow phrasing such as 'Select <span class="guimenuitem"><strong>Mouse</strong></span> from the <span class="guimenu"><strong>Preferences</strong></span> sub-menu in the <span class="guimenu"><strong>System</strong></span> menu of the main menu bar'.
- </div><div class="para">
<code class="command"><em class="replaceable"><code>Mono-spaced Bold Italic</code></em></code> or <span class="application"><strong><em class="replaceable"><code>Proportional Bold Italic</code></em></strong></span>
</div><div class="para">
Whether mono-spaced bold or proportional bold, the addition of italics indicates replaceable or variable text. Italics denotes text you do not input literally or displayed text that changes depending on circumstance. For example:
@@ -83,8 +69,8 @@
</div><div class="para">
Aside from standard usage for presenting the title of a work, italics denotes the first use of a new and important term. For example:
</div><div class="blockquote"><blockquote class="blockquote"><div class="para">
- When the Apache HTTP Server accepts requests, it dispatches child processes or threads to handle them. This group of child processes or threads is known as a <em class="firstterm">server-pool</em>. Under Apache HTTP Server 2.0, the responsibility for creating and maintaining these server-pools has been abstracted to a group of modules called <em class="firstterm">Multi-Processing Modules</em> (<em class="firstterm">MPMs</em>). Unlike other modules, only one module from the MPM group can be loaded by the Apache HTTP Server.
- </div></blockquote></div></div><div class="section" title="1.2. Pull-quote Conventions"><div class="titlepage"><div><div><h3 class="title" id="id386694">1.2. Pull-quote Conventions</h3></div></div></div><div class="para">
+ Publican is a <em class="firstterm">DocBook</em> publishing system.
+ </div></blockquote></div></div><div class="section" title="1.2. Pull-quote Conventions"><div class="titlepage"><div><div><h3 class="title" id="id4673348">1.2. Pull-quote Conventions</h3></div></div></div><div class="para">
Terminal output and source code listings are set off visually from the surrounding text.
</div><div class="para">
Output sent to a terminal is set in <code class="computeroutput">mono-spaced roman</code> and presented thus:
@@ -92,7 +78,7 @@
books_tests Desktop1 downloads images notes scripts svgs
</pre><div class="para">
Source-code listings are also set in <code class="computeroutput">mono-spaced roman</code> but add syntax highlighting as follows:
- </div><pre class="programlisting"><pre class="programlisting">package org.<span class="perl_Function">jboss</span>.<span class="perl_Function">book</span>.<span class="perl_Function">jca</span>.<span class="perl_Function">ex1</span>;
+ </div><pre class="programlisting">package org.<span class="perl_Function">jboss</span>.<span class="perl_Function">book</span>.<span class="perl_Function">jca</span>.<span class="perl_Function">ex1</span>;
<span class="perl_Keyword">import</span> javax.naming.InitialContext;
@@ -111,7 +97,7 @@
System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Echo.echo('Hello') = "</span> + echo.<span class="perl_Function">echo</span>(<span class="perl_String">"Hello"</span>));
}
}
-</pre></pre></div><div class="section" title="1.3. Notes and Warnings"><div class="titlepage"><div><div><h3 class="title" id="id400082">1.3. Notes and Warnings</h3></div></div></div><div class="para">
+</pre></div><div class="section" title="1.3. Notes and Warnings"><div class="titlepage"><div><div><h3 class="title" id="id4549507">1.3. Notes and Warnings</h3></div></div></div><div class="para">
Finally, we use three visual styles to draw attention to information that might otherwise be overlooked.
</div><div class="note"><h2>Note</h2><div class="para">
Notes are tips, shortcuts or alternative approaches to the task at hand. Ignoring a note should have no negative consequences, but you might miss out on a trick that makes your life easier.
@@ -130,7 +116,7 @@
</div><div xml:lang="en-US" class="section" title="1.1. Introduction to Security" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</h2></div></div></div><div class="section" title="1.1.1. What is Computer Security?"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</h3></div></div></div><div class="para">
Computer security is a general term that covers a wide area of computing and information processing. Industries that depend on computer systems and networks to conduct daily business transactions and access crucial information regard their data as an important part of their overall assets. Several terms and metrics have entered our daily business vocabulary, such as total cost of ownership (TCO) and quality of service (QoS). Using these metrics, industries can calculate aspects such as data integrity and high-availability as part of their planning and process management costs. In some industries, such as electronic commerce, the availability and trustworthiness of data can be the difference between success and failure.
</div><div class="section" title="1.1.1.1. How did Computer Security Come about?"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about">1.1.1.1. How did Computer Security Come about?</h4></div></div></div><div class="para">
- Information security has evolved over the years due to the increasing reliance on public networks not to disclose personal, financial, and other restricted information. There are numerous instances such as the Mitnick <sup>[<a id="id871249" href="#ftn.id871249" class="footnote">1</a>]</sup>and the Vladimir Levin <sup>[<a id="id871241" href="#ftn.id871241" class="footnote">2</a>]</sup>cases that prompted organizations across all industries to re-think the way they handle information, as well as its transmission and disclosure. The popularity of the Internet was one of the most important developments that prompted an intensified effort in data security.
+ Information security has evolved over the years due to the increasing reliance on public networks not to disclose personal, financial, and other restricted information. There are numerous instances such as the Mitnick <sup>[<a id="id3100910" href="#ftn.id3100910" class="footnote">1</a>]</sup>and the Vladimir Levin <sup>[<a id="id4669796" href="#ftn.id4669796" class="footnote">2</a>]</sup>cases that prompted organizations across all industries to re-think the way they handle information, as well as its transmission and disclosure. The popularity of the Internet was one of the most important developments that prompted an intensified effort in data security.
