Choosing an Internet Services Provider
With a BBS, shell account, or on-line service, the dangers are small and minimal. The worst danger (possible with any service, of course) is probably a lightning strike that damages your modem, and possibly your computer. If you download programs directly from the service involved, you may need to think about viruses (none are known on Linux) or Trojan Horses, programs which claim to do one thing and really do another. If you consider censorship a danger, you are most likely to find it in various forms on the on-line services.
With fake IP, the dangers are also rather minimal, but the danger of a remote user breaking into your computer, while remote, now exists. Someone using the same ISP may be able to log into your computer if you don't pay attention to basic security, such as having good passwords for your accounts.
With serial IP, the dangers are very real. Unlike single-user program loaders like DOS and Windows, Linux is designed to function across the network. This power brings the potential for break-ins if security is not maintained. And in order to manage that power, it is best to know a little bit about what you are doing. The Linux Network Administrator's Guide (The NAG) tells you all you need to know to understand how to maintain your network, so have a copy handy.
Of course, you need to maintain good passwords—that should go without saying. Don't run unnecessary services. Read the /etc/inetd.conf file and comment out (by inserting a # character at the beginning of the line) services that you don't need. If you don't want anyone to be able to use telnet to connect to your machine, comment out the line that starts telnetd. If you are confused, read the NAG.
Make sure that you have a file called /etc/securetty. The securetty file controls which terminals root is allowed to log in on, and allowing root logins over the network is a good way to invite break-ins. Make sure that it does not contain any lines starting with ttyp--these are the pseudo-ttys that are used for network logins.
Pay attention to security alerts. Security holes in Linux or Linux distributions are announced on the comp.os.linux.announce newsgroup. Read these announcements and act on them. They contain careful, easy-to-follow instructions on how to close the security hole in question. If you have PGP installed, use it to ascertain that the announcement is genuine before following the instructions.
If you have reason to be even more careful about security, take time to learn about authorization (man tcpd) and firewall software—there are several articles in this issue on that topic.
Pricing structures may have nothing to do with reality. If prices seem too low to believe, they may well be. How much trouble would it be to switch your e-mail to another site if your current provider goes out of business? What about your web site or your home page? Many ISPs have gone out of business in the last year, and the trend doesn't appear to be slowing down yet.
Do you want a local ISP or a national one? There are advantages to both; some people keep two accounts, one local and one national. If your ISP is near you, they will be easier to find. They may know more about people at the local phone company office and know who to talk to to get things done (or fixed) at a local level. By contrast, a national ISP has sites all around the nation that you can call in to, and by being bigger businesses, they may have more resources to provide the right distribution of equipment to meet all their users needs.
You need to decide what level of service you want, and be willing to pay for what you need. If your business depends on your connection, you probably don't want to go with a fly-by-night operation that may or may not be around next week, and may not have as much experience. If you just want to “surf the net” and can deal with trouble or switching providers if necessary, you are likely to be able to pay less—just don't expect the same level of service from all providers, regardless of price.
Also, it's important to understand that there are some things that the ISP can fix, and some things that the ISP can't fix any more than you can. The ISP can provide enough modems that you don't get a busy signal too often, and the ISP should be able to respond as quickly to emergency phone calls as they promise to, however quickly that is. The ISP can't, however, fix the rest of the Internet if their own connection to the Internet is broken by their provider, or make the phone company fix broken phone equipment on your schedule.
The Internet is constantly under construction. Choosing an ISP with multiple connections to the Internet through different providers makes it less likely that your ISP will temporarily loose Internet connectivity through no fault of their own. If your business depends on reliable connections to many different parts of the Internet, choose an ISP with two or three connections to major Internet providers, such as MCI, Sprint, PSI, or ANS.
Troubles will occur. Every ISP has troubles from time to time. You may have the choice of bouncing from one ISP to another. Our recommendation is to stick with one ISP as long as you can, especially if you choose a local ISP, because they can be extra helpful to people they know.
If you absolutely, positively need Internet access all the time, consider keeping a backup account at a different ISP. If you do this, make sure that the backup account is connected to the Internet in a different way than your main ISP. It may even be worth making a long-distance call in an emergency, depending on your need.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide