Tuesday, April 27, 2010

Secure network with kernel features

You can configure /etc/sysctl.conf to enable certain kernel options that will help your network be more secure:
# Ignore ICMP broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
#
# Ignore bogus ICMP errors
net.ipv4.icmp_ignore_bogus_error_responses = 1
#
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
#
# Do not send ICMP redirects (we are not a router)
net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not
# a router)
net.ipv4.conf.all.accept_source_route = 0

No comments :

Post a Comment