</div><div class="para">
An ever-growing number of people are using their personal computers to gain access to the resources that the Internet has to offer. From research and information retrieval to electronic mail and commerce transaction, the Internet has been regarded as one of the most important developments of the 20th century.
</div><div class="para">
@@ -138,19 +124,19 @@
</div></div><div class="section" title="1.1.1.2. Security Today"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Security_Today">1.1.1.2. Security Today</h4></div></div></div><div class="para">
In February of 2000, a Distributed Denial of Service (DDoS) attack was unleashed on several of the most heavily-trafficked sites on the Internet. The attack rendered yahoo.com, cnn.com, amazon.com, fbi.gov, and several other sites completely unreachable to normal users, as it tied up routers for several hours with large-byte ICMP packet transfers, also called a <em class="firstterm">ping flood</em>. The attack was brought on by unknown assailants using specially created, widely available programs that scanned vulnerable network servers, installed client applications called <em class="firstterm">trojans</em> on the servers, and timed an attack with every infected server flooding the victim sites and rendering them unavailable. Many blame the attack on fundamental flaws in the way routers and the protocols used are structured to accept all incoming data, no matter where or for what purpose the packets are sent.
</div><div class="para">
- In 2007, a data breach exploiting the widely-known weaknesses of the Wired Equivalent Privacy (WEP) wireless encryption protocol resulted in the theft from a global financial institution of over 45 million credit card numbers.<sup>[<a id="id413559" href="#ftn.id413559" class="footnote">3</a>]</sup>
+ In 2007, a data breach exploiting the widely-known weaknesses of the Wired Equivalent Privacy (WEP) wireless encryption protocol resulted in the theft from a global financial institution of over 45 million credit card numbers.<sup>[<a id="id4657331" href="#ftn.id4657331" class="footnote">3</a>]</sup>
</div><div class="para">
- In a separate incident, the billing records of over 2.2 million patients stored on a backup tape were stolen from the front seat of a courier's car.<sup>[<a id="id413556" href="#ftn.id413556" class="footnote">4</a>]</sup>
+ In a separate incident, the billing records of over 2.2 million patients stored on a backup tape were stolen from the front seat of a courier's car.<sup>[<a id="id4686434" href="#ftn.id4686434" class="footnote">4</a>]</sup>
</div><div class="para">
- Currently, an estimated 1.4 billion people use or have used the Internet worldwide.<sup>[<a id="id413496" href="#ftn.id413496" class="footnote">5</a>]</sup> At the same time:
+ Currently, an estimated 1.4 billion people use or have used the Internet worldwide.<sup>[<a id="id3051097" href="#ftn.id3051097" class="footnote">5</a>]</sup> At the same time:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- On any given day, there are approximately 225 major incidences of security breach reported to the CERT Coordination Center at Carnegie Mellon University.<sup>[<a id="id413527" href="#ftn.id413527" class="footnote">6</a>]</sup>
+ On any given day, there are approximately 225 major incidences of security breach reported to the CERT Coordination Center at Carnegie Mellon University.<sup>[<a id="id4698527" href="#ftn.id4698527" class="footnote">6</a>]</sup>
</div></li><li class="listitem"><div class="para">
- In 2003, the number of CERT reported incidences jumped to 137,529 from 82,094 in 2002 and from 52,658 in 2001.<sup>[<a id="id413515" href="#ftn.id413515" class="footnote">7</a>]</sup>
+ In 2003, the number of CERT reported incidences jumped to 137,529 from 82,094 in 2002 and from 52,658 in 2001.<sup>[<a id="id4694338" href="#ftn.id4694338" class="footnote">7</a>]</sup>
</div></li><li class="listitem"><div class="para">
- The worldwide economic impact of the three most dangerous Internet Viruses of the last three years was estimated at US$13.2 Billion.<sup>[<a id="id413500" href="#ftn.id413500" class="footnote">8</a>]</sup>
+ The worldwide economic impact of the three most dangerous Internet Viruses of the last three years was estimated at US$13.2 Billion.<sup>[<a id="id4743519" href="#ftn.id4743519" class="footnote">8</a>]</sup>
</div></li></ul></div><div class="para">
- From a 2008 global survey of business and technology executives "The Global State of Information Security"<sup>[<a id="id413486" href="#ftn.id413486" class="footnote">9</a>]</sup>, undertaken by <span class="emphasis"><em>CIO Magazine</em></span>, some points are:
+ From a 2008 global survey of business and technology executives "The Global State of Information Security"<sup>[<a id="id4654633" href="#ftn.id4654633" class="footnote">9</a>]</sup>, undertaken by <span class="emphasis"><em>CIO Magazine</em></span>, some points are:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Just 43% of respondents audit or monitor user compliance with security policies
</div></li><li class="listitem"><div class="para">
@@ -373,7 +359,7 @@
</div><div class="section" title="1.3.3.1. Unused Services and Open Ports"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.3.3.1. Unused Services and Open Ports</h4></div></div></div><div class="para">
A full installation of Fedora contains 1000+ application and library packages. However, most server administrators do not opt to install every single package in the distribution, preferring instead to install a base installation of packages, including several server applications.
</div><div class="para">
- A common occurrence among system administrators is to install the operating system without paying attention to what programs are actually being installed. This can be problematic because unneeded services may be installed, configured with the default settings, and possibly turned on. This can cause unwanted services, such as Telnet, DHCP, or DNS, to run on a server or workstation without the administrator realizing it, which in turn can cause unwanted traffic to the server, or even, a potential pathway into the system for crackers. Refer To <a class="xref" href="#sect-Security_Guide-Server_Security" title="2.3. Server Security">Section 2.3, “Server Securityâ€</a> for information on closing ports and disabling unused services.
+ A common occurrence among system administrators is to install the operating system without paying attention to what programs are actually being installed. This can be problematic because unneeded services may be installed, configured with the default settings, and possibly turned on. This can cause unwanted services, such as Telnet, DHCP, or DNS, to run on a server or workstation without the administrator realizing it, which in turn can cause unwanted traffic to the server, or even, a potential pathway into the system for crackers. Refer To <a class="xref" href="#sect-Security_Guide-Server_Security" title="2.2. Server Security">Section 2.2, “Server Securityâ€</a> for information on closing ports and disabling unused services.
</div></div><div class="section" title="1.3.3.2. Unpatched Services"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.3.3.2. Unpatched Services</h4></div></div></div><div class="para">
Most server applications that are included in a default installation are solid, thoroughly tested pieces of software. Having been in use in production environments for many years, their code has been thoroughly refined and many of the bugs have been found and fixed.
</div><div class="para">
@@ -383,7 +369,7 @@
</div><div class="para">
Refer to <a class="xref" href="#sect-Security_Guide-Security_Updates" title="1.5. Security Updates">Section 1.5, “Security Updatesâ€</a> for more information about keeping a system up-to-date.
</div></div><div class="section" title="1.3.3.3. Inattentive Administration"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.3.3.3. Inattentive Administration</h4></div></div></div><div class="para">
- Administrators who fail to patch their systems are one of the greatest threats to server security. According to the <em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>), the primary cause of computer security vulnerability is to "assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job."<sup>[<a id="id885351" href="#ftn.id885351" class="footnote">10</a>]</sup> This applies as much to inexperienced administrators as it does to overconfident or amotivated administrators.
+ Administrators who fail to patch their systems are one of the greatest threats to server security. According to the <em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>), the primary cause of computer security vulnerability is to "assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job."<sup>[<a id="id4606881" href="#ftn.id4606881" class="footnote">10</a>]</sup> This applies as much to inexperienced administrators as it does to overconfident or amotivated administrators.
</div><div class="para">
Some administrators fail to patch their servers and workstations, while others fail to watch log messages from the system kernel or network traffic. Another common error is when default passwords or keys to services are left unchanged. For example, some databases have default administration passwords because the database developers assume that the system administrator changes these passwords immediately after installation. If a database administrator fails to change this password, even an inexperienced cracker can use a widely-known default password to gain administrative privileges to the database. These are only a few examples of how inattentive administration can lead to compromised servers.
</div></div><div class="section" title="1.3.3.4. Inherently Insecure Services"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.3.3.4. Inherently Insecure Services</h4></div></div></div><div class="para">
@@ -395,17 +381,17 @@
</div><div class="para">
Another category of insecure services include network file systems and information services such as NFS or NIS, which are developed explicitly for LAN usage but are, unfortunately, extended to include WANs (for remote users). NFS does not, by default, have any authentication or security mechanisms configured to prevent a cracker from mounting the NFS share and accessing anything contained therein. NIS, as well, has vital information that must be known by every computer on a network, including passwords and file permissions, within a plain text ASCII or DBM (ASCII-derived) database. A cracker who gains access to this database can then access every user account on a network, including the administrator's account.
</div><div class="para">
- By default, Fedora is released with all such services turned off. However, since administrators often find themselves forced to use these services, careful configuration is critical. Refer to <a class="xref" href="#sect-Security_Guide-Server_Security" title="2.3. Server Security">Section 2.3, “Server Securityâ€</a> for more information about setting up services in a safe manner.
+ By default, Fedora is released with all such services turned off. However, since administrators often find themselves forced to use these services, careful configuration is critical. Refer to <a class="xref" href="#sect-Security_Guide-Server_Security" title="2.2. Server Security">Section 2.2, “Server Securityâ€</a> for more information about setting up services in a safe manner.
</div></div></div><div class="section" title="1.3.4. Threats to Workstation and Home PC Security"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats to Workstation and Home PC Security</h3></div></div></div><div class="para">
Workstations and home PCs may not be as prone to attack as networks or servers, but since they often contain sensitive data, such as credit card information, they are targeted by system crackers. Workstations can also be co-opted without the user's knowledge and used by attackers as "slave" machines in coordinated attacks. For these reasons, knowing the vulnerabilities of a workstation can save users the headache of reinstalling the operating system, or worse, recovering from data theft.
</div><div class="section" title="1.3.4.1. Bad Passwords"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.3.4.1. Bad Passwords</h4></div></div></div><div class="para">
- Bad passwords are one of the easiest ways for an attacker to gain access to a system. For more on how to avoid common pitfalls when creating a password, refer to <a class="xref" href="#sect-Security_Guide-Workstation_Security-Password_Security" title="2.2.3. Password Security">Section 2.2.3, “Password Securityâ€</a>.
+ Bad passwords are one of the easiest ways for an attacker to gain access to a system. For more on how to avoid common pitfalls when creating a password, refer to <a class="xref" href="#sect-Security_Guide-Workstation_Security-Password_Security" title="2.1.3. Password Security">Section 2.1.3, “Password Securityâ€</a>.
</div></div><div class="section" title="1.3.4.2. Vulnerable Client Applications"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.3.4.2. Vulnerable Client Applications</h4></div></div></div><div class="para">
Although an administrator may have a fully secure and patched server, that does not mean remote users are secure when accessing it. For instance, if the server offers Telnet or FTP services over a public network, an attacker can capture the plain text usernames and passwords as they pass over the network, and then use the account information to access the remote user's workstation.
</div><div class="para">
Even when using secure protocols, such as SSH, a remote user may be vulnerable to certain attacks if they do not keep their client applications updated. For instance, v.1 SSH clients are vulnerable to an X-forwarding attack from malicious SSH servers. Once connected to the server, the attacker can quietly capture any keystrokes and mouse clicks made by the client over the network. This problem was fixed in the v.2 SSH protocol, but it is up to the user to keep track of what applications have such vulnerabilities and update them as necessary.
