3. Tcp_wrapper
A tcp_wrapper is a security tool that will enable an
administrator to control what IP addresses can have access to certain
configurable ports. If your system
does not need to be open to the world, then one of the best practices that can
be applied is to install and configure a tcp_wrapper. The latest version of tcp_wrapper is available at ftp://ftp.cert.org/pub/tools/tcp_wrappers/.
You will need to download and compile the source (more information is
available in README files). Some
administrators may consider the tcp_wrapper one of the most valuable tools since
it prevents hackers from gaining login access through conventional means.
The administrator should start with a default "noone can get in" by
adding an "all: all" line in hosts.deny and then specifically grant
access to hosts that need it in hosts.allow.
One feature of tcp_wrapper is the ability to execute your
own script just prior to the system executing a vital program like telnet or
ftp. This allows you to do a number
of things. For example, your script
could log the IP address and domain name of every connection attempt.
It could send you an email if the connection attempt is not what you
might expect. Or, it could even run
finger back to the IP address of the machine that is making the connection.
Obviously, this can be a very powerful tool and allows you to decide who
and who can’t log into your system.
