Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 600212 Details for
Bug 842936
Empty sections in Security Guide
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
A patch for the patch
Basic_Hardening.xml.patch2 (text/plain), 5.85 KB, created by
eric
on 2012-07-25 02:39:46 UTC
(
hide
)
Description:
A patch for the patch
Filename:
MIME Type:
Creator:
eric
Created:
2012-07-25 02:39:46 UTC
Size:
5.85 KB
patch
obsolete
>diff --git a/en-US/Basic_Hardening.xml b/en-US/Basic_Hardening.xml >index 6bff15b..b9b750e 100644 >--- a/en-US/Basic_Hardening.xml >+++ b/en-US/Basic_Hardening.xml >@@ -43,16 +43,16 @@ > <section id="sect-Security_Guide-Basic_Hardening-Networking"> > <title>Networking</title> > <para>The computer's network connection is the gateway to your system. Your files and processor time could be available to anyone who successfully connects to your system via this network connection if other safeguards have not been implemented. One of the primary ways to keep you in control of your system is to prevent the attackers from gaining access to your system in the first place.</para> >- <section id="sect-Security_Guide-Basic_Hardening-Networking-IPTables"> >- <title>IPTables</title> >- <para><application>IPTables</application> is the most widely used firewall software on Linux systems today. This program intercepts packets coming into your computer via the network connection and filters them according to rules you have specified. Additional information can be found in <xref linkend="sect-Security_Guide-IPTables" />.</para> >+ <section id="sect-Security_Guide-Basic_Hardening-Networking-iptables"> >+ <title>iptables</title> >+ <para><application>iptables</application> is the most widely used firewall software on Linux systems today. This program intercepts packets coming into your computer via the network connection and filters them according to rules you have specified. Additional information can be found in <xref linkend="sect-Security_Guide-IPTables" />.</para> > </section> > <section id="sect-Security_Guide-Basic_Hardening-Networking-IPv6"> > <title>IPv6</title> > <para>IPv6 is the latest Internet protocol which aims to solve the address quantity shortfall inherent to IPv4. And while there are no security risks directly associated with the new protocol there are a few things to understand before utilizing this new technology.</para> >- <para>Most system administrators are familiar with IPv4 and the work-arounds that were put in place to make IPv4 work. One of these work-arounds is network address translation, or NAT. NAT is traditionally used to keep the number of needed public IP addresses to a minimum when setting up a local area network. Systems on these networks don't all require public IP addresses and valuable address space can be saved by implementing this technology. There are some security features that were side effects to NAT; the biggest being that outside traffic cannot make it inside the network unless a port is forwarded across the router. Because IPv6 solves the addressing problem there is no longer a need to use NAT. Everything can have a public IP address and, by extension, everything is not publically routable across the Internet when physical and logical connections are made.</para> >- <para>Another thing to worry about is how security software deals with this new protocol. <application>IPTables</application> doesn't know or understand IPv6 and so it ignores those packets altogether. That means if your network is utilizing IPv6 and you haven't activated <application>IP6Tables</application> then you have just left the door to your system open to the world.</para> >- <para>Using IPv6 isn't dangerous as long as you know and understand the changes that your system's software went through to make it possible to use this new network protocol.</para> >+ <para>Most system administrators are familiar with IPv4 and the work-arounds that were put in place to make IPv4 work. One of these work-arounds is network address translation, or <firstterm>NAT</firstterm>. NAT is traditionally used to keep the number of needed public IP addresses to a minimum when setting up a local area network. Systems on these networks do not all require public IP addresses and valuable address space can be saved by implementing this technology. There are some security features that were side effects to NAT; the biggest being that outside traffic cannot make it inside the network unless a port is forwarded across the router. Because IPv6 solves the addressing problem there is no longer a need to use NAT. Everything can have a public IP address and, by extension, everything is not publically routable across the Internet when physical and logical connections are made.</para> >+ <para>Another thing to worry about is how security software deals with this new protocol. <application>iptables</application> does not know or understand IPv6 and so it ignores those packets altogether. That means if your network is utilizing IPv6 and you have not activated <application>ip6tables</application> then you have just left the door to your system open to the world.</para> >+ <para>Using IPv6 is not dangerous as long as you know and understand the changes that your system's software went through to make it possible to use this new network protocol.</para> > </section> > </section> > <section id="sect-Security_Guide-Basic_Hardening-Up_to_date"> >diff --git a/en-US/Revision_History.xml b/en-US/Revision_History.xml >index 277989e..5787e5d 100644 >--- a/en-US/Revision_History.xml >+++ b/en-US/Revision_History.xml >@@ -7,6 +7,20 @@ > <simpara> > <revhistory> > <revision> >+ <revnumber>18.0-1</revnumber> >+ <date>Tue July 24 2012</date> >+ <author> >+ <firstname>Eric</firstname> >+ <surname>Christensen</surname> >+ <email>sparks@fedoraproject.org</email> >+ </author> >+ <revdescription> >+ <simplelist> >+ <member>Fixed Basic Hardening chapter (BZ 841825 and 693620).</member> >+ </simplelist> >+ </revdescription> >+ </revision> >+ <revision> > <revnumber>17.0-1</revnumber> > <date>Tue January 24 2012</date> > <author>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=600212">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 842936
:
600205
| 600212 |
600217