</div><div class="para">
- <a class="xref" href="#sect-Security_Guide-Workstation_Security" title="2.2. Workstation Security">Section 2.2, “Workstation Securityâ€</a> discusses in more detail what steps administrators and home users should take to limit the vulnerability of computer workstations.
+ <a class="xref" href="#sect-Security_Guide-Workstation_Security" title="2.1. Workstation Security">Section 2.1, “Workstation Securityâ€</a> discusses in more detail what steps administrators and home users should take to limit the vulnerability of computer workstations.
</div></div></div></div><div xml:lang="en-US" class="section" title="1.4. Common Exploits and Attacks" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and Attacks</h2></div></div></div><div class="para">
<a class="xref" href="#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits" title="Table 1.1. Common Exploits">Table 1.1, “Common Exploitsâ€</a> details some of the most common exploits and entry points used by intruders to access organizational network resources. Key to these common exploits are the explanations of how they are performed and how administrators can properly safeguard their network against such attacks.
</div><div class="table" id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><div class="table-contents"><table summary="Common Exploits" border="1"><colgroup><col width="20%" /><col width="40%" /><col width="40%" /></colgroup><thead><tr><th>
@@ -550,49 +536,29 @@
</div><div class="para">
To kill all active IMAP sessions, issue the following command:
</div><pre class="screen"><code class="command">killall imapd</code>
-</pre></dd></dl></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id871249" href="#id871249" class="para">1</a>] </sup>
+</pre></dd></dl></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id3100910" href="#id3100910" class="para">1</a>] </sup>
http://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id871241" href="#id871241" class="para">2</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4669796" href="#id4669796" class="para">2</a>] </sup>
http://www.livinginternet.com/i/ia_hackers_levin.htm
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id413559" href="#id413559" class="para">3</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4657331" href="#id4657331" class="para">3</a>] </sup>
http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id413556" href="#id413556" class="para">4</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4686434" href="#id4686434" class="para">4</a>] </sup>
http://www.healthcareitnews.com/story.cms?id=9408
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id413496" href="#id413496" class="para">5</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id3051097" href="#id3051097" class="para">5</a>] </sup>
http://www.internetworldstats.com/stats.htm
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id413527" href="#id413527" class="para">6</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4698527" href="#id4698527" class="para">6</a>] </sup>
http://www.cert.org
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id413515" href="#id413515" class="para">7</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4694338" href="#id4694338" class="para">7</a>] </sup>
http://www.cert.org/stats/fullstats.html
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id413500" href="#id413500" class="para">8</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4743519" href="#id4743519" class="para">8</a>] </sup>
http://www.newsfactor.com/perl/story/16407.html
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id413486" href="#id413486" class="para">9</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4654633" href="#id4654633" class="para">9</a>] </sup>
http://www.csoonline.com/article/454939/The_Global_State_of_Information_Security_
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id885351" href="#id885351" class="para">10</a>] </sup>
[...1840 lines suppressed...]
- </div></div></div><div class="section" title="3.9.4. About Public Key Encryption"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.4. About Public Key Encryption</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ </div></div></div><div class="section" title="3.9.4. Using GPG with Alpine"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine">3.9.4. Using GPG with Alpine</h3></div></div></div><div class="para">
+ If you are using the email client <span class="package">Alpine</span> or <span class="package">Pine</span> then you will also need to download and install <span class="package">ez-pine-gpg</span>. This software is currently available from <a href="http://business-php.com/opensource/ez-pine-gpg/">http://business-php.com/opensource/ez-pine-gpg/</a>. Once you have installed ez-pine-gpg you will need to modify your <code class="code">~/.pinerc</code> file. You need to:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ /home/username/bin should be replaced with the installation path that you specified.
+ </div></li><li class="listitem"><div class="para">
+ In two places, the gpg-identifier after _RECIPIENTS_ should be replaced with your GPG public key's identifier. The reason you include your own GPG identifier here is so that if you send an encrypted message to "Alice", that message is also encrypted with your public key -- if you don't do this, then you will not be able to open that message in your sent-mail folder and remind yourself of what you wrote.
+ </div></li></ol></div><div class="para">
+ It should look something like this:
+ </div><pre class="screen">
+# This variable takes a list of programs that message text is piped into
+# after MIME decoding, prior to display.
+display-filters=_LEADING("-----BEGIN PGP")_ /home/max/bin/ez-pine-gpg-incoming
+
+# This defines a program that message text is piped into before MIME
+# encoding, prior to sending
+sending-filters=/home/max/bin/ez-pine-gpg-sign _INCLUDEALLHDRS_,
+ /home/username/bin/ez-pine-gpg-encrypt _RECIPIENTS_ gpg-identifier,
+ /home/username/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_ gpg-identifier
+</pre></div><div class="section" title="3.9.5. Using GPG with Evolution"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution">3.9.5. Using GPG with Evolution</h3></div></div></div><div class="section" title="3.9.5.1. Configuring GPG for use with Evolution"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring">3.9.5.1. Configuring GPG for use with Evolution</h4></div></div></div><div class="para">
+ To configure GPG for use in <span class="application"><strong>Evolution</strong></span> select from the <span class="application"><strong>Evolution</strong></span> Main Menu, select Tools, Settings... In the left pane, select Mail Accounts. In the right pane, select the email account you use for Fedora Project correspondence. Then select the Edit button. The <span class="application"><strong>Evolution</strong></span> Account Editor dialog appears. Select the Security tab.
+ </div><div class="para">
+ In the PGP/GPG Key ID field, enter the GPG key ID matching this account's email address. If you are not sure what your key ID is, use this command: <code class="code">gpg --fingerprint EMAIL_ADDRESS</code>. The key ID is the same as the last eight characters (4 bytes) of the key fingerprint. It is a good idea to click the option Always encrypt to myself when sending encrypted mail. You may also want to select Always sign outgoing messages when using this account.
+ </div><div class="note"><h2>Notice</h2><div class="para">
+ If you do not mark public keys as trusted in your keyring, you will not be able to encrypt email to their owners unless you select the option Always trust keys in my keyring when encrypting. You will instead receive a dialog indicating that a trust check has failed.
+ </div></div></div><div class="section" title="3.9.5.2. Verifying email with Evolution"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying">3.9.5.2. Verifying email with Evolution</h4></div></div></div><div class="para">
+ Evolution will automatically check any incoming GPG-signed messages for validity. If Evolution cannot GPG verify a message due to a missing public key (or tampering), it will end with a red banner. If the message is verified but you have not signed the key either locally or globally, the banner will be yellow. If the message is verified and you have signed the key, the banner will be green. When you click the seal icon, Evolution displays a dialog with more security information about the signature. To add a public key to your keyring, use the search function along with the key owner's email address: <code class="code">gpg --keyserver pgp.mit.edu --search email address</code>. To import the correct key, you may need to match the key ID with the information provided by Evolution.
+ </div></div><div class="section" title="3.9.5.3. Signing and Encrypting email with Evolution"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting">3.9.5.3. Signing and Encrypting email with Evolution</h4></div></div></div><div class="para">
+ Signing email allows the recipients to verify that the email actually came from you. The FDP (and the whole of the Fedora Project) encourage you to sign email to other participants, including on Fedora mailing lists. Encrypting email allows only your recipients to read your email. Please do not send encrypted email over the Fedora mailing lists, since almost no one will be able to read it.
+ </div><div class="para">
+ While composing your email, choose the Security menu, and then select PGP Sign to sign your message. To encrypt your message, select PGP Encrypt. You may sign an encrypted message as well, which is good practice. When you send the message, Evolution will ask you to enter your GPG key passphrase. (After three unsuccessful attempts Evolution generates an error.) If you select the option Remember this password for the remainder of this session, you will not need to use your passphrase again to sign or decrypt, unless you quit and restart Evolution.
+ </div></div></div><div class="section" title="3.9.6. Using GPG with Thunderbird"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird">3.9.6. Using GPG with Thunderbird</h3></div></div></div><div class="para">
+ Fedora Core includes Mozilla Thunderbird in the thunderbird package, and the mozilla-mail package for the Mozilla Suite email application. Thunderbird is the recommended Mozilla email application. This appears on your desktop as Applications > Internet > Thunderbird Email.
+ </div><div class="para">
+ Mozilla products support extensions, plugins that add new features to the main application. The Enigmail extensions provide GPG support to email products from Mozilla. Versions of Enigmail exist for both Mozilla Thunderbird, and the Mozilla Suite (Seamonkey). Netscape software from AOL is based on the Mozilla products, and may also use this extension.
+ </div><div class="para">
+ To install Enigmail on Fedora systems, follow the instructions given below.
+ </div><div class="para">
+ Enigmail uses the term OpenPGP in menu items and options. GPG is an implementation of OpenPGP, and you may treat the terms as equivalent.
+ </div><div class="para">
+ The homepage for Enigmail is: <a href="http://enigmail.mozdev.org/download.html">http://enigmail.mozdev.org/download.html</a>.
+ </div><div class="para">
+ This page provides screenshots of Enigmail and GPG in action: <a href="http://enigmail.mozdev.org/screenshots.html">http://enigmail.mozdev.org/screenshots.html</a>.
+ </div><div class="section" title="3.9.6.1. Installing Enigmail"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail">3.9.6.1. Installing Enigmail</h4></div></div></div><div class="para">
+ Enigmail is now available in fedora repository. It can be installed by typing: <code class="code">yum install thunderbird-enigmail</code> at a command line. Alternatively, you can install <span class="package">thunderbird-enigmail</span> using by going to <code class="code">System -> Administration -> Add/Remove Software</code>.
+ </div></div></div><div class="section" title="3.9.7. Using GPG with FireGPG"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_FireGPG">3.9.7. Using GPG with FireGPG</h3></div></div></div><div class="para">
+ <span class="application"><strong>FireGPG</strong></span> is a <span class="application"><strong>Firefox</strong></span> extension licensed under the GPL that provides an interface to <span class="application"><strong>GnuPG</strong></span> that allows you to encrypt, decrypt, sign, or verify the signature of text in any web page using GnuPG. The plug-in was designed to fully support Google's webmail system, Gmail , and allow you to sign and encrypt messages. Using this plug-in and GnuPG installed on the computer, you can sign and encrypt e-mail messages using the Gmail web interface.
+ </div><div class="section" title="3.9.7.1. Installing FireGPG"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_FireGPG-Installing">3.9.7.1. Installing FireGPG</h4></div></div></div><div class="para">
+ The <span class="application"><strong>FireGPG</strong></span> extension is available for download at <a href="http://firegpg.tuxfamily.org">http://firegpg.tuxfamily.org</a>. Click on the Install link and follow the instructions on the website to download the .xpi file. <span class="application"><strong>Firefox</strong></span> will install the plug-in automatically but a restart of <span class="application"><strong>Firefox</strong></span> will be required in order for the plug-in to take effect.
