Linux Networking and Security Chapter 11 Network Security Fundamentals

Summarize the types of network security breaches that crackers attempt Describe how to use special routing techniques to protect local network traffic Configure a basic Linux firewall Use networking utilities and techniques that protect network traffic through encryption

Reviewing Threats to Your Network Trojan Horses are programs concealed within other programs that you intentionally install  Once installed, the host program of the Trojan Horse appears to do one thing, but does another  One means of protection is to install programs from only trustworthy sources Viruses and Worms are designed to replicate themselves once they have been installed  Linux is rarely the subject of virus attacks  Worms pose a greater threat to Linux

Reviewing Threats to Your Network Denial-of-Service (DoS) attacks occur when a cracker overwhelms a system and causes it to shut down, or become unusable  Two common methods are to overwhelm with network traffic and to execute network requests Buffer overflow attacks refer to any cracker attack that exploits a programming flaw  The result can cause a network service to shut down, corrupt data, or provide unexpected access to a system

Reviewing Threats to Your Network Spoofing is the forging of addresses  crackers use IP and DNS spoofing Man-in-the-middle attacks are those in which a cracker intercepts a communication, reads or alters it, and leads the originator of the packet to believe the intended recipient has received it  Another type of this attack is Web spoofing, where a user is linked to a cracker’s site when they believe they are linked to another

Reviewing Threats to Your Network

Using Advanced Routing and Firewalls A firewall typically refers to a packet filter - access control operating at the lowest level of the networking protocol stack Firewalls rely on rules, the configuration settings that define certain characteristics of an IP package and the action to take for packages meeting the specified criteria Networking stacks in Linux are contained in the kernel and advanced routing and firewalls are implemented using the same Linux tools

Using Advanced Routing and Firewalls

Introducing IP Chains The IP Chains feature of Linux allows for the setup of a chain: a list of rules for how packets are handled  Input chains: packets coming from outside the system on which the rule is executed pass through  Forward chains: packets coming from outside the system on which the rule is executed and that need to be routed to another system pass through  Output chains: Packets coming from within the system on which the rule is executed and that are destined for other systems pass through

Introducing IP Chains

Network Address Translation The IP Chains feature also provides special routing functionality, such as Network Address Translation (NAT) NAT is a routing technique that alters address or other header information in a packet One popular type of NAT is IP masquerading, a type of network address translation in which packets from many computers on a LAN appear as if they came from one computer

Network Address Translation

Transparent Proxying Using a proxy server is very similar to IP masquerading, but the proxy works at the application level, not the IP level An alternative to using a proxy server is to is to use the transparent proxy feature of IP Chains and IP Tables Transparent proxy allows for the redirection of a packet based on the port to which the packet is addressed

Transparent Proxying

Graphical Firewall Configuration Utilities Linux supports several graphical tools that can be used to set up a firewall Red Hat Linux includes the lokkit program that walks you through questions and establishes rules based on your security choices Red Hat Linux also includes the firewall-config program, which allows the set up of complex firewall rules

Graphical Firewall Configuration Utilities

Using NetFilter and IP Tables NetFilter is the new and improved Linux packet filtering system and uses a different architecture than IP Chains NetFilter is improved in that it provides hooks at five different points in packet processing A hook refers to the ability to connect another program at that point The list of rules associated with the hooks are similar to IP Chains and are called IP Tables

Using NetFilter and IP Tables IP Table and NetFilter provide:  The ability to act on packets based on their state  Examination and alteration of just about any header field in a packet - this is packet mangling  Selection of packets to be logged based on the value of any header field  Passing of packets to regular Linux programs for further processing outside of the Linux kernel  Implementation of intelligent routing based on Quality of Service (QoS) features

Commercial Firewall Products Many companies have created commercial security products for Linux, some are software, but many are separate hardware A hardware device that is sold specifically to accomplish a purpose is called an appliance Astaro Security Linux is a firewall product that does many of the things NetFilter can do and more, plus it includes web-based tools NetMAX VPN Server Suite is another hardware solution built on Linux

