institutions, and individuals that rely on a “moat mentality” have often
discovered to their dismay that such an approach to security is easily
breached. Make sure that your network operation is accompanied by a
security policy that stresses multiple levels of secure access, with protection
built into every server and workstation—something easily accomplished
when using Linux.Ports
Most servers on your network perform more than one task. For example, web
servers often have to serve both standard and secure pages. You might also be
running an FTP server on the same host. For this reason, applications are
provided ports to use to make “direct” connections for specific software
services. These ports help TCP/IP distinguish services so that data can get to
the correct application. If you check the file /etc/services, you see the
common ports and their usage. For example, for FTP, HTTP, and POP3 (email
retrieval server), you see the following:
Click here to view code image
ftp 21/tcp
http 80/tcp http # WorldWideWeb HTTP
pop3 110/tcp pop-3 # POP version 3
The ports defined in /etc/services in this example are 21 for FTP, 80
for HTTP, and 110 for POP3. Some other common port assignments are 25
for Simple Mail Transfer Protocol (SMTP) and 22 for Secure Shell (SSH)
remote login. Note that these ports are not set in stone, and you can set up
your server to respond to different ports. For example, although port 22 is
listed in /etc/services as a common default for SSH, you can configure
the sshd server to listen on a different port by editing its configuration file,
/etc/ssh/ sshd_config. The default setting (commented out with a
pound sign, #) looks like this:
#Port 22Edit the entry to use a different port, making sure to select an unused port
number, as follows:
Port 2224Save your changes and then restart the sshd server with sudo service
ssh restart. Remote users must now access the host through port 2224 ,
which can be done using ssh’s -p (port) option, like this:
Click here to view code image