+ </div></div></div><div class="section" title="3.9.8. About Public Key Encryption"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.8. About Public Key Encryption</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
<a href="http://en.wikipedia.org/wiki/Public-key_cryptography">Wikipedia - Public Key Cryptography</a>
</div></li><li class="listitem"><div class="para">
<a href="http://computer.howstuffworks.com/encryption.htm">HowStuffWorks - Encryption</a>
@@ -4226,78 +4241,84 @@
<a href="http://www.cs.utah.edu/flux/fluke/html/flask.html">http://www.cs.utah.edu/flux/fluke/html/flask.html</a>
</div></dd><dt><span class="term">Full background on Fluke</span></dt><dd><div class="para">
<a href="http://www.cs.utah.edu/flux/fluke/html/index.html">http://www.cs.utah.edu/flux/fluke/html/index.html</a>
- </div></dd></dl></div></div><div xml:lang="en-US" class="appendix" title="Appendix A. Encryption Standard" lang="en-US"><div class="titlepage"><div><div><h1 id="chap-Security_Guide-Encryption_Standards" class="title">Encryption Standard</h1></div></div></div><div class="para">
- </div><div class="section" title="A.1. Synchronous Encryption"><div class="titlepage"><div><div><h2 class="title" id="id408165">A.1. Synchronous Encryption</h2></div></div></div><div class="para">
- </div><div class="section" title="A.1.1. Advanced Encryption Standard - AES"><div class="titlepage"><div><div><h3 class="title" id="id372566">A.1.1. Advanced Encryption Standard - AES</h3></div></div></div><div class="para">
- In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES).<sup>[<a id="id399429" href="#ftn.id399429" class="footnote">15</a>]</sup>
- </div><div class="section" title="A.1.1.1. AES Uses"><div class="titlepage"><div><div><h4 class="title" id="id421721">A.1.1.1. AES Uses</h4></div></div></div><div class="para">
- </div></div><div class="section" title="A.1.1.2. AES History"><div class="titlepage"><div><div><h4 class="title" id="id513055">A.1.1.2. AES History</h4></div></div></div><div class="para">
- AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May 26, 2002. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information (see Security of AES, below).<sup>[<a id="id378335" href="#ftn.id378335" class="footnote">16</a>]</sup>
- </div><div class="para">
- The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the AES selection process. Rijndael (pronounced [rÉ›indaËl]) is a portmanteau of the names of the two inventors.<sup>[<a id="id445003" href="#ftn.id445003" class="footnote">17</a>]</sup>
- </div></div></div><div class="section" title="A.1.2. Data Encryption Standard - DES"><div class="titlepage"><div><div><h3 class="title" id="id1789380">A.1.2. Data Encryption Standard - DES</h3></div></div></div><div class="para">
- The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm that uses a 56-bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis.<sup>[<a id="id1789126" href="#ftn.id1789126" class="footnote">18</a>]</sup>
- </div><div class="section" title="A.1.2.1. DES Uses"><div class="titlepage"><div><div><h4 class="title" id="id1789145">A.1.2.1. DES Uses</h4></div></div></div><div class="para">
- </div></div><div class="section" title="A.1.2.2. DES History"><div class="titlepage"><div><div><h4 class="title" id="id1789157">A.1.2.2. DES History</h4></div></div></div><div class="para">
- DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are unfeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES).<sup>[<a id="id354155" href="#ftn.id354155" class="footnote">19</a>]</sup>
- </div><div class="para">
- In some documentation, a distinction is made between DES as a standard and DES the algorithm which is referred to as the DEA (the Data Encryption Algorithm). When spoken, "DES" is either spelled out as an abbreviation (/ËŒdiËËŒiËˈɛs/), or pronounced as a one-syllable acronym (/ˈdÉ›z/).<sup>[<a id="id354179" href="#ftn.id354179" class="footnote">20</a>]</sup>
- </div></div></div></div><div class="section" title="A.2. Public-key Encryption"><div class="titlepage"><div><div><h2 class="title" id="id354203">A.2. Public-key Encryption</h2></div></div></div><div class="para">
- Public-key cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Using the techniques of public key-private key cryptography, many methods of protecting communications or authenticating messages formerly unknown have become practical. They do not require a secure initial exchange of one or more secret keys as is required when using symmetric key algorithms. It can also be used to create digital signatures.<sup>[<a id="id483978" href="#ftn.id483978" class="footnote">21</a>]</sup>
- </div><div class="para">
- Public key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG.<sup>[<a id="id484002" href="#ftn.id484002" class="footnote">22</a>]</sup>
- </div><div class="para">
- The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s.<sup>[<a id="id494705" href="#ftn.id494705" class="footnote">23</a>]</sup>
- </div><div class="para">
- In contrast, Symmetric-key algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance.<sup>[<a id="id494730" href="#ftn.id494730" class="footnote">24</a>]</sup>
- </div><div class="para">
- Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a key-exchange algorithm and transmit data using that key and a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are called hybrid cryptosystems in consequence.<sup>[<a id="id494752" href="#ftn.id494752" class="footnote">25</a>]</sup>
- </div><div class="section" title="A.2.1. Diffie-Hellman"><div class="titlepage"><div><div><h3 class="title" id="id388692">A.2.1. Diffie-Hellman</h3></div></div></div><div class="para">
- Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.<sup>[<a id="id496571" href="#ftn.id496571" class="footnote">26</a>]</sup>
- </div><div class="section" title="A.2.1.1. Diffie-Hellman History"><div class="titlepage"><div><div><h4 class="title" id="id376746">A.2.1.1. Diffie-Hellman History</h4></div></div></div><div class="para">
- The scheme was first published by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified. In 2002, Hellman suggested the algorithm be called Diffie–Hellman–Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of public-key cryptography (Hellman, 2002).<sup>[<a id="id376759" href="#ftn.id376759" class="footnote">27</a>]</sup>
+ </div></dd></dl></div></div><div xml:lang="en-US" class="appendix" title="Appendix A. Encryption Standards" lang="en-US"><div class="titlepage"><div><div><h1 id="chap-Security_Guide-Encryption_Standards" class="title">Encryption Standards</h1></div></div></div><div class="para">
+ </div><div class="section" title="A.1. Synchronous Encryption"><div class="titlepage"><div><div><h2 class="title" id="id4620799">A.1. Synchronous Encryption</h2></div></div></div><div class="para">
+ </div><div class="section" title="A.1.1. Advanced Encryption Standard - AES"><div class="titlepage"><div><div><h3 class="title" id="id3130461">A.1.1. Advanced Encryption Standard - AES</h3></div></div></div><div class="para">
+ In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES).<sup>[<a id="id4655542" href="#ftn.id4655542" class="footnote">15</a>]</sup>
+ </div><div class="section" title="A.1.1.1. AES Uses"><div class="titlepage"><div><div><h4 class="title" id="id4614210">A.1.1.1. AES Uses</h4></div></div></div><div class="para">
+ </div></div><div class="section" title="A.1.1.2. AES History"><div class="titlepage"><div><div><h4 class="title" id="id4671154">A.1.1.2. AES History</h4></div></div></div><div class="para">
+ AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May 26, 2002. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information (see Security of AES, below).<sup>[<a id="id3001834" href="#ftn.id3001834" class="footnote">16</a>]</sup>
+ </div><div class="para">
+ The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the AES selection process. Rijndael (pronounced [rÉ›indaËl]) is a portmanteau of the names of the two inventors.<sup>[<a id="id3112660" href="#ftn.id3112660" class="footnote">17</a>]</sup>
+ </div></div></div><div class="section" title="A.1.2. Data Encryption Standard - DES"><div class="titlepage"><div><div><h3 class="title" id="id3113845">A.1.2. Data Encryption Standard - DES</h3></div></div></div><div class="para">
+ The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm that uses a 56-bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis.<sup>[<a id="id4694303" href="#ftn.id4694303" class="footnote">18</a>]</sup>
+ </div><div class="section" title="A.1.2.1. DES Uses"><div class="titlepage"><div><div><h4 class="title" id="id3059179">A.1.2.1. DES Uses</h4></div></div></div><div class="para">
+ </div></div><div class="section" title="A.1.2.2. DES History"><div class="titlepage"><div><div><h4 class="title" id="id4758066">A.1.2.2. DES History</h4></div></div></div><div class="para">
+ DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are unfeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES).<sup>[<a id="id4663715" href="#ftn.id4663715" class="footnote">19</a>]</sup>
+ </div><div class="para">
+ In some documentation, a distinction is made between DES as a standard and DES the algorithm which is referred to as the DEA (the Data Encryption Algorithm). When spoken, "DES" is either spelled out as an abbreviation (/ËŒdiËËŒiËˈɛs/), or pronounced as a one-syllable acronym (/ˈdÉ›z/).<sup>[<a id="id4624893" href="#ftn.id4624893" class="footnote">20</a>]</sup>
+ </div></div></div></div><div class="section" title="A.2. Public-key Encryption"><div class="titlepage"><div><div><h2 class="title" id="id3059097">A.2. Public-key Encryption</h2></div></div></div><div class="para">
+ Public-key cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Using the techniques of public key-private key cryptography, many methods of protecting communications or authenticating messages formerly unknown have become practical. They do not require a secure initial exchange of one or more secret keys as is required when using symmetric key algorithms. It can also be used to create digital signatures.<sup>[<a id="id2958054" href="#ftn.id2958054" class="footnote">21</a>]</sup>
+ </div><div class="para">
+ Public key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG.<sup>[<a id="id2987766" href="#ftn.id2987766" class="footnote">22</a>]</sup>
+ </div><div class="para">
+ The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s.<sup>[<a id="id4762190" href="#ftn.id4762190" class="footnote">23</a>]</sup>
+ </div><div class="para">
+ In contrast, Symmetric-key algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance.<sup>[<a id="id4603895" href="#ftn.id4603895" class="footnote">24</a>]</sup>
+ </div><div class="para">
+ Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a key-exchange algorithm and transmit data using that key and a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are called hybrid cryptosystems in consequence.<sup>[<a id="id3136551" href="#ftn.id3136551" class="footnote">25</a>]</sup>
+ </div><div class="section" title="A.2.1. Diffie-Hellman"><div class="titlepage"><div><div><h3 class="title" id="id4741086">A.2.1. Diffie-Hellman</h3></div></div></div><div class="para">
+ Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.<sup>[<a id="id4598045" href="#ftn.id4598045" class="footnote">26</a>]</sup>
+ </div><div class="section" title="A.2.1.1. Diffie-Hellman History"><div class="titlepage"><div><div><h4 class="title" id="id3121958">A.2.1.1. Diffie-Hellman History</h4></div></div></div><div class="para">
+ The scheme was first published by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified. In 2002, Hellman suggested the algorithm be called Diffie–Hellman–Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of public-key cryptography (Hellman, 2002).<sup>[<a id="id4679806" href="#ftn.id4679806" class="footnote">27</a>]</sup>
</div><div class="para">
- Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite).<sup>[<a id="id376784" href="#ftn.id376784" class="footnote">28</a>]</sup>
+ Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite).<sup>[<a id="id4651609" href="#ftn.id4651609" class="footnote">28</a>]</sup>
</div><div class="para">
- U.S. Patent 4,200,770, now expired, describes the algorithm and credits Hellman, Diffie, and Merkle as inventors.<sup>[<a id="id472135" href="#ftn.id472135" class="footnote">29</a>]</sup>
- </div></div></div><div class="section" title="A.2.2. RSA"><div class="titlepage"><div><div><h3 class="title" id="id472157">A.2.2. RSA</h3></div></div></div><div class="para">
+ U.S. Patent 4,200,770, now expired, describes the algorithm and credits Hellman, Diffie, and Merkle as inventors.<sup>[<a id="id3111586" href="#ftn.id3111586" class="footnote">29</a>]</sup>
+ </div></div></div><div class="section" title="A.2.2. RSA"><div class="titlepage"><div><div><h3 class="title" id="id3267985">A.2.2. RSA</h3></div></div></div><div class="para">
In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it; see below) is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.