Encrypting Network Traffic The Secure Shell (SSH) package is a client server protocol similar to Telnet The OpenSSH implementation of the SSH is used on most Linux distributions SSH and OpenSSH support two versions:  SSH protocol version 1 (SSH1) uses a public key encryption system to authenticate connections  SSH2 uses a more robust authentication process and also supports strong encryption of all network traffic

Encrypting Network Traffic OpenSSH supports a number of very useful features besides replacing Telnet and rlogin:  The ssh utility can be used to encrypt other network traffic, especially for protocols not inherently secure  Its ability to do port forwarding, which is a routing technique that allows encryption of many other protocols over SSH connections  With more complex configurations, SSH can be used to tunnel from a remote system through a firewall to an internal server

Encrypting Network Traffic

Other Tunneling Protocols

The concept behind using SSH port forwarding is that you can tunnel and insecure protocol inside a secure protocol The Point-to-Point Tunneling Protocol (PPTP) is a standard for creating a virtual private network (VPN)  PPTP uses two communication channels between a client and a server; the first is a control channel, the second carries data and can be encrypted

Other Tunneling Protocols The stunnel package allows for the use of SSL as a transport protocol for other network traffic instead of just HTTP (Web) traffic The following protocols are examples of what can be encrypted using stunnel:  POP3, IMAP, NNTP, SMTP, PPP stunnel can be used from a superserver or directly on the command line

Creating a Virtual Private Network VPNs allow multiple computers to function as part of a single, secure network when parts of the private network are actually separated by a public network such as the Internet A VPN is a like a special application of tunneling, because it lets a group of computers that can be remote to each other act as a single secure LAN by tunneling traffic through specially configured network connections

Creating a VPN

Configuring Security Services

Chapter Summary Trojan Horse programs appear to be normal but perform actions that compromise system security Viruses and worms are self-propagating security problems. Viruses typically attach themselves to data files; worms work independently of other programs Denial-of-Service (DoS) attacks try to block access by legitimate users Buffer overflow attacks rely on a programming oversight to corrupt data or gain unauthorized access by sending unexpected data to a network service

Chapter Summary Spoofing attacks pretend that a data packet is coming from a service or location that is not accurate; the man-in-the-middle attack is is a concern when someone might be able to intercept network traffic Firewalls filter data packets based on their source, destination, protocol, or other aspects of a packet’s makeup; a Linux firewall is controlled through the Linux kernel Linux firewalls are created using IP Chains, or IP Tables; both let a system administrator add rules to control which packets are accepted or discarded

Chapter Summary Rules used by firewalls define characteristics of IP packets and how to handle matching packets IP masquerading is a type of network address translation that lets multiple users access to an external network such as the Internet through a single system acting as though it were generating all of the traffic; transparent proxy lets you redirect packets to different ports Programs for setting up and managing firewall rules are included in Red Hat Linux; these include lokkit and firewall- config

Chapter Summary IP Tables provide several routing and security features that IP Chains did not include, such as packet mangling and support for Quality of Service/Type of Service flags Many commercial firewall products are available for Linux; some are software and some are dedicated security appliances The Secure Shell protocol (SSH), implemented in the OpenSSH package, provides an encrypted replacement for Telnet, as well as encrypted communications for many other protocols using the port forwarding feature of SSH

Chapter Summary SSH uses either RSA or DSA public-key cryptography plus a symmetric cipher such as AES The PPTP protocol was developed by Microsoft to implement a Windows VPN; PPTP uses an encrypted PPP session plus a separate control channel The stunnel package uses the SSL protocol to encrypt other protocols such as POP3 and IMAP; stunnel can be used from a superserver or directly on the command line Tunneling one TCP-based protocol inside another can cause delays and dropped connections

Chapter Summary Linux security features can be used to create an effective virtual private network (VPN); Many companies sell dedicated VPN appliances based on Linux Many Webmin modules are available to help configure security services on Linux