Enhancing Network Security with tcp_wrapper

Christopher Bush

More than just the Internet concerns the security-minded systems administrator. The same technology that made the Internet what it is - TCP/IP - has now been widely deployed on private LANs, as more companies have realized the benefits of open systems solutions, and software giants have embraced those solutions and technologies in their product offerings. Now, the same vulnerabilities exist on private internal networks, even if they aren't connected to the Internet. It is widely recognized that most computer security breaches result from attacks within an organization. Even if you are connected to the Internet, and protected by a seemingly impenetrable firewall, you still must protect yourself from attack over the network.

So what does a savvy systems administrator do? You can cross your fingers and hope. You can rely on your network administrator to provide strong network security. Both are bad ideas. You should have an overall enterprise security architecture, which consists of many pieces. Developing an overall security strategy is far beyond the scope of this article. I have, however, provided a list of resources that you may wish to consult as you develop a strategy (see sidebar "UNIX Network Security Resources"). In this article, I will present a detailed description of one of the tactical tools that should be included in any plan to provide solid network security on your UNIX systems. That tool is Wietse Venema's tcp_wrapper (sometimes called log_tcp or tcpd). This article covers the basics of installing and using the software, and more information is contained in an accompanying article on the Sys Admin Web site at: www.s