- </div></div><div class="section" title="A.2.3. DSA"><div class="titlepage"><div><div><h3 class="title" id="id472172">A.2.3. DSA</h3></div></div></div><div class="para">
- </div></div><div class="section" title="A.2.4. SSL/TLS"><div class="titlepage"><div><div><h3 class="title" id="id414407">A.2.4. SSL/TLS</h3></div></div></div><div class="para">
- </div></div><div class="section" title="A.2.5. Cramer-Shoup Cryptosystem"><div class="titlepage"><div><div><h3 class="title" id="id414419">A.2.5. Cramer-Shoup Cryptosystem</h3></div></div></div><div class="para">
- </div></div><div class="section" title="A.2.6. ElGamal Encryption"><div class="titlepage"><div><div><h3 class="title" id="id414432">A.2.6. ElGamal Encryption</h3></div></div></div><div class="para">
- </div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id399429" href="#id399429" class="para">15</a>] </sup>
+ </div></div><div class="section" title="A.2.3. DSA"><div class="titlepage"><div><div><h3 class="title" id="id3031918">A.2.3. DSA</h3></div></div></div><div class="para">
+ </div></div><div class="section" title="A.2.4. SSL/TLS"><div class="titlepage"><div><div><h3 class="title" id="id4718176">A.2.4. SSL/TLS</h3></div></div></div><div class="para">
+ </div></div><div class="section" title="A.2.5. Cramer-Shoup Cryptosystem"><div class="titlepage"><div><div><h3 class="title" id="id2987741">A.2.5. Cramer-Shoup Cryptosystem</h3></div></div></div><div class="para">
+ </div></div><div class="section" title="A.2.6. ElGamal Encryption"><div class="titlepage"><div><div><h3 class="title" id="id4604457">A.2.6. ElGamal Encryption</h3></div></div></div><div class="para">
+ </div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><p><sup>[<a id="ftn.id4655542" href="#id4655542" class="para">15</a>] </sup>
"Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id378335" href="#id378335" class="para">16</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id3001834" href="#id3001834" class="para">16</a>] </sup>
"Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id445003" href="#id445003" class="para">17</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id3112660" href="#id3112660" class="para">17</a>] </sup>
"Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id1789126" href="#id1789126" class="para">18</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4694303" href="#id4694303" class="para">18</a>] </sup>
"Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id354155" href="#id354155" class="para">19</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4663715" href="#id4663715" class="para">19</a>] </sup>
"Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id354179" href="#id354179" class="para">20</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4624893" href="#id4624893" class="para">20</a>] </sup>
"Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id483978" href="#id483978" class="para">21</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id2958054" href="#id2958054" class="para">21</a>] </sup>
"Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id484002" href="#id484002" class="para">22</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id2987766" href="#id2987766" class="para">22</a>] </sup>
"Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id494705" href="#id494705" class="para">23</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4762190" href="#id4762190" class="para">23</a>] </sup>
"Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id494730" href="#id494730" class="para">24</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4603895" href="#id4603895" class="para">24</a>] </sup>
"Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id494752" href="#id494752" class="para">25</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id3136551" href="#id3136551" class="para">25</a>] </sup>
"Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id496571" href="#id496571" class="para">26</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4598045" href="#id4598045" class="para">26</a>] </sup>
"Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id376759" href="#id376759" class="para">27</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4679806" href="#id4679806" class="para">27</a>] </sup>
"Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id376784" href="#id376784" class="para">28</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id4651609" href="#id4651609" class="para">28</a>] </sup>
"Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id472135" href="#id472135" class="para">29</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id3111586" href="#id3111586" class="para">29</a>] </sup>
"Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
</p></div></div></div><div xml:lang="en-US" class="appendix" title="Appendix B. Revision History" lang="en-US"><div class="titlepage"><div><div><h1 id="appe-Publican-Revision_History" class="title">Revision History</h1></div></div></div><div class="para">
- <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 13.0-2</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 13.0-5</td><td align="left">Fri Apr 09 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added "Using GPG with Alpine".</td></tr><tr><td>Added "Using GPG with Evolution".</td></tr></table>
+ </td></tr><tr><td align="left">Revision 13.0-4</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired issues regarding untranslatable text in para.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 13.0-3</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Removed the PackageKit vulnerability text seen in Fedora 12.</td></tr></table>
+ </td></tr><tr><td align="left">Revision 13.0-2</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
<table border="0" summary="Simple list" class="simplelist"><tr><td>Added the Revision History to the end of the document.</td></tr><tr><td>Added the Encryption Standards appendix.</td></tr></table>
</td></tr><tr><td align="left">Revision 13.0-1</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
<table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 13 branch.</td></tr></table>
@@ -4315,7 +4336,7 @@
<table border="0" summary="Simple list" class="simplelist"><tr><td>Fixed issues related to Bug 515043.</td></tr></table>
</td></tr><tr><td align="left">Revision 1.0-17</td><td align="left">Mon Jul 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
<table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired vendor information in SPEC.</td></tr></table>
- </td></tr><tr><td align="left">Revision 1.0-16</td><td align="left">Fri Jul 24 2009</td><td align="left"><span class="author"><span class="surname">Fedora Release Engineering</span></span></td></tr><tr><td align="left" colspan="3">
+ </td></tr><tr><td align="left">Revision 1.0-16</td><td align="left">Fri Jul 24 2009</td><td align="left"><span class="author"><span class="firstname">Fedora</span> <span class="surname">Release Engineering</span></span></td></tr><tr><td align="left" colspan="3">
<table border="0" summary="Simple list" class="simplelist"><tr><td>Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild</td></tr></table>
</td></tr><tr><td align="left">Revision 1.0-15</td><td align="left">Tue Jul 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
<table border="0" summary="Simple list" class="simplelist"><tr><td>Added "desktop-file-utils" to BUILDREQUIRES on the spec</td></tr></table>
More information about the docs-commits
